MIME-Version: 1.0
In-Reply-To: <3b28f994d75070ab1fd2d312f29bb706@xbt.hk>
References: <50e629572d8de852eb789d50b34da308@xbt.hk>
	<1449961269.2210.5.camel@yahoo.com>
	<CACrzPenXGQZBrx8QC+1QE2oCE3N=qmfgc_OWrowtjtLjGkZrRA@mail.gmail.com>
	<CAAS2fgQi7aiwyOaVBiMbp6t9D58aFAmDdKPzFiscB6ouGzBK6A@mail.gmail.com>
	<CAAcC9yuSX67ckhBUCsvTk+7PB6vzufuuBsJikSqqqU_4LXoCfA@mail.gmail.com>
	<CAAS2fgSchJFk1Ejd8ZfMSzxEO-1TWYR6ag-seQNH_QHrc9Cn3w@mail.gmail.com>
	<CAAcC9ysovzcm1SD_4XyxxofmwdXrcQqs0ckQBw626vYsdPftKw@mail.gmail.com>
	<3b28f994d75070ab1fd2d312f29bb706@xbt.hk>
Date: Sun, 13 Dec 2015 21:36:06 +0000
Message-ID: <CAE-z3OXAgvtODDKHTWVyNN1r=T=f-gtGawKtEdOh_H+h-5gqEQ@mail.gmail.com>
From: Tier Nolan <tier.nolan@gmail.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=001a113ed5661c401d0526ce589e
Subject: Re: [bitcoin-dev] Forget dormant UTXOs without confiscating bitcoin
Precedence: list

--001a113ed5661c401d0526ce589e
Content-Type: text/plain; charset=UTF-8

On Sun, Dec 13, 2015 at 6:11 PM, jl2012--- via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Back to the topic, I would like to further elaborate my proposal.
>
> We have 3 types of full nodes:
>
> Archive nodes: full nodes that store the whole blockchain
> Full UTXO nodes: full nodes that fully store the latest UTXO state, but
> not the raw blockchain
> Lite UTXO nodes: full nodes that store only UTXO created in that past
> 420000 blocks
>

There is a risk that miners would eventually react by just refusing to
accept blocks that spend dormant outputs.  This is a risk even without the
protocol, but I think if there are already lots of UTXO-lite nodes
deployed, it would be much easier to just define them as the new
(soft-forked) consensus rule.

There is a precedent for things to be disabled rather than fixed when
security problems arise.

Imagine a crisis caused by a security related bug with the revival proofs.
Disabling them is much lower risk than trying to find/fix the bug and then
deploy the fix.  The longer it takes, the longer the security problem
remains.


>
> What extra information is needed?
>
> (1) If your UTXO was generated in block Y, you first need to know the TXO
> state (spent / unspent) of all outputs in block Y at block (Y + 420000).
> Only UTXOs at that time are relevant.
>
> (2) You also need to know if there was any spending of any block Y UTXOs
> after block (Y + 420000).
>

Is this how it works?

Source transaction is included in block Y.

If the output is spent before Y + 420,000, then no further action is taken.

The miner for block Y + 420,000 will include a commitment to
merkle_hash(Block Y's unspent outputs).

It is possible for someone to prove that they didn't spend their
transaction before Y + 420,000.

I think the miners have to remember the "live" UTXO merkle root for every
block?

With the path to the UTXO and the miner can recalculate the root for that
block.

If there were 20 dormant outputs being spent, then the miner would have to
commit to 20 updates.

--001a113ed5661c401d0526ce589e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On S=
un, Dec 13, 2015 at 6:11 PM, jl2012--- via bitcoin-dev <span dir=3D"ltr">&l=
t;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank=
">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrote:<br><blockquot=
e class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc sol=
id;padding-left:1ex"><span class=3D""></span> Back to the topic, I would li=
ke to further elaborate my proposal.<br>
<br>
We have 3 types of full nodes:<br>
<br>
Archive nodes: full nodes that store the whole blockchain<br>
Full UTXO nodes: full nodes that fully store the latest UTXO state, but not=
 the raw blockchain<br>
Lite UTXO nodes: full nodes that store only UTXO created in that past 42000=
0 blocks<br></blockquote><div><br></div><div>There is a risk that miners wo=
uld eventually react by just refusing to accept blocks that spend dormant o=
utputs.=C2=A0 This is a risk even without the protocol, but I think if ther=
e are already lots of UTXO-lite nodes deployed, it would be much easier to =
just define them as the new (soft-forked) consensus rule.<br><br></div><div=
>There is a precedent for things to be disabled rather than fixed when secu=
rity problems arise.<br><br></div><div>Imagine a crisis caused by a securit=
y related bug with the revival proofs.=C2=A0 Disabling them is much lower r=
isk than trying to find/fix the bug and then deploy the fix.=C2=A0 The long=
er it takes, the longer the security problem remains.<br>=C2=A0<br></div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
#ccc solid;padding-left:1ex">
<br>
What extra information is needed?<br>
<br>
(1) If your UTXO was generated in block Y, you first need to know the TXO s=
tate (spent / unspent) of all outputs in block Y at block (Y + 420000). Onl=
y UTXOs at that time are relevant.<br>
<br>
(2) You also need to know if there was any spending of any block Y UTXOs af=
ter block (Y + 420000).<br></blockquote><div><br></div><div>Is this how it =
works?<br><br></div><div>Source transaction is included in block Y.<br></di=
v><div><br></div><div>If the output is spent before Y + 420,000, then no fu=
rther action is taken.<br><br></div><div>The miner for block Y + 420,000 wi=
ll include a commitment to merkle_hash(Block Y&#39;s unspent outputs).<br><=
br></div><div>It is possible for someone to prove that they didn&#39;t spen=
d their transaction before Y + 420,000.<br><br></div><div>I think the miner=
s have to remember the &quot;live&quot; UTXO merkle root for every block?<b=
r><br></div><div>With the path to the UTXO and the miner can recalculate th=
e root for that block.<br><br></div><div>If there were 20 dormant outputs b=
eing spent, then the miner would have to commit to 20 updates.<br></div></d=
iv></div></div>

--001a113ed5661c401d0526ce589e--