Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YOrUX-0006yo-KL for bitcoin-development@lists.sourceforge.net; Fri, 20 Feb 2015 17:35:53 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.181 as permitted sender) client-ip=209.85.216.181; envelope-from=adam.back@gmail.com; helo=mail-qc0-f181.google.com; Received: from mail-qc0-f181.google.com ([209.85.216.181]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YOrUW-0001vf-JP for bitcoin-development@lists.sourceforge.net; Fri, 20 Feb 2015 17:35:53 +0000 Received: by qcxm20 with SMTP id m20so1842965qcx.0 for ; Fri, 20 Feb 2015 09:35:47 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.140.31.246 with SMTP id f109mr24654661qgf.23.1424453747181; Fri, 20 Feb 2015 09:35:47 -0800 (PST) Sender: adam.back@gmail.com Received: by 10.96.150.233 with HTTP; Fri, 20 Feb 2015 09:35:47 -0800 (PST) In-Reply-To: References: Date: Fri, 20 Feb 2015 17:35:47 +0000 X-Google-Sender-Auth: HyNbYOMuNkIKeFI9tjHRcxUIdrk Message-ID: From: Adam Back To: Mike Hearn Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (adam.back[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YOrUW-0001vf-JP Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] bloom filtering, privacy X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 17:35:53 -0000 Mike Hearn wrote: > Adam Back wrote: > > Its seems surprising no one thought of it > > that way before (as it seems obvious when you hear it) but that seems > > to address the privacy issues as the user can fetch the block bloom > > filters and then scan it in complete privacy. > > And then what? So you know the block matches. But with reasonable FP > rates every block will match at least a few transactions (this is already the > case - the FP rate is low but high enough that we get back FPs on nearly > every block). So you end up downloading every block? I mean because the user is scanning he can binary search which set of addresses from his wallet are possibly in the block and then request the specific addresses and some will be false positives and some real, but with the bloom commitment (and UTXO trie organised commitment) he can verify that the positive hits are correct via the merkle path, and that the false positives are not being wrongly withheld by obtaining merkle path proof that they are not in the trie. Adam On 20 February 2015 at 16:54, Mike Hearn wrote: > Hey Adam, > >> >> Mike had posted a detailed response on the topic on why its complex >> and becomes bandwidth inefficient to improve it usefully. > > > To clarify, we could improve privacy and still preserve usefully high > performance, it's just a lot of complicated programming work. You need to > find out from the OS how much bandwidth you have to play with, for example, > and do all the very complex tracking to surf the wave and keep yourself in > roughly the right place. > >> The basic summary of which I think is that its not even intended to >> provide any practical privacy protection, its just about compacting >> the query for a set of addresses. > > > The original intent of Bloom filtering was to allow both. We want our cake > and we want to eat it. > > The protocol can still do that, with sufficiently smart clients. The problem > is that being sufficiently smart in this regard has never come to the top of > the TODO list - users are always complaining about other things, so those > things are what gets priority. > > It's not IMO a protocol issue per se. It's a code complexity and manpower > issue. > >> >> Its seems surprising no one thought of it >> that way before (as it seems obvious when you hear it) but that seems >> to address the privacy issues as the user can fetch the block bloom >> filters and then scan it in complete privacy. > > > And then what? So you know the block matches. But with reasonable FP rates > every block will match at least a few transactions (this is already the case > - the FP rate is low but high enough that we get back FPs on nearly every > block). So you end up downloading every block? That won't work. > > Eventually, wallets need to stop doing linear scans of the entire block > chain to find tx data. That worked fine when blocks were 10kb, it's still > working OK even though we scaled through two orders of magnitude, but we can > imagine that if we reach 10mb blocks then this whole approach will just be > too slow. > > The main reason wallets are scanning the chain today (beyond lack of > protocol support for querying the UTXO set by script), is that they want to > show users time-ordered lists of transactions. Financial apps should show > you payment histories, everyone knows this, and without knowing roughly when > a tx happened and which inputs/outputs were mine, providing a useful > rendering is hard. Even with this data the UI is pretty useless, but at > least it's not actually missing. > > By combining Subspace and BIP70 we can finally replace the payments list UI > with actual proper metadata that isn't extracted from the block chain, and > at that point non-scanning architectures become a lot more deployable.