Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bitpay.com
	designates 209.85.218.45 as permitted sender)
	client-ip=209.85.218.45; envelope-from=jgarzik@bitpay.com;
	helo=mail-oi0-f45.google.com; 
MIME-Version: 1.0
In-Reply-To: <CANJO25+qURmDzsMgnm7+tsw7icFO--gWhmKmQPuNQCoh_R2big@mail.gmail.com>
References: <CANJO25J1WRHtfQLVXUB2s_sjj39pTPWmixAcXNJ3t-5os8RPmQ@mail.gmail.com>
	<CANJO25JTtfmfsOQYOzJeksJn3CoKE3W8iLGsRko-_xd4XhB3ZA@mail.gmail.com>
	<CAJHLa0O5OxaX5g3u=dnCY6Lz_gK3QZgQEPNcWNVRD4JziwAmvg@mail.gmail.com>
	<20150512171640.GA32606@savin.petertodd.org>
	<CAE-z3OV3VdSoiTSfASwYHr1CjZSqio303sqGq_1Y9yaYgov2sw@mail.gmail.com>
	<CAAS2fgRzGkcJbWbJmFN2-NSJGUcLdPKp0q7FjM0x7WDvHoRq=g@mail.gmail.com>
	<CANJO25+qURmDzsMgnm7+tsw7icFO--gWhmKmQPuNQCoh_R2big@mail.gmail.com>
From: Jeff Garzik <jgarzik@bitpay.com>
Date: Tue, 12 May 2015 12:38:20 -0700
Message-ID: <CAJHLa0PDbxuqRHuGNhsyvLpAaDq=ZHSg_u-Sb7FqNVnYrhFkFg@mail.gmail.com>
To: gabe appleton <gappleto97@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c24d803ec3420515e7a432
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposed additional options for pruned
	nodes
Precedence: list

--001a11c24d803ec3420515e7a432
Content-Type: text/plain; charset=UTF-8

One general problem is that security is weakened when an attacker can DoS a
small part of the chain by DoS'ing a small number of nodes - yet the impact
is a network-wide DoS because nobody can complete a sync.


On Tue, May 12, 2015 at 12:24 PM, gabe appleton <gappleto97@gmail.com>
wrote:

> 0, 1, 3, 4, 5, 6 can be solved by looking at chunks chronologically. Ie,
> give the signed (by sender) hash of the first and last block in your range.
> This is less data dense than the idea above, but it might work better.
>
> That said, this is likely a less secure way to do it. To improve upon
> that, a node could request a block of random height within that range and
> verify it, but that violates point 2. And the scheme in itself definitely
> violates point 7.
> On May 12, 2015 3:07 PM, "Gregory Maxwell" <gmaxwell@gmail.com> wrote:
>
>> It's a little frustrating to see this just repeated without even
>> paying attention to the desirable characteristics from the prior
>> discussions.
>>
>> Summarizing from memory:
>>
>> (0) Block coverage should have locality; historical blocks are
>> (almost) always needed in contiguous ranges.   Having random peers
>> with totally random blocks would be horrific for performance; as you'd
>> have to hunt down a working peer and make a connection for each block
>> with high probability.
>>
>> (1) Block storage on nodes with a fraction of the history should not
>> depend on believing random peers; because listening to peers can
>> easily create attacks (e.g. someone could break the network; by
>> convincing nodes to become unbalanced) and not useful-- it's not like
>> the blockchain is substantially different for anyone; if you're to the
>> point of needing to know coverage to fill then something is wrong.
>> Gaps would be handled by archive nodes, so there is no reason to
>> increase vulnerability by doing anything but behaving uniformly.
>>
>> (2) The decision to contact a node should need O(1) communications,
>> not just because of the delay of chasing around just to find who has
>> someone; but because that chasing process usually makes the process
>> _highly_ sybil vulnerable.
>>
>> (3) The expression of what blocks a node has should be compact (e.g.
>> not a dense list of blocks) so it can be rumored efficiently.
>>
>> (4) Figuring out what block (ranges) a peer has given should be
>> computationally efficient.
>>
>> (5) The communication about what blocks a node has should be compact.
>>
>> (6) The coverage created by the network should be uniform, and should
>> remain uniform as the blockchain grows; ideally it you shouldn't need
>> to update your state to know what blocks a peer will store in the
>> future, assuming that it doesn't change the amount of data its
>> planning to use. (What Tier Nolan proposes sounds like it fails this
>> point)
>>
>> (7) Growth of the blockchain shouldn't cause much (or any) need to
>> refetch old blocks.
>>
>> I've previously proposed schemes which come close but fail one of the
>> above.
>>
>> (e.g. a scheme based on reservoir sampling that gives uniform
>> selection of contiguous ranges, communicating only 64 bits of data to
>> know what blocks a node claims to have, remaining totally uniform as
>> the chain grows, without any need to refetch -- but needs O(height)
>> work to figure out what blocks a peer has from the data it
>> communicated.;   or another scheme based on consistent hashes that has
>> log(height) computation; but sometimes may result in a node needing to
>> go refetch an old block range it previously didn't store-- creating
>> re-balancing traffic.)
>>
>> So far something that meets all those criteria (and/or whatever ones
>> I'm not remembering) has not been discovered; but I don't really think
>> much time has been spent on it. I think its very likely possible.
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>


-- 
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/

--001a11c24d803ec3420515e7a432
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">One general problem is that security is weakened when an a=
ttacker can DoS a small part of the chain by DoS&#39;ing a small number of =
nodes - yet the impact is a network-wide DoS because nobody can complete a =
sync.<div><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmai=
l_quote">On Tue, May 12, 2015 at 12:24 PM, gabe appleton <span dir=3D"ltr">=
&lt;<a href=3D"mailto:gappleto97@gmail.com" target=3D"_blank">gappleto97@gm=
ail.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir=3D"l=
tr">0, 1, 3, 4, 5, 6 can be solved by looking at chunks chronologically. Ie=
, give the signed (by sender) hash of the first and last block in your rang=
e. This is less data dense than the idea above, but it might work better. <=
/p>
<p dir=3D"ltr">That said, this is likely a less secure way to do it. To imp=
rove upon that, a node could request a block of random height within that r=
ange and verify it, but that violates point 2. And the scheme in itself def=
initely violates point 7.</p><div class=3D"HOEnZb"><div class=3D"h5">
<div class=3D"gmail_quote">On May 12, 2015 3:07 PM, &quot;Gregory Maxwell&q=
uot; &lt;<a href=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@g=
mail.com</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex">It&#39;s a little frustrating to see this just repeated without even<br=
>
paying attention to the desirable characteristics from the prior<br>
discussions.<br>
<br>
Summarizing from memory:<br>
<br>
(0) Block coverage should have locality; historical blocks are<br>
(almost) always needed in contiguous ranges.=C2=A0 =C2=A0Having random peer=
s<br>
with totally random blocks would be horrific for performance; as you&#39;d<=
br>
have to hunt down a working peer and make a connection for each block<br>
with high probability.<br>
<br>
(1) Block storage on nodes with a fraction of the history should not<br>
depend on believing random peers; because listening to peers can<br>
easily create attacks (e.g. someone could break the network; by<br>
convincing nodes to become unbalanced) and not useful-- it&#39;s not like<b=
r>
the blockchain is substantially different for anyone; if you&#39;re to the<=
br>
point of needing to know coverage to fill then something is wrong.<br>
Gaps would be handled by archive nodes, so there is no reason to<br>
increase vulnerability by doing anything but behaving uniformly.<br>
<br>
(2) The decision to contact a node should need O(1) communications,<br>
not just because of the delay of chasing around just to find who has<br>
someone; but because that chasing process usually makes the process<br>
_highly_ sybil vulnerable.<br>
<br>
(3) The expression of what blocks a node has should be compact (e.g.<br>
not a dense list of blocks) so it can be rumored efficiently.<br>
<br>
(4) Figuring out what block (ranges) a peer has given should be<br>
computationally efficient.<br>
<br>
(5) The communication about what blocks a node has should be compact.<br>
<br>
(6) The coverage created by the network should be uniform, and should<br>
remain uniform as the blockchain grows; ideally it you shouldn&#39;t need<b=
r>
to update your state to know what blocks a peer will store in the<br>
future, assuming that it doesn&#39;t change the amount of data its<br>
planning to use. (What Tier Nolan proposes sounds like it fails this<br>
point)<br>
<br>
(7) Growth of the blockchain shouldn&#39;t cause much (or any) need to<br>
refetch old blocks.<br>
<br>
I&#39;ve previously proposed schemes which come close but fail one of the a=
bove.<br>
<br>
(e.g. a scheme based on reservoir sampling that gives uniform<br>
selection of contiguous ranges, communicating only 64 bits of data to<br>
know what blocks a node claims to have, remaining totally uniform as<br>
the chain grows, without any need to refetch -- but needs O(height)<br>
work to figure out what blocks a peer has from the data it<br>
communicated.;=C2=A0 =C2=A0or another scheme based on consistent hashes tha=
t has<br>
log(height) computation; but sometimes may result in a node needing to<br>
go refetch an old block range it previously didn&#39;t store-- creating<br>
re-balancing traffic.)<br>
<br>
So far something that meets all those criteria (and/or whatever ones<br>
I&#39;m not remembering) has not been discovered; but I don&#39;t really th=
ink<br>
much time has been spent on it. I think its very likely possible.<br>
<br>
---------------------------------------------------------------------------=
---<br>
One dashboard for servers and applications across Physical-Virtual-Cloud<br=
>
Widest out-of-the-box monitoring support with 50+ applications<br>
Performance metrics, stats and reports that give you Actionable Insights<br=
>
Deep dive visibility with transaction tracing using APM Insight.<br>
<a href=3D"http://ad.doubleclick.net/ddm/clk/290420510;117567292;y" target=
=3D"_blank">http://ad.doubleclick.net/ddm/clk/290420510;117567292;y</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>
</div></div><br>-----------------------------------------------------------=
-------------------<br>
One dashboard for servers and applications across Physical-Virtual-Cloud<br=
>
Widest out-of-the-box monitoring support with 50+ applications<br>
Performance metrics, stats and reports that give you Actionable Insights<br=
>
Deep dive visibility with transaction tracing using APM Insight.<br>
<a href=3D"http://ad.doubleclick.net/ddm/clk/290420510;117567292;y" target=
=3D"_blank">http://ad.doubleclick.net/ddm/clk/290420510;117567292;y</a><br>=
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div cla=
ss=3D"gmail_signature">Jeff Garzik<br>Bitcoin core developer and open sourc=
e evangelist<br>BitPay, Inc. =C2=A0 =C2=A0 =C2=A0<a href=3D"https://bitpay.=
com/" target=3D"_blank">https://bitpay.com/</a></div>
</div>

--001a11c24d803ec3420515e7a432--