Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 63D36CD4 for ; Wed, 9 Dec 2015 21:16:02 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f179.google.com (mail-io0-f179.google.com [209.85.223.179]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3F01FE5 for ; Wed, 9 Dec 2015 21:16:01 +0000 (UTC) Received: by iouu10 with SMTP id u10so75402127iou.0 for ; Wed, 09 Dec 2015 13:16:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UCnx1cNiJ7NevUSO6rqoO8lL24nmWlBcf/CWL9Un+gw=; b=BoqWXYaUZQbHfZ/7eLMPtcuqz3KZxg9Ui1CSSb8UOK8k+ieR7HUKqXWUXW505nXhgs CCmzFYkfiO/sb+BX7nq7JOrarWF9tPcNtjeQHykonNE9YRUifeMo6WEWqj0/eCgT434z hUrnuYTeCwC6bN1/irJJLXNmTnyEDV/1IHbBGiYqzhSaRcrsnWo/XL+yby2miS1pqgs0 A/u8YxbEXZLWopSUHvEWH+oBocpRix1rf/CDOEuz6TGov13vgrHAYbxOmCJhmRQOZRwP L25AlGX9p5H21UuyY/1dZzRG40qvVK0W8w/Ju7jgJW4cNdhuveKVQyNuoYhJu5XpI1FC ODwQ== MIME-Version: 1.0 X-Received: by 10.107.169.202 with SMTP id f71mr7713421ioj.154.1449695760661; Wed, 09 Dec 2015 13:16:00 -0800 (PST) Received: by 10.64.252.168 with HTTP; Wed, 9 Dec 2015 13:16:00 -0800 (PST) Received: by 10.64.252.168 with HTTP; Wed, 9 Dec 2015 13:16:00 -0800 (PST) In-Reply-To: References: Date: Thu, 10 Dec 2015 05:16:00 +0800 Message-ID: From: Loi Luu To: Akiva Lichtner Content-Type: multipart/alternative; boundary=001a1142789ed8c55d05267d98a6 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 09 Dec 2015 21:18:11 +0000 Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Scaling by Partitioning X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 21:16:02 -0000 --001a1142789ed8c55d05267d98a6 Content-Type: text/plain; charset=UTF-8 I guess the most basic question is how do you define a coin here? Thanks, Loi Luu On 10 Dec 2015 2:26 a.m., "Akiva Lichtner" wrote: > Thanks for giving serious consideration to my post. > > With regard to your question "if a transaction spends a "coin" that > ends in "1" and creates a new coin that ends in "1", which partition > should process the transaction?", I would answer that only one > partition is involved. In other words, there are N independent block > chains that never cross paths. > > With regard to your question "what is the prior data needed to > validate that kind of TXs?" I do not understand what this means. If > you can dumb it down a bit that would be good because there could be > some interesting concern in this question. > > Since partitions are completely segregated, there is no need for a > node to work on multiple partitions simultaneously. For attacks to be > defeated a node needs to be able to work on multiple partitions in > turn, not at the same time. The reason is because if the computing > power of the good-faith nodes is unbalanced this gives attackers an > unfair advantage. > > On 12/9/15, Loi Luu via bitcoin-dev > wrote: > > Dear Akiva, > > > > Its Loi Luu, one of the authors of the SCP protocol ( > > http://eprint.iacr.org/2015/1168.pdf ). > > > > Before SCP, we had been thinking hard about how to do sharding > efficiently > > without degrading any security guarantee. A simple solution which splits > > the coins, or TXs in to several partitions will just not work. You have > to > > answer more questions to have a good solutions. For example, I wonder in > > your proposal, if a transaction spends a "coin" that ends in "1" and > > creates a new coin that ends in "1", which partition should process the > > transaction? What is the prior data needed to validate that kind of TXs? > > > > The problem with other proposals, and probably yours as well, that we > see > > is that the amount of data that you need to broadcast immediately to the > > network increases linearly with the number of TXs that the network can > > process. Thus, sharding does not bring any advantage than simply using > > other techniques to publish more blocks in one epoch (like Bitcoin-NG, > > Ghost). The whole point of using sharding/ partition is to localize > > the bandwidth used, and only broadcast only a minimal data to the > network. > > > > Clearly we are able to localize the bandwidth used with our SCP protocol. > > The cost is that now recipients need to themselves verify whether a > > transaction is double spending. However, we think that it is a reasonable > > tradeoff, given the potential scalability that SCP can provides. > > > > Thanks, > > Loi Luu. > > > > On Wed, Dec 9, 2015 at 12:27 AM, Akiva Lichtner via bitcoin-dev < > > bitcoin-dev@lists.linuxfoundation.org> wrote: > > > >> Hello, > >> > >> I am seeking some expert feedback on an idea for scaling Bitcoin. As a > >> brief introduction: I work in the payment industry and I have twenty > >> years' > >> experience in development. I have some experience with process groups > and > >> ordering protocols too. I think I understand Satoshi's paper but I admit > >> I > >> have not read the source code. > >> > >> The idea is to run more than one simultaneous chain, each chain > defeating > >> double spending on only part of the coin. The coin would be partitioned > >> by > >> radix (or modulus, not sure what to call it.) For example in order to > >> multiply throughput by a factor of ten you could run ten parallel > chains, > >> one would work on coin that ends in "0", one on coin that ends in "1", > >> and > >> so on up to "9". > >> > >> The number of chains could increase automatically over time based on the > >> moving average of transaction volume. > >> > >> Blocks would have to contain the number of the partition they belong to, > >> and miners would have to round-robin through partitions so that an > >> attacker > >> would not have an unfair advantage working on just one partition. > >> > >> I don't think there is much impact to miners, but clients would have to > >> send more than one message in order to spend money. Client messages will > >> need to enumerate coin using some sort of compression, to save space. > >> This > >> seems okay to me since often in computing client software does have to > >> break things up in equal parts (e.g. memory pages, file system blocks,) > >> and > >> the client software could hide the details. > >> > >> Best wishes for continued success to the project. > >> > >> Regards, > >> Akiva > >> > >> P.S. I found a funny anagram for SATOSHI NAKAMOTO: "NSA IS OOOK AT MATH" > >> > >> > >> _______________________________________________ > >> bitcoin-dev mailing list > >> bitcoin-dev@lists.linuxfoundation.org > >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >> > >> > > > --001a1142789ed8c55d05267d98a6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I guess the most basic question is how do you define a coin = here?

Thanks,
Loi Luu

On 10 Dec 2015 2:26 a.m., "Akiva Lichtner&q= uot; <akiva.lichtner@gmail.c= om> wrote:
Th= anks for giving serious consideration to my post.

With regard to your question "if a transaction spends a "coin&quo= t; that
ends in "1" and creates a new coin that ends in "1", wh= ich partition
should process the transaction?", I would answer that only one
partition is involved. In other words, there are N independent block
chains that never cross paths.

With regard to your question "what is the prior data needed to
validate that kind of TXs?" I do not understand what this means. If you can dumb it down a bit that would be good because there could be
some interesting concern in this question.

Since partitions are completely segregated, there is no need for a
node to work on multiple partitions simultaneously. For attacks to be
defeated a node needs to be able to work on multiple partitions in
turn, not at the same time. The reason is because if the computing
power of the good-faith nodes is unbalanced this gives attackers an
unfair advantage.

On 12/9/15, Loi Luu via bitcoin-dev
<bitcoin-dev@li= sts.linuxfoundation.org> wrote:
> Dear Akiva,
>
> Its Loi Luu, one of the authors of the SCP protocol (
> http://eprint.iacr.org/2015/1168.pdf ).
>
> Before SCP, we had been thinking hard about how to do sharding efficie= ntly
> without degrading any security guarantee. A simple solution which spli= ts
> the coins, or TXs in to several partitions will just not work. You hav= e to
> answer more questions to have a good solutions. For example, I wonder = in
> your proposal, if a transaction spends a "coin" that ends in= "1" and
> creates a new coin that ends in "1", which partition should = process the
> transaction? What is the prior data needed to validate that kind of TX= s?
>
> The problem with other proposals, and probably yours as well,=C2=A0 th= at we see
> is that the amount of data that you need to broadcast immediately to t= he
> network increases linearly with the number of TXs that the network can=
> process. Thus, sharding does not bring any advantage than simply using=
> other techniques to publish more blocks in one epoch (like Bitcoin-NG,=
> Ghost). The whole point of using sharding/ partition is to localize > the bandwidth used, and only broadcast only a minimal data to the netw= ork.
>
> Clearly we are able to localize the bandwidth used with our SCP protoc= ol.
> The cost is that now recipients need to=C2=A0 themselves verify whethe= r a
> transaction is double spending. However, we think that it is a reasona= ble
> tradeoff, given the potential scalability that SCP can provides.
>
> Thanks,
> Loi Luu.
>
> On Wed, Dec 9, 2015 at 12:27 AM, Akiva Lichtner via bitcoin-dev < > bitcoin-dev@l= ists.linuxfoundation.org> wrote:
>
>> Hello,
>>
>> I am seeking some expert feedback on an idea for scaling Bitcoin. = As a
>> brief introduction: I work in the payment industry and I have twen= ty
>> years'
>> experience in development. I have some experience with process gro= ups and
>> ordering protocols too. I think I understand Satoshi's paper b= ut I admit
>> I
>> have not read the source code.
>>
>> The idea is to run more than one simultaneous chain, each chain de= feating
>> double spending on only part of the coin. The coin would be partit= ioned
>> by
>> radix (or modulus, not sure what to call it.) For example in order= to
>> multiply throughput by a factor of ten you could run ten parallel = chains,
>> one would work on coin that ends in "0", one on coin tha= t ends in "1",
>> and
>> so on up to "9".
>>
>> The number of chains could increase automatically over time based = on the
>> moving average of transaction volume.
>>
>> Blocks would have to contain the number of the partition they belo= ng to,
>> and miners would have to round-robin through partitions so that an=
>> attacker
>> would not have an unfair advantage working on just one partition.<= br> >>
>> I don't think there is much impact to miners, but clients woul= d have to
>> send more than one message in order to spend money. Client message= s will
>> need to enumerate coin using some sort of compression, to save spa= ce.
>> This
>> seems okay to me since often in computing client software does hav= e to
>> break things up in equal parts (e.g. memory pages, file system blo= cks,)
>> and
>> the client software could hide the details.
>>
>> Best wishes for continued success to the project.
>>
>> Regards,
>> Akiva
>>
>> P.S. I found a funny anagram for SATOSHI NAKAMOTO: "NSA IS OO= OK AT MATH"
>>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-d= ev@lists.linuxfoundation.org
>> https://lists.linuxfoundation= .org/mailman/listinfo/bitcoin-dev
>>
>>
>
--001a1142789ed8c55d05267d98a6--