Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 335F6919 for ; Thu, 28 Jul 2016 16:41:51 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f173.google.com (mail-io0-f173.google.com [209.85.223.173]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 699212AA for ; Thu, 28 Jul 2016 16:41:50 +0000 (UTC) Received: by mail-io0-f173.google.com with SMTP id 38so104909394iol.0 for ; Thu, 28 Jul 2016 09:41:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=SziFRQVFydnm1NRGi6YT3CznUFXkLigg8Y95Xd0mU0E=; b=TgpueF+pvYDBG/YFky7kV4qgDc+uMM9dSyhjsgeTTfP5T84hd28z8Ar3VNe+X/zgTg ruhfEq9ksNltGK4ZzMuVDR+4atISo9GbO+grJ1RiQ4V6Q2mJYx/Zl0UQqI4lpUbMzWX1 igZ0L9J2fpCDkNzAq+tc2I9au9Y+zxGmXbRr0GSuQHf16zE0smD+iS5chfeHIHjTBM0s 9be+CqGzTvT17hmow/i1ESCoraj0h5NwwAYXgzG+fqNjScBJeJFvlPe/9dlRRVYuVkCy 89YgAwuyPBZ4KTj0AzarnnYVAtxB7UYWsmtlg0l3bkh9dP5d4Ra9g8LDrso5fQEq24m+ sKFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=SziFRQVFydnm1NRGi6YT3CznUFXkLigg8Y95Xd0mU0E=; b=Yx3PsGkOBhxFjs1vZ47UVi3n3s84Cp7aJDMGrVrmyYaGuCH/lRF6l45SQQxeikZoVy bQe2F1n6rTAgLF9A+wZVJNfawA3JX7aL1Vve3/fUnJC1+M4vFCQ0SjKWru8ZjN8cg8xT ItydysbTZzMMaGW14jEraoWfywGBAWt3mhu7y+hZ9PPg+c8YjxLsaxw5gj27SwPDthg/ v2SWJoTiqUsUE2gTNVxZXaKrgXUJp3+aYcy84D8/16d/b/hy3fUvMd+I4K2AUGnWGOnr MquWIi6ixa9ypDrFhAQH8VQ0Gead9cmUO8j7IMUJHum7MJLoE+pJ3HXufJFDIpf4L0Oi qjPQ== X-Gm-Message-State: AEkoouv5jmgfO7yXEdonPnl8Ok1c5LcrWs1lLPd8Nn/1GuSkyP+suxfMs6kutTrkqwiWmck/fobGEQtbMSySWA== X-Received: by 10.107.128.25 with SMTP id b25mr43195864iod.110.1469724109530; Thu, 28 Jul 2016 09:41:49 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.80.15 with HTTP; Thu, 28 Jul 2016 09:41:48 -0700 (PDT) In-Reply-To: References: From: Moral Agent Date: Thu, 28 Jul 2016 12:41:48 -0400 Message-ID: To: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary=001a113fb596776ec10538b4cf68 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 28 Jul 2016 16:46:30 +0000 Subject: Re: [bitcoin-dev] Reasons to add sync flags to Bitcoin X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2016 16:41:51 -0000 --001a113fb596776ec10538b4cf68 Content-Type: text/plain; charset=UTF-8 If there is concern about the block-with-valid-header-but-invalid-transactions-spam-attack, I have a strategy using sync flags that may drastically reduce the problem. Sync flags documented here: https://github.com/moral-agent/sync_flags/blob/master/README.md) The strategy to defeat the above attack is illustrated here: https://s32.postimg.org/e94tqdqat/sync_flag_invalid_block.png The key is to relax the requirement that a flag commit to a completely valid block. The flag is valid if it commits to a valid block header, even if the block body is invalid. From the perspective of an individual miner, they can safely commence mining a flag the moment they obtain (or discover) a valid block header. As soon as the spam is discovered, miners can choose to either abandon the flag and return to mining on the previous block, or they can continue mining on the flag. It's difficult for me to game out which of these strategies would be preferable. My first thought is that the miners should have the incentive to mine whichever option has the fewest miners, which should result in a 50/50 split. However, the miners who continue mining the flag have a chance of ending up in a situation where they mine the flag before anyone mines a valid block. If this happens, it is sub-optimal for them. They can start mining for the next valid block but if someone else broadcasts a valid block header they will be in the same pickle that miners under the current protocol are: they must either keep mining for a valid block, or SPV mine the newly arrived block while they do validation. The third option, of mining a flag, is not available to them, because the flag has already been mined for this cycle. As a result of the above, it may be most rational for miners to (upon learning that they are mining a flag on top of an invalid block) split their hashpower unevenly between the flag and continuing to mine for a valid block. The hashpower split reflects their estimates of the cost of the above negative outcome. I think the split would be pretty close to 50/50, but deviations from 50/50 would not necessarily be bad. For example, if they split 52/48, with more hashpower toward finding the valid block instead of the flag, then that decreases the likelyhood that the flag will be discovered before the next valid block, which is good for all of the miners. So it's a nice positive feedback. ***** This approach mostly neutralizes the harm done by the (currently very rare) invalid block spam attack. As a kind of amazing side effect, the work done to produce the spam is incorporated into the blockchain cumulative Proof of Work, and the spammer is not paid for this contribution. --001a113fb596776ec10538b4cf68 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
If there is concern about the b= lock-with-valid-header-but-invalid-transactions-spam-attack, I have a strat= egy using sync flags that may drastically reduce the problem.

Sync flags document= ed here:

https://github.com/moral-agent/sync_flags/blob/master/README.md)

The stra= tegy to defeat the above attack is illustrated here:

The key is to relax the requirement that= a flag commit to a completely valid block. The flag is valid if it commits= to a valid block header, even if the block body is invalid.

From the perspective= of an individual miner, they can safely commence mining a flag the moment = they obtain (or discover) a valid block header.

As soon as the spam is discovered= , miners can choose to either abandon the flag and return to mining on the = previous block, or they can continue mining on the flag.

It's difficult for m= e to game out which of these strategies would be preferable. My first thoug= ht is that the miners should have the incentive to mine whichever option ha= s the fewest miners, which should result in a 50/50 split.

However, the miners w= ho continue mining the flag have a chance of ending up in a situation where= they mine the flag before anyone mines a valid block. If this happens, it = is sub-optimal for them. They can start mining for the next valid block but= if someone else broadcasts a valid block header they will be in the same p= ickle that miners under the current protocol are: they must either keep min= ing for a valid block, or SPV mine the newly arrived block while they do va= lidation. The third option, of mining a flag, is not available to them, bec= ause the flag has already been mined for this cycle.

As a result of the above, it= may be most rational for miners to (upon learning that they are mining a f= lag on top of an invalid block) split their hashpower unevenly between the = flag and continuing to mine for a valid block. The hashpower split reflects= their estimates of the cost of the above negative outcome. I think the spl= it would be pretty close to 50/50, but deviations from 50/50 would not nece= ssarily be bad. For example, if they split 52/48, with more hashpower towar= d finding the valid block instead of the flag, then that decreases the like= lyhood that the flag will be discovered before the next valid block, which = is good for all of the miners. So it's a nice positive feedback.
<= div class=3D"gmail_extra">
*****

This app= roach mostly neutralizes the harm done by the (currently very rare) invalid= block spam attack. As a kind of amazing side effect, the work done to prod= uce the spam is incorporated into the blockchain cumulative Proof of Work, = and the spammer is not paid for this contribution.
--001a113fb596776ec10538b4cf68--