From: Peter Todd <pete@petertodd•org>
To: Adam Back <adam@cypherspace•org>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Discovery/addr packets (was: Service bits for pruned nodes)
Date: Mon, 6 May 2013 15:08:57 -0400 [thread overview]
Message-ID: <20130506190857.GA23095@petertodd.org> (raw)
In-Reply-To: <20130506183222.GB3797@netbook.cypherspace.org>
[-- Attachment #1: Type: text/plain, Size: 3248 bytes --]
On Mon, May 06, 2013 at 08:32:22PM +0200, Adam Back wrote:
> But what exactly could you prove about a node? You dont really know if a
> node is an originator for a double spend, it could be relay. And for
> privacy and security you cant expect the node to use its coin address
> private key.
re: double-spends - punishing relay nodes and miners for them is a very
bad idea. Ultimately it is the blockchain by which Bitcoin comes to
consensus about what transactions belong in the blockchain - to punish
double-spends implies a second consensus mechanism. Anyway it's
unnecessary: you can hold the actual spender accountable for
double-spends and punish them directly rather than adding a lot of
complexity and dangerous assumptions about propagation to the Bitcoin
core network.
Some useful things you can hold relay nodes accountable for without a
lot of complexity:
1) Having a reasonably correct view of the best block. Make the node
sign a statement including a block hash sequence (the last 3-6 blocks)
and what it believes the current time is.
2) Accurate knowledge of the blockchain. Sign a statement claiming that
what block hash is for a given chain height. Note that due to reg-orgs
this is actually a different statement than #1 and nodes should be
careful what they are claiming.
3) Accurate knowledge of the UTXO set. Sign a statement claiming that
a given txid:vout for the current best block hash is in or not in the
UTXO set.
4) Accurate bloom filtering; same idea as #3
5) Make the node identity expensive to obtain. For instance, construct
PoW's including the node pubkey somehow, or purchase fidelity bonds for
the node's identity. Makes sybil attacks more difficult, among other
things.
5) Provide useful propagation/mining services. Sign a txid and
timestamp/blockhash-sequence, and hold the node accountable for how long
it takes the txid to make it into the blockchain. Useful especially for
miners offering the service of mining your transaction.
> Hmm: maybe one could use a Brands private credential with offline double
> spend detection, with the reputation but not coin address of the node
> disclosed, and the nodes coin address embedded in the proof. Each node
> could be is own CA, providing a ZKP. If the node ever double spends a coin,
> it loses its reputation as the coin address is revealed.
Be careful not to mix up the concept of a relay node with someone
posessing Bitcoins. Node's don't spend coins, people/wallets do.
> ps I have an opensource openSSL based Brands (& Chaum) credential library at
> http://www.cypherspace.org/credlb/ I didnt actually implement the ECDL
> version, just the DL version, but that is not so hard, and its on my todo
> list. (There is also a strong RSA assumption version, also not
> implemented).
That stuff is cool, but we should focus first on simple efforts, like
SSL transport, that do not require complex cryptography to obtain an
improvement in security.
Of course, not to say long-term research is bad, but that's just not
going into the Bitcoin reference client in the near future.
--
'peter'[:-1]@petertodd.org
0000000000000124d42390b0db4c125f6be87835c49dc88f1bdeba527b77abc2
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2013-05-06 19:09 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 14:58 Mike Hearn
2013-05-06 16:12 ` Peter Todd
2013-05-06 16:20 ` Jeff Garzik
2013-05-06 16:34 ` Mike Hearn
2013-05-06 16:37 ` Peter Todd
2013-05-06 16:47 ` Mike Hearn
2013-05-06 17:19 ` Peter Todd
2013-05-06 17:25 ` Jeff Garzik
2013-05-06 17:42 ` Gregory Maxwell
2013-05-06 17:53 ` Peter Todd
2013-05-06 18:01 ` Gregory Maxwell
2013-05-06 18:19 ` Peter Todd
2013-05-06 18:32 ` Adam Back
2013-05-06 19:08 ` Peter Todd [this message]
2013-05-06 19:50 ` Adam Back
2013-05-06 20:43 ` Peter Todd
2013-05-06 23:44 ` Peter Todd
2013-05-07 9:00 ` Mike Hearn
2013-05-09 0:57 ` John Dillon
2013-05-06 18:04 ` Adam Back
2013-05-06 18:25 ` Gregory Maxwell
2013-05-06 22:51 ` [Bitcoin-development] limits of network hacking/netsplits (was: Discovery/addr packets) Adam Back
2013-05-06 23:13 ` Gregory Maxwell
2013-05-07 4:48 ` Petr Praus
2013-05-07 21:07 ` Matt Corallo
2013-05-07 9:17 ` Mike Hearn
2013-05-07 11:07 ` Adam Back
2013-05-07 12:04 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130506190857.GA23095@petertodd.org \
--to=pete@petertodd$(echo .)org \
--cc=adam@cypherspace$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox