public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Segmented Block Relaying BIP draft.
@ 2012-09-10 15:07 Matthew Mitchell
  2012-09-10 15:14 ` Gregory Maxwell
  2012-09-10 18:59 ` Luke-Jr
  0 siblings, 2 replies; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-10 15:07 UTC (permalink / raw)
  To: bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 297 bytes --]

Here is a BIP draft for improving the block relaying and validation so that it can be done in parallel and so that redundancy can be removed. This becomes more beneficial the larger the block sizes are.

https://en.bitcoin.it/wiki/User:MatthewLM/ImprovedBlockRelayingProposal

Matthew Mitchell

[-- Attachment #2: Type: text/html, Size: 550 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-10 15:07 [Bitcoin-development] Segmented Block Relaying BIP draft Matthew Mitchell
@ 2012-09-10 15:14 ` Gregory Maxwell
  2012-09-10 16:29   ` Matt Corallo
  2012-09-10 18:59 ` Luke-Jr
  1 sibling, 1 reply; 18+ messages in thread
From: Gregory Maxwell @ 2012-09-10 15:14 UTC (permalink / raw)
  To: Matthew Mitchell; +Cc: bitcoin-development

On Mon, Sep 10, 2012 at 11:07 AM, Matthew Mitchell
<matthewmitchell@godofgod•co.uk> wrote:
> Here is a BIP draft for improving the block relaying and validation so that
> it can be done in parallel and so that redundancy can be removed. This
> becomes more beneficial the larger the block sizes are.
>
> https://en.bitcoin.it/wiki/User:MatthewLM/ImprovedBlockRelayingProposal

Why does this focus on actually sending the hash tree?  The block
header + transaction list + transactions a node doesn't already know
(often just the coinbase) is enough.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-10 15:14 ` Gregory Maxwell
@ 2012-09-10 16:29   ` Matt Corallo
  0 siblings, 0 replies; 18+ messages in thread
From: Matt Corallo @ 2012-09-10 16:29 UTC (permalink / raw)
  To: bitcoin-development

I actually implemented parts of the header+ v<tx> stuff in a branch with
my bloom filter stuff, you can see it here:
https://github.com/TheBlueMatt/bitcoin/commits/bloom%2Brelayblock
Its pretty stupid and would be pretty easy to DoS/get it stuck/etc, but
in theory it works.  I don't see much reason why we'd need anything
significantly more complicated, but maybe there is a use-case I'm
missing?

Matt

On Mon, 2012-09-10 at 11:14 -0400, Gregory Maxwell wrote:
> On Mon, Sep 10, 2012 at 11:07 AM, Matthew Mitchell
> <matthewmitchell@godofgod•co.uk> wrote:
> > Here is a BIP draft for improving the block relaying and validation so that
> > it can be done in parallel and so that redundancy can be removed. This
> > becomes more beneficial the larger the block sizes are.
> >
> > https://en.bitcoin.it/wiki/User:MatthewLM/ImprovedBlockRelayingProposal
> 
> Why does this focus on actually sending the hash tree?  The block
> header + transaction list + transactions a node doesn't already know
> (often just the coinbase) is enough.




^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-10 15:07 [Bitcoin-development] Segmented Block Relaying BIP draft Matthew Mitchell
  2012-09-10 15:14 ` Gregory Maxwell
@ 2012-09-10 18:59 ` Luke-Jr
  2012-09-10 19:34   ` Matthew Mitchell
  1 sibling, 1 reply; 18+ messages in thread
From: Luke-Jr @ 2012-09-10 18:59 UTC (permalink / raw)
  To: bitcoin-development; +Cc: Matthew Mitchell

On Monday, September 10, 2012 3:07:52 PM Matthew Mitchell wrote:
> Here is a BIP draft for improving the block relaying and validation so that
> it can be done in parallel and so that redundancy can be removed. This
> becomes more beneficial the larger the block sizes are.
> 
> https://en.bitcoin.it/wiki/User:MatthewLM/ImprovedBlockRelayingProposal

Most of the problem with block propagation lies in implementation, not 
protocol... Distributing missing transaction on an as-needed basis is a 
possible improvement at the protocol level, but there hasn't (AFAIK) been any 
research into whether the little benefit outweighs the cost yet. In any case, 
I don't see why 6 new messages are needed instead of simply adding a single 
new type to getinv?



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-10 18:59 ` Luke-Jr
@ 2012-09-10 19:34   ` Matthew Mitchell
  2012-09-10 19:53     ` Matt Corallo
  0 siblings, 1 reply; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-10 19:34 UTC (permalink / raw)
  To: Luke-Jr, bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 2400 bytes --]

Do you mean getdata? Here is the reason for the 6 new messages:

getseginv,seginv - These are for learning about what segments of a block a node has. Else you could remove these messages and simply have nodes advertise blocks via inventory messages. In this case nodes would have to wait until they had fully received a block before relaying anything. No longer is there a benefit with nodes being able to relay segments of blocks before they have received the entire block.

gettreelevel,treelevel - These are to received a level of the merle tree. Instead you might use get data but gettreelevel is more compact than get data and is clearly differentiates itself as part of the new protocol. Perhaps these messages could include the block headers alongside the hashes and you could request many at once like with the getheaders message? If you skip these messages, then you could verify the transactions at the end but there would be problems when peers give bad segments where data would need to be downloaded again.

getsegment,segment - These are clearly important to request and receive segments for the blocks. These allows for nodes to download arbitrary segments of blocks. The optimum number of segments could be calculated by node software using measurements of download speeds and latency times, the number of connections and how likely redundancy is to occur. If a node is up-to-date and likely has many of the transactions in blocks, it can start asking for the deepest merle level (tx hashes) and ask nodes for segments, avoiding transactions it already has.

I'll get around to doing measurements myself sometime to estimate the benefit of this proposal. It will certainly be beneficial when block sizes reach some size but not much is really known except what can be assumed/guessed.

I should also mention the bitcointalk topic here: https://bitcointalk.org/index.php?topic=103295.0

On 10 Sep 2012, at 19:59, "Luke-Jr" <luke@dashjr•org> wrote:
> 
> Most of the problem with block propagation lies in implementation, not 
> protocol... Distributing missing transaction on an as-needed basis is a 
> possible improvement at the protocol level, but there hasn't (AFAIK) been any 
> research into whether the little benefit outweighs the cost yet. In any case, 
> I don't see why 6 new messages are needed instead of simply adding a single 
> new type to getinv?


[-- Attachment #2: Type: text/html, Size: 5522 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-10 19:34   ` Matthew Mitchell
@ 2012-09-10 19:53     ` Matt Corallo
  2012-09-10 20:00       ` Gregory Maxwell
  0 siblings, 1 reply; 18+ messages in thread
From: Matt Corallo @ 2012-09-10 19:53 UTC (permalink / raw)
  To: bitcoin-development

It seems to me the whole idea of segmenting blocks would add very little
(to nothing) with any sane block size.  Sure, if a block were to be
10GB, it may make sense.  However, even in that case, it would be easier
to relay a list of tx hashes (which may be a bit expensive) and txes
separately instead of using a notion of block segments.  That said, I
don't see blocks ever being that large and if they do become that large,
as only a few full nodes will remain, upgrading their protocol would be
(relatively) easy.  I would instead encourage focus on decreasing block
relay times for the current network and as blocks approach 10MB (so that
they can approach 10MB).

Matt

On Mon, 2012-09-10 at 20:34 +0100, Matthew Mitchell wrote:
> Do you mean getdata? Here is the reason for the 6 new messages:
> 
> 
> getseginv,seginv - These are for learning about what segments of a
> block a node has. Else you could remove these messages and simply have
> nodes advertise blocks via inventory messages. In this case nodes
> would have to wait until they had fully received a block before
> relaying anything. No longer is there a benefit with nodes being able
> to relay segments of blocks before they have received the entire
> block.
> 
> 
> gettreelevel,treelevel - These are to received a level of
> the merle tree. Instead you might use get data but gettreelevel is
> more compact than get data and is clearly differentiates itself as
> part of the new protocol. Perhaps these messages could include the
> block headers alongside the hashes and you could request many at once
> like with the getheaders message? If you skip these messages, then you
> could verify the transactions at the end but there would be problems
> when peers give bad segments where data would need to be downloaded
> again.
> 
> 
> getsegment,segment - These are clearly important to request and
> receive segments for the blocks. These allows for nodes
> to download arbitrary segments of blocks. The optimum number of
> segments could be calculated by node software using measurements of
> download speeds and latency times, the number of connections and how
> likely redundancy is to occur. If a node is up-to-date and likely has
> many of the transactions in blocks, it can start asking for the
> deepest merle level (tx hashes) and ask nodes for segments, avoiding
> transactions it already has.
> 
> 
> I'll get around to doing measurements myself sometime to estimate the
> benefit of this proposal. It will certainly be beneficial when block
> sizes reach some size but not much is really known except what can be
> assumed/guessed.
> 
> 
> I should also mention the bitcointalk topic
> here: https://bitcointalk.org/index.php?topic=103295.0
> 
> On 10 Sep 2012, at 19:59, "Luke-Jr" <luke@dashjr•org> wrote:
> > 
> > Most of the problem with block propagation lies in implementation,
> > not 
> > protocol... Distributing missing transaction on an as-needed basis
> > is a 
> > possible improvement at the protocol level, but there hasn't (AFAIK)
> > been any 
> > research into whether the little benefit outweighs the cost yet. In
> > any case, 
> > I don't see why 6 new messages are needed instead of simply adding a
> > single 
> > new type to getinv?





^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-10 19:53     ` Matt Corallo
@ 2012-09-10 20:00       ` Gregory Maxwell
  0 siblings, 0 replies; 18+ messages in thread
From: Gregory Maxwell @ 2012-09-10 20:00 UTC (permalink / raw)
  To: Matt Corallo; +Cc: bitcoin-development

On Mon, Sep 10, 2012 at 3:53 PM, Matt Corallo <bitcoin-list@bluematt•me> wrote:
> It seems to me the whole idea of segmenting blocks would add very little
> (to nothing) with any sane block size.  Sure, if a block were to be
> 10GB, it may make sense.  However, even in that case, it would be easier

As you know there is a hard protocol limit of 1MB.

If you're going to talk about doing that you are screwing with the
core economic promises of the system. (in particular, removing the cap
eliminates the only armwave we have for long term security).  But in
any case, removing it requires a complete and totally incompatible
hardfork, and at that point you can do whatever you want with the
protocol. Changing how blocks are fetched is almost incidental to the
number of other things that would be changed.  I don't think it makes
sense to design for that especially when something far simpler (as you
pointed out) is prudent for the design of bitcoin.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-13 18:59                   ` Pieter Wuille
@ 2012-09-13 20:24                     ` Matthew Mitchell
  0 siblings, 0 replies; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-13 20:24 UTC (permalink / raw)
  To: Pieter Wuille, bitcoin-development


On 13 Sep 2012, at 19:59, Pieter Wuille <pieter.wuille@gmail•com> wrote:

> You want to parallellize block downloads, while at the same time preventing re-download of transactions that are already known.
> To do so, a requesting node would first request (for example) the 8 level-3 hashes, then start 8 parallel threads to download the
> transactions from presumably 8 different peers. Each thread then fetches the transaction id's that correspond to its own 1/8th of
> the block, and requests the transactions whose txid is not yet known.
> Comparing this with Gregory's own suggestion (just fetch the entire txid list at first, and then (again as parallellized as needed)
> fetch the unknown transactions from several peers), this does indeed have an advantage: you need to download (relatively) far less
> data before the threaded part can start. If this is what you propose, it is certainly meaningful, but the gains aren't very large,
> in my opinion.

This is not fully correct. I propose downloading the roots of the segments when you are not looking to remove redundant transaction downloads. This would be the case when the node is not up-to-date and is unlikely to have transactions in the required blocks. When a node is up-to-date and can benefit from removing redundant transaction downloads it can switch to downloading all the transactions hashes by specifying a high level number. Also I wouldn't recommend using one thread per connection, I'd recommend using one thread for all connections.

> However, my impression while reading your proposal was at times that you intend to process the different layers of the
> Merkle tree iteratively after starting the initial parallel segments. I don't think that is useful, as you'll need the actual
> txids anyway before deciding whether they need to be downloaded at all, it adds several round-trips, and once you have downloaded
> the intermediate merkle hashes for about 8 levels, you've already transferred more data than the transactions themselves. I think
> Gregory also assumed something like this, making him question why it's useful. Anyway, this whole paragraph is one assumption, so
> if it's not the case, ignore me.

This isn't what I was suggesting. I was suggesting you only need to download one level. Once you have done that you verify everything for the hashes on that level.

> 
> Can you clarify what you mean? Preferably by giving a concrete sequence of exchanged messages, with a given purpose?

Well you will need to ask for the headers first. Once you do that you can start downloading the full blocks for the headers.  The node should use "get blocks" to find nodes with segments of the blocks they need. Now for each block:

1. Send getsiginv to a number of peers to know the segments of the blocks they have. 
2. Send gettreelevel requesting a level of the merkle tree from a peer that can provide it. When up-to-date use a high level to get the transaction hashes to find redundant data.
3. Validate the treelevel response
4. Send getsegment for each segment wanted (at the same time where possible) to the peers that have these segments. Skip transactions already known.
5. Validate the transactions in each segment received. Stop if the block is invalid and disconnect peers that give transactions which do not fit the merkle tree.
6. Revert to getdata if peers using the protocol cannot satisfy the block download.

When a valid block segment is received, include the block in inv and headers messages for other peers using the protocol. Thus relaying can begin before the entire block is downloaded.

I'm thinking about improvements to this proposal. I'll get to that tomorrow perhaps…

Thank you everyone for the replies.


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-13 17:49                 ` Matthew Mitchell
@ 2012-09-13 18:59                   ` Pieter Wuille
  2012-09-13 20:24                     ` Matthew Mitchell
  0 siblings, 1 reply; 18+ messages in thread
From: Pieter Wuille @ 2012-09-13 18:59 UTC (permalink / raw)
  To: Matthew Mitchell; +Cc: bitcoin-development

On Thu, Sep 13, 2012 at 06:49:49PM +0100, Matthew Mitchell wrote:
> A merkle tree root is found by hashing the two children together and those children are found the same way until you get to the greatest level down the tree. This means you can validate children as being correct as long as they hash together to form the root. This means you do not need all the transaction hashes to validate segments of the block, you only need the root hashes for all the segments you want. Let's say there are 8 transactions and you want to verify 4 segments (2 transactions each), The merkle tree looks like this (Might not work depending on the font):

> I hope that made sense.

I'm quite sure Gregory thoroughly understands how Merkle trees work and why they are useful.

His question was about the use case. Let me try to answer his question, by making some assumptions about your intentions. Correct me if I'm wrong - I haven't read all details.

You want to parallellize block downloads, while at the same time preventing re-download of transactions that are already known.
To do so, a requesting node would first request (for example) the 8 level-3 hashes, then start 8 parallel threads to download the
transactions from presumably 8 different peers. Each thread then fetches the transaction id's that correspond to its own 1/8th of
the block, and requests the transactions whose txid is not yet known.
Comparing this with Gregory's own suggestion (just fetch the entire txid list at first, and then (again as parallellized as needed)
fetch the unknown transactions from several peers), this does indeed have an advantage: you need to download (relatively) far less
data before the threaded part can start. If this is what you propose, it is certainly meaningful, but the gains aren't very large,
in my opinion.

However, my impression while reading your proposal was at times that you intend to process the different layers of the
Merkle tree iteratively after starting the initial parallel segments. I don't think that is useful, as you'll need the actual
txids anyway before deciding whether they need to be downloaded at all, it adds several round-trips, and once you have downloaded
the intermediate merkle hashes for about 8 levels, you've already transferred more data than the transactions themselves. I think
Gregory also assumed something like this, making him question why it's useful. Anyway, this whole paragraph is one assumption, so
if it's not the case, ignore me.

Can you clarify what you mean? Preferably by giving a concrete sequence of exchanged messages, with a given purpose?

PS: the reason Satoshi used a Merkle tree for the transactions in a block was to allow a short piece of data (the hashes along a
path in the tree) to prove a transaction belongs to it - I doubt he intended it for parallellizing downloads (though it certainly
opens some opportunities here).

-- 
Pieter









^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
       [not found]               ` <CAAS2fgQi8QFwU2M=wLiDodt3SmO48vUV5Sp3YCb1OmGJ5m=E7Q@mail.gmail.com>
@ 2012-09-13 17:49                 ` Matthew Mitchell
  2012-09-13 18:59                   ` Pieter Wuille
  0 siblings, 1 reply; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-13 17:49 UTC (permalink / raw)
  To: Gregory Maxwell, bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 3213 bytes --]


On 13 Sep 2012, at 16:51, Gregory Maxwell <gmaxwell@gmail•com> wrote:

> I thoroughly understand the value of tree hashes. That wasn't what I
> was asking about.
> 
> If you're validating a block you need all the transactions, once you
> have them or their hashes you can build the tree without transferring
> more, e.g. what a fully validating node needs. If you're checking a
> single transaction to need the path from the transaction to the root
> (what a SPV nodes need, for example).
> 
> Can you spell out the 'end user'ish application for fetching a tree level?

A merkle tree root is found by hashing the two children together and those children are found the same way until you get to the greatest level down the tree. This means you can validate children as being correct as long as they hash together to form the root. This means you do not need all the transaction hashes to validate segments of the block, you only need the root hashes for all the segments you want. Let's say there are 8 transactions and you want to verify 4 segments (2 transactions each), The merkle tree looks like this (Might not work depending on the font):

Level 0:               *
                      / \
                     /   \
                    /     \
                   /       \
                  /         \
                 /           \
                /             \
Level 1:       *               *
              / \             / \
             /   \           /   \
            /     \         /     \
Level 2:   *       *       *       *
          / \     / \     / \     / \
Level 3: *   *   *   *   *   *   *   *

When you look at any non-leaf node you can see a separate merkle tree where the root can be found exactly the same as any other merkle tree. In this example you want four segments, so you ask for level 2. Now imagine a tree without level 3, you can validate the root with level 2. In fact you can validate that the root exists for any level. So you first check that the level 2 hashes do indeed calculate to the root. Once this is done you can now use these hashes to validate the segments. When you receive a segment, you check that segment against the segment's root. So you've validated the segment transactions for the segment root and the segment root was validated for the entire tree's root. You validate the segments for each segment root and this way you know all the transactions are valid for the four segments and thus are valid for the entire tree. This way you have downloaded 4 hashes instead of 8. 

Downloading the transactions hashes are therefore not necessary only the level for the segment roots. You might for instance want to divide the block into two segments in which case you ask for level 1 and download 2 hashes.

I hope that made sense.

And yes the merkle tree is particularly useful for validating a single transaction exists in a block as that saves a large proportion of the data required. The redundant data removed in the proposal here is smaller as a proportion of the total data (Because most of the data is the actual transactions themselves), so you might argue it's not worth it but it's simple to implement.

[-- Attachment #2: Type: text/html, Size: 5996 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
       [not found]             ` <2B95CF41-4304-4D2A-9ABF-198D97B7449B@godofgod.co.uk>
@ 2012-09-13 15:46               ` Matthew Mitchell
       [not found]               ` <CAAS2fgQi8QFwU2M=wLiDodt3SmO48vUV5Sp3YCb1OmGJ5m=E7Q@mail.gmail.com>
  1 sibling, 0 replies; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-13 15:46 UTC (permalink / raw)
  To: bitcoin-development


On 13 Sep 2012, at 16:16, Gregory Maxwell <gmaxwell@gmail•com> wrote:

> Sorry, I'm still not seeing what the value is.  How is the tree level
> useful to anyone?  If you did want to get only parts of the
> transaction list, why not just ranges from the lowest level?

Obtaining a particular tree level allows you to verify segments without needing to download all the transaction hashes first. You only need one hash per segment. For instance if you want to divide the block into 8 segments you specify level 3 and download 8 hashes. You could download all transaction hashes if you wanted and it would still work, it just requires more data transfer for the hashes. This was the reason why merkle trees were used in bitcoin, to avoid requiring all hashes to verify data.




^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-13 14:05         ` Matthew Mitchell
@ 2012-09-13 15:16           ` Gregory Maxwell
       [not found]             ` <2B95CF41-4304-4D2A-9ABF-198D97B7449B@godofgod.co.uk>
  0 siblings, 1 reply; 18+ messages in thread
From: Gregory Maxwell @ 2012-09-13 15:16 UTC (permalink / raw)
  To: Matthew Mitchell; +Cc: bitcoin-development

On Thu, Sep 13, 2012 at 10:05 AM, Matthew Mitchell
<matthewmitchell@godofgod•co.uk> wrote:

> @Gregory
>
>> But you only need to request the transactions you don't have. Most of
>> time you should already have almost all of the transactions.
>
> Yes, my proposal allows you to do this. You skip out transactions your already have. My proposal is simply better than others because it takes full advantage of the merkle tree structure with minor additions that are simple to implement. How hard is it to get the hashes at a particular level of a merkle tree? Not hard at all. How hard is it to place a selection of transactions from a block into a message Not hard at all. Implementation of the protocol requirements would be a piece of cake. The harder bit would be to create an algorithm to determine the best level of segmentation but this is not required to comply with the protocol.

Sorry, I'm still not seeing what the value is.  How is the tree level
useful to anyone?  If you did want to get only parts of the
transaction list, why not just ranges from the lowest level?



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-13  8:42       ` Mike Hearn
@ 2012-09-13 14:05         ` Matthew Mitchell
  2012-09-13 15:16           ` Gregory Maxwell
  0 siblings, 1 reply; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-13 14:05 UTC (permalink / raw)
  To: Mike Hearn, Gregory Maxwell, bitcoin-development

On 13 Sep 2012, at 09:42, Mike Hearn <mike@plan99•net> wrote:

> For what it's worth I disagree with Gregory on nearly all these
> points, so don't take it as some kind of consensus from the Bitcoin
> community ;)
> 
> Matts change is reasonable but I think we all agree it has minimal
> impact at the moment relative to other things, so something even more
> complex than that seems like a non-starter. Bloom filtering is a lot
> more important.

Sure other things may be done before this, I was seeing this as a change somewhere down the line but not urgent.

@Gregory

> But you only need to request the transactions you don't have. Most of
> time you should already have almost all of the transactions.

Yes, my proposal allows you to do this. You skip out transactions your already have. My proposal is simply better than others because it takes full advantage of the merkle tree structure with minor additions that are simple to implement. How hard is it to get the hashes at a particular level of a merkle tree? Not hard at all. How hard is it to place a selection of transactions from a block into a message Not hard at all. Implementation of the protocol requirements would be a piece of cake. The harder bit would be to create an algorithm to determine the best level of segmentation but this is not required to comply with the protocol.

> Because there is no motivation not to set them to zero, if you don't
> someone else will

The motivation to incentivise miners and maintain stronger security? The difficulty only has to be high enough to prevent a cartel of malicious miners taking control of the network, something that is potentially a problem today with the large mining pools. Remember that the more transactions there are the more fees there can be for miners to collect. The more people that are using bitcoin, the greater bitcoins will be worth. A bigger network should be good for miners when relying on fees.

> And yes, of course, you schedule the change
> for the future, but as you note that it doesn't solve the problem of
> people opposing it.

If it's so controversial that it creates a split making two separated currencies then I'd see it turning out like the format wars (VHS vs Betamax and Blu-ray vs HD-DVD). Eventually people will move towards one or the other since it's better for people to have universalised agreement on a system.


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-11 23:22     ` Gregory Maxwell
@ 2012-09-13  8:42       ` Mike Hearn
  2012-09-13 14:05         ` Matthew Mitchell
  0 siblings, 1 reply; 18+ messages in thread
From: Mike Hearn @ 2012-09-13  8:42 UTC (permalink / raw)
  To: Gregory Maxwell; +Cc: bitcoin-development

For what it's worth I disagree with Gregory on nearly all these
points, so don't take it as some kind of consensus from the Bitcoin
community ;)

Matts change is reasonable but I think we all agree it has minimal
impact at the moment relative to other things, so something even more
complex than that seems like a non-starter. Bloom filtering is a lot
more important.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-11 21:48   ` Matthew Mitchell
@ 2012-09-11 23:22     ` Gregory Maxwell
  2012-09-13  8:42       ` Mike Hearn
  0 siblings, 1 reply; 18+ messages in thread
From: Gregory Maxwell @ 2012-09-11 23:22 UTC (permalink / raw)
  To: Matthew Mitchell; +Cc: bitcoin-development

On Tue, Sep 11, 2012 at 5:48 PM, Matthew Mitchell
<matthewmitchell@godofgod•co.uk> wrote:
> You wouldn't need to pipeline the requests, just place more than one inventory vector in get data, right? Well my messages would save the space of those inventory vectors. Instead of needing 36 byte inventory vectors for each transaction and a var int, you would need two var ints only. And then the transaction responses only need one header, so you save 24 bytes for each transaction after the first. You could say that is a small benefit.

But you only need to request the transactions you don't have. Most of
time you should already have almost all of the transactions.

> Look at bittorrent. With bittorrent you don't download files from a single peer all at once.

You can fetch transactions from multiple peers with just a simple
mechanism that gives you the headers plus the txn list. And if you
want ArgumentAdSomethingElse, thats what bittorrent does too: the
torrent file contains the list of block hashes, and you get it from
one place.

> Why wouldn't requesting minimum fees in the software work as is done currently?

Because there is no motivation not to set them to zero, if you don't
someone else will.  Right now the income from fees is hardly relevant,
and the ability to drive more non-existant because there isn't enough
load to create scarcity.


> So what you essentially suggest is having bitcoin banks that maintain trust through Open Transaction contracts which contains proof of agreement, providing some legal protection? One wonders why have bitcoin at all then? Why not have an elaborate e-money system between several banks using Open Transactions?

Because it can't resist inflation. You have to trust that the banks
won't conspire to their mutual benefit to inflate the base currency.
OT can make it so a 'bank' (which is really a distributed collection
of nodes, not a single point of trust) can trivially prove how much
"gold certificates" it has issued, but you also need to prove how much
'gold' exists and which keys hold it, and for that you need a _global_
consensus; which bitcoin provides...

If you don't like

>Bitcoin doesn't just contain proof of if something was done right or not, it contains actual certainty that it will be done right. And how does Open >Transactions prevent fractional reserve fraud?

Well, Bitcoin gives you no certainty that any particular transaction
will be confirmed at all, ever; so perhaps best not to overstate it
too much. But yes, Bitcoin is great. ... but all that greatness
depends on there being a way to fund enough computation so that
attacks are too costly to be justified and that the cost of
maintaining a system to fully validate the system's rules (e.g. that
the miners aren't mining duplicate txns to create inflation for
themselves) is low enough that it will naturally enormously
distributed so that a conspiracy is effectively impossible.  Otherwise
everything consolidates down to a few meganodes and the attractive
properties are all gone.

OT's issuers can prove how much bitcoin they hold on the blockchain
(by nothing more sophisticated than signmessage) and they can prove
how many tokens they've issued against it.

And I didn't mean to suggest OT as a unique solution. Another path is
ripple, the idea of which is a sort of a p2p hawala where you have
pairwise trust and debt. It can allow you to circulate around tokens
between a community of users and only settle infrequently (as
determined by your level of trust, the debt involved, and the cost of
the bitcoin transaction) against bitcoin.

> I suppose when people consider bitcoin banks, they will consider bitcoin being useless.

They already exist, in crappy centralized form— e.g. look at mtgox
codes and user to user instant transfers; and bitcoin isn't useless.
Plus some extra system of some kind is the _only_ way to securely
irreversible transactions which are reliably fast, so it's not like
there is any real prospect of using bitcoin directly for all kinds of
uses at scale. (yes, blocks are 'only' 10 minutes apart on average,
but if you care about fast, you care about e.g. the 99% not the
average)

> As far as I see it, if bitcoin won't scale, then it's worth looking at something different to bitcoin that will scale.

Bitcoin scales fine.  It is not a singular replacement for everything
you can imagine it being a replacement for, however, or at least not a
good replacement.  The fact that you could conceivably make it
directly scale up to handle e.g. the volume of all the credit network
doesn't make that a good idea. It would still be a very poor
replacement for a credit network (slow transactions; which can't be
fixed by tweaking some parameters, the bitcoin blockchain consensus
algorithm has infinite convergence time when the block time falls
below the hash-power-weighed latency), and that kind of scaling would
absolutely ruin the decentralization, making it so only large states
and megabanks could run full nodes, and even at that level it couldn't
match the worldwide volume of cash transactions or 'internal' money
transactions (like money moving around on all the poker tables in the
world).   It's like someone made the mistake of saying the floor wax
is edible (linseed oil) and now you complain that its a crappy desert
topping. :P

Maybe people will ultimately agree to raise the block sizes, but I
expect and hope that they'll only do so when it is entirely
uncontroversial that doing so won't significantly degrade the
decentralization (certainly not the case today: a large portion of the
network appears to have trouble keeping up with large blocks right
now, though upcoming software improvements will help enormously), or
the mining economics.   And yes, of course, you schedule the change
for the future, but as you note that it doesn't solve the problem of
people opposing it.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-11 19:42 ` Gregory Maxwell
@ 2012-09-11 21:48   ` Matthew Mitchell
  2012-09-11 23:22     ` Gregory Maxwell
  0 siblings, 1 reply; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-11 21:48 UTC (permalink / raw)
  To: Gregory Maxwell, bitcoin-development

On 11 Sep 2012, at 20:42, Gregory Maxwell <gmaxwell@gmail•com> wrote:

> Someone can do that just by pipelining the one at a time requests.
> How much bandwidth do you think you could save over that?

You wouldn't need to pipeline the requests, just place more than one inventory vector in get data, right? Well my messages would save the space of those inventory vectors. Instead of needing 36 byte inventory vectors for each transaction and a var int, you would need two var ints only. And then the transaction responses only need one header, so you save 24 bytes for each transaction after the first. You could say that is a small benefit.
 
> I don't see what value this provides.  For protecting against the
> future you might as well suggest uploading x86 code which gets
> executed to select transactions. "Protects against the future".  Can
> you clarify some more about exactly how you think it would help?

Well it depends on wether you seriously think bitcoin blocks should be limited at a million bytes or not.

> it's not clear to me how your proposal is really all that useful for
> very large blocks: I looks like it would lot of bytes sending
> redundant tree data.

Look at bittorrent. With bittorrent you don't download files from a single peer all at once.

> Bitcoin gets its value through scarcity. There are two kinds of
> scarcity that are economically important, scarcity of the coins— there
> will never be more than 21 million— and scarcity of the block space
> which, as the protocol is defined and enforced by every node can not
> be more than 1MB. The latter scarcity is what makes the security model
> economically sane.

Why wouldn't requesting minimum fees in the software work as is done currently?

> Fortunately, its perfectly possible to make transactions denominated
> in bitcoin outside of the blockchain, and in a secure and distributed
> manner that respects the principles that make bitcoin attractive, but
> with information hiding that improves privacy, transaction speed, and
> scalability. See, e.g. the good work being done by Open transactions
> to create distributed cryptographic banks.  So blockchain scarcity
> itself doesn't prevent Bitcoin from being a one world currency
> (something which isn't at all sane no matter how big you make the
> blocks if you don't allow for other modes of transaction processing—
> who the heck wants to possibly wait an hour to get a 1 confirm
> sodapop??).

So what you essentially suggest is having bitcoin banks that maintain trust through Open Transaction contracts which contains proof of agreement, providing some legal protection? One wonders why have bitcoin at all then? Why not have an elaborate e-money system between several banks using Open Transactions? Bitcoin doesn't just contain proof of if something was done right or not, it contains actual certainty that it will be done right. And how does Open Transactions prevent fractional reserve fraud?

I suppose when people consider bitcoin banks, they will consider bitcoin being useless.

>  but I know that changing it is precisely as
> technically difficult as changing the 21 million limit

Set the change to occur at some block in the future leaving time for people to upgrade. Send out alert messages to notify users to upgrade. Issue is, some people might not like the change for whatever reasons.

As far as I see it, if bitcoin won't scale, then it's worth looking at something different to bitcoin that will scale.


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
  2012-09-11 19:07 Matthew Mitchell
@ 2012-09-11 19:42 ` Gregory Maxwell
  2012-09-11 21:48   ` Matthew Mitchell
  0 siblings, 1 reply; 18+ messages in thread
From: Gregory Maxwell @ 2012-09-11 19:42 UTC (permalink / raw)
  To: Matthew Mitchell; +Cc: bitcoin-development

On Tue, Sep 11, 2012 at 3:07 PM, Matthew Mitchell
<matthewmitchell@godofgod•co.uk> wrote:
> For some reason sourceforge is not sending me updates anymore but I can see the replies online…
>
> There could be a slightly more simple protocol which gives all the transactions hashes and nodes can then download the transactions separately. However there are two problems:
>
> 1. Downloading all the transactions individually might be inefficient. My proposal will allow nodes to request multiple transactions at once.

Someone can do that just by pipelining the one at a time requests.
How much bandwidth do you think you could save over that?

> 2. Why not add a few additional components to the protocol to allow requests for any level of the merkle tree? It's not very complicated at all and protects against the future.

I don't see what value this provides.  For protecting against the
future you might as well suggest uploading x86 code which gets
executed to select transactions. "Protects against the future".  Can
you clarify some more about exactly how you think it would help?

It's sometimes desirable to be more general rather than more special
case when it's costless... but having couple extra p2p protocol
messages to implement, test for interop, guard against vulnerability,
etc. isn't costless... and should be justified with concrete benefits.

it's not clear to me how your proposal is really all that useful for
very large blocks: I looks like it would lot of bytes sending
redundant tree data.

>The block sizes at the moment are about 0.1MB but what if the bitcoin demand starts pushing that into megabytes?

And what if? _Bitcoin_ blocksizes can't be any larger.  Some future
incompatible system? well perhaps. But we're working on the protocol
for bitcoin now.

> And yes the ~0.95MB limit needs to be changed in order for bitcoin to grow that far. Why would the limit not be lifted? How will bitcoin demand be satisfied other than having large fees to deter transactions, hoping the fees are large enough to balance the demand with the block size limits to prevent many transactions being unconfirmed and annoying users? That limit has got to go eventually. And then it could be that block sizes do become large enough to worry about the performance in relaying.

The finite size— and ultimately the contention for space it causes— is
the only thing will creates non-trivial fees. Without the fees there
is no honest economic motivation to mine with adequate computing power
to provide security (lots of dishonest motivations— e.g. applying
control over the currency exist), you'd just have a race to the
bottom, given unbounded block sizes it is always rational for
decentralized to include any transaction with a fee even if it is very
small— otherwise the next rational solver is just going to include it.

Bitcoin gets its value through scarcity. There are two kinds of
scarcity that are economically important, scarcity of the coins— there
will never be more than 21 million— and scarcity of the block space
which, as the protocol is defined and enforced by every node can not
be more than 1MB. The latter scarcity is what makes the security model
economically sane.

Fortunately, its perfectly possible to make transactions denominated
in bitcoin outside of the blockchain, and in a secure and distributed
manner that respects the principles that make bitcoin attractive, but
with information hiding that improves privacy, transaction speed, and
scalability. See, e.g. the good work being done by Open transactions
to create distributed cryptographic banks.  So blockchain scarcity
itself doesn't prevent Bitcoin from being a one world currency
(something which isn't at all sane no matter how big you make the
blocks if you don't allow for other modes of transaction processing—
who the heck wants to possibly wait an hour to get a 1 confirm
sodapop??).

From the beginning it was obvious that confirmations would eventually
be slower (or expensive to make merely slow; Bitcoin is incapable of
reliable fast confirmations)— thats the nature the stochastic
consensus and the fee based security support.  You could instead
imagine a future where bitcoin's security came by collusion by major
financial cartels and governments, and where fees aren't important....
 But I reject that future, it's a perfectly viable one, but why bother
with Bitcoins in the first place? To make some early adopters a little
bit of money starting off the next big centrally controlled fiat?
Boring.

I can't say for sure if the 1MB limit will stay exactly as is forever,
as I expect the economics work with any limit out of a fairly broad
range that is low enough to both make the space seriously scarce and
low enough that 'inexpensive' (e.g. privately owned) hardware can
continue to audit it to preserve the decentralized security,  and the
economic importance of the size limit is more subtle than the
inflation resistance... but I know that changing it is precisely as
technically difficult as changing the 21 million limit: all Bitcoin
node software must be replaced with incompatible software, and I
believe it would be just as economically risky— if not more so— if
done wrong, as at least inflation would have a easily understood
direct dillution effect while inadequate security would potentially
make all Bitcoin worthless.  As such I don't think it's even worth
discussing until there is an urgent demand to clarify the tradeoffs...

Should the block size ever be increased the message format used for
relaying the larger blocks will be the smallest of the issues being
discussed.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [Bitcoin-development] Segmented Block Relaying BIP draft.
@ 2012-09-11 19:07 Matthew Mitchell
  2012-09-11 19:42 ` Gregory Maxwell
  0 siblings, 1 reply; 18+ messages in thread
From: Matthew Mitchell @ 2012-09-11 19:07 UTC (permalink / raw)
  To: bitcoin-development

For some reason sourceforge is not sending me updates anymore but I can see the replies online…

There could be a slightly more simple protocol which gives all the transactions hashes and nodes can then download the transactions separately. However there are two problems:

1. Downloading all the transactions individually might be inefficient. My proposal will allow nodes to request multiple transactions at once.
2. Why not add a few additional components to the protocol to allow requests for any level of the merkle tree? It's not very complicated at all and protects against the future.

Sure, analysis needs to be done to see at what point the proposal would give benefit and I will hopefully get around to doing some measurements of peer behaviour to aid with this.

I think it's a good idea to think ahead rather than only do what is beneficial for the network currently. The block sizes at the moment are about 0.1MB but what if the bitcoin demand starts pushing that into megabytes? And yes the ~0.95MB limit needs to be changed in order for bitcoin to grow that far. Why would the limit not be lifted? How will bitcoin demand be satisfied other than having large fees to deter transactions, hoping the fees are large enough to balance the demand with the block size limits to prevent many transactions being unconfirmed and annoying users? That limit has got to go eventually. And then it could be that block sizes do become large enough to worry about the performance in relaying.

Best not to leave this to the last minute, so at the very least I think it's good to talk about this.


^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2012-09-13 20:24 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-09-10 15:07 [Bitcoin-development] Segmented Block Relaying BIP draft Matthew Mitchell
2012-09-10 15:14 ` Gregory Maxwell
2012-09-10 16:29   ` Matt Corallo
2012-09-10 18:59 ` Luke-Jr
2012-09-10 19:34   ` Matthew Mitchell
2012-09-10 19:53     ` Matt Corallo
2012-09-10 20:00       ` Gregory Maxwell
2012-09-11 19:07 Matthew Mitchell
2012-09-11 19:42 ` Gregory Maxwell
2012-09-11 21:48   ` Matthew Mitchell
2012-09-11 23:22     ` Gregory Maxwell
2012-09-13  8:42       ` Mike Hearn
2012-09-13 14:05         ` Matthew Mitchell
2012-09-13 15:16           ` Gregory Maxwell
     [not found]             ` <2B95CF41-4304-4D2A-9ABF-198D97B7449B@godofgod.co.uk>
2012-09-13 15:46               ` Matthew Mitchell
     [not found]               ` <CAAS2fgQi8QFwU2M=wLiDodt3SmO48vUV5Sp3YCb1OmGJ5m=E7Q@mail.gmail.com>
2012-09-13 17:49                 ` Matthew Mitchell
2012-09-13 18:59                   ` Pieter Wuille
2012-09-13 20:24                     ` Matthew Mitchell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox