Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 86710BCA for ; Wed, 9 Dec 2015 06:30:45 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com [209.85.213.178]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BFF44107 for ; Wed, 9 Dec 2015 06:30:44 +0000 (UTC) Received: by igcto18 with SMTP id to18so33628390igc.0 for ; Tue, 08 Dec 2015 22:30:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc :content-type; bh=Ja2oqgF1EfeWMpyYs97/eHELmbY6LqEyOvzAGJPa+0Y=; b=MJwO0wn3vYWAMlXMLsTOO4UadmgyqUxOfbxHRhssQl7Wzxmv9nB63X35JPWgDMpmZ1 M5TH2wgyP3U+OyqGzEQ8AY0yIJ/nXUhptYy6v6/kd6eLj/euVAJznNecGRzwPbCO8rgJ MW2bOa66uloFDf1bPVChSTJ2p0U+rTVKTBAa/qtvda3n4c97N/5gAWnrrNKZ+4cO3EmU hwn3c6+X4orKGNgVXysrcT81lvgUDod4LHPFrrOD0PLeHmGZCtc7nfJH9Y0FozmVjmhL 3sNKTOTeHlgVp5EnmXDlXCSZOgTMzcRiugnVZFKoMek0A0qxzxjRMkQjK6pvwXmr5hJZ Eufw== X-Received: by 10.50.183.37 with SMTP id ej5mr8218122igc.95.1449642644223; Tue, 08 Dec 2015 22:30:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.252.168 with HTTP; Tue, 8 Dec 2015 22:30:24 -0800 (PST) In-Reply-To: References: From: Loi Luu Date: Wed, 9 Dec 2015 14:30:24 +0800 Message-ID: Cc: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary=001a1135e154dc60860526713a59 X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, MALFORMED_FREEMAIL, MISSING_HEADERS,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 09 Dec 2015 06:32:07 +0000 Subject: Re: [bitcoin-dev] Scaling by Partitioning X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 06:30:45 -0000 --001a1135e154dc60860526713a59 Content-Type: text/plain; charset=UTF-8 Dear Akiva, Its Loi Luu, one of the authors of the SCP protocol ( http://eprint.iacr.org/2015/1168.pdf ). Before SCP, we had been thinking hard about how to do sharding efficiently without degrading any security guarantee. A simple solution which splits the coins, or TXs in to several partitions will just not work. You have to answer more questions to have a good solutions. For example, I wonder in your proposal, if a transaction spends a "coin" that ends in "1" and creates a new coin that ends in "1", which partition should process the transaction? What is the prior data needed to validate that kind of TXs? The problem with other proposals, and probably yours as well, that we see is that the amount of data that you need to broadcast immediately to the network increases linearly with the number of TXs that the network can process. Thus, sharding does not bring any advantage than simply using other techniques to publish more blocks in one epoch (like Bitcoin-NG, Ghost). The whole point of using sharding/ partition is to localize the bandwidth used, and only broadcast only a minimal data to the network. Clearly we are able to localize the bandwidth used with our SCP protocol. The cost is that now recipients need to themselves verify whether a transaction is double spending. However, we think that it is a reasonable tradeoff, given the potential scalability that SCP can provides. Thanks, Loi Luu. On Wed, Dec 9, 2015 at 12:27 AM, Akiva Lichtner via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hello, > > I am seeking some expert feedback on an idea for scaling Bitcoin. As a > brief introduction: I work in the payment industry and I have twenty years' > experience in development. I have some experience with process groups and > ordering protocols too. I think I understand Satoshi's paper but I admit I > have not read the source code. > > The idea is to run more than one simultaneous chain, each chain defeating > double spending on only part of the coin. The coin would be partitioned by > radix (or modulus, not sure what to call it.) For example in order to > multiply throughput by a factor of ten you could run ten parallel chains, > one would work on coin that ends in "0", one on coin that ends in "1", and > so on up to "9". > > The number of chains could increase automatically over time based on the > moving average of transaction volume. > > Blocks would have to contain the number of the partition they belong to, > and miners would have to round-robin through partitions so that an attacker > would not have an unfair advantage working on just one partition. > > I don't think there is much impact to miners, but clients would have to > send more than one message in order to spend money. Client messages will > need to enumerate coin using some sort of compression, to save space. This > seems okay to me since often in computing client software does have to > break things up in equal parts (e.g. memory pages, file system blocks,) and > the client software could hide the details. > > Best wishes for continued success to the project. > > Regards, > Akiva > > P.S. I found a funny anagram for SATOSHI NAKAMOTO: "NSA IS OOOK AT MATH" > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a1135e154dc60860526713a59 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dear Akiva,

Its Loi Luu, one of the authors of the SCP prot= ocol (http://eprint.iacr.= org/2015/1168.pdf=C2=A0).<= /span>

Before SCP, we had= been thinking hard about how to do sharding efficiently without degrading = any security guarantee. A simple solution which splits the coins, or TXs in= to several partitions will just not work. You have to answer more question= s to have a good solutions. For example, I wonder in your proposal, if a tr= ansaction spends a "coin" that ends in "1" and creates = a new coin that ends in "1", which partition should process the t= ransaction? What is the prior data needed to validate that kind of TXs?

The problem with othe= r proposals, and probably yours as well,=C2=A0=C2=A0that we see is that the= amount of data that you need to broadcast immediately to the network incre= ases linearly with the number of TXs that the network can process. Thus, sh= arding does not bring any advantage than simply using other techniques to p= ublish more blocks in one epoch (like Bitcoin-NG, Ghost). The whole point o= f using sharding/ partition is to localize the=C2=A0bandwidth=C2=A0used, an= d only broadcast only a=C2=A0minimal=C2=A0data to the network.
=

= Clearly we are able to localiz= e the bandwidth used with our SCP protocol. The cost is that now=C2=A0recip= ients=C2=A0need to=C2=A0=C2=A0themselves=C2=A0= verify whether a transaction is double spending. However, we think that=C2= =A0it is=C2=A0a reasonable tradeoff, given the potential scalability that S= CP can provides.

<= div>
Thanks,
Loi Luu= .

On Wed, Dec 9, 2015 at 12:27 AM, Akiva Licht= ner via bitcoin-dev <bitcoin-dev@lists.linuxfoundation= .org> wrote:
Hello,

I am seeking= some expert feedback on an idea for scaling Bitcoin. As a brief introducti= on: I work in the payment industry and I have twenty years' experience = in development. I have some experience with process groups and ordering pro= tocols too. I think I understand Satoshi's paper but I admit I have not= read the source code.

The idea is to run more than one simult= aneous chain, each chain defeating double spending on only part of the coin= . The coin would be partitioned by radix (or modulus, not sure what to call= it.) For example in order to multiply throughput by a factor of ten you co= uld run ten parallel chains, one would work on coin that ends in "0&qu= ot;, one on coin that ends in "1", and so on up to "9".=

The number of chains could increase automatically over time b= ased on the moving average of transaction volume.

Blocks would= have to contain the number of the partition they belong to, and miners wou= ld have to round-robin through partitions so that an attacker would not hav= e an unfair advantage working on just one partition.

I don't think there is much impact to miners, but clients would = have to send more than one message in order to spend money. Client messages= will need to enumerate coin using some sort of compression, to save space.= This seems okay to me since often in computing client software does have t= o break things up in equal parts (e.g. memory pages, file system blocks,) a= nd the client software could hide the details.

Best wishes for continued success to the project.

=
Regards,
Akiva

P.S. I found a funny anagram for= SATOSHI NAKAMOTO: "NSA IS OOOK AT MATH"


_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev


--001a1135e154dc60860526713a59--