Dear Akiva,

Its Loi Luu, one of the authors of the SCP protocol (http://eprint.iacr.org/2015/1168.pdf ).

Before SCP, we had been thinking hard about how to do sharding efficiently without degrading any security guarantee. A simple solution which splits the coins, or TXs in to several partitions will just not work. You have to answer more questions to have a good solutions. For example, I wonder in your proposal, if a transaction spends a "coin" that ends in "1" and creates a new coin that ends in "1", which partition should process the transaction? What is the prior data needed to validate that kind of TXs?

The problem with other proposals, and probably yours as well,  that we see is that the amount of data that you need to broadcast immediately to the network increases linearly with the number of TXs that the network can process. Thus, sharding does not bring any advantage than simply using other techniques to publish more blocks in one epoch (like Bitcoin-NG, Ghost). The whole point of using sharding/ partition is to localize the bandwidth used, and only broadcast only a minimal data to the network.

Clearly we are able to localize the bandwidth used with our SCP protocol. The cost is that now recipients need to  themselves verify whether a transaction is double spending. However, we think that it is a reasonable tradeoff, given the potential scalability that SCP can provides.

Thanks,
Loi Luu.

On Wed, Dec 9, 2015 at 12:27 AM, Akiva Lichtner via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Hello,

I am seeking some expert feedback on an idea for scaling Bitcoin. As a brief introduction: I work in the payment industry and I have twenty years' experience in development. I have some experience with process groups and ordering protocols too. I think I understand Satoshi's paper but I admit I have not read the source code.

The idea is to run more than one simultaneous chain, each chain defeating double spending on only part of the coin. The coin would be partitioned by radix (or modulus, not sure what to call it.) For example in order to multiply throughput by a factor of ten you could run ten parallel chains, one would work on coin that ends in "0", one on coin that ends in "1", and so on up to "9".

The number of chains could increase automatically over time based on the moving average of transaction volume.

Blocks would have to contain the number of the partition they belong to, and miners would have to round-robin through partitions so that an attacker would not have an unfair advantage working on just one partition.

I don't think there is much impact to miners, but clients would have to send more than one message in order to spend money. Client messages will need to enumerate coin using some sort of compression, to save space. This seems okay to me since often in computing client software does have to break things up in equal parts (e.g. memory pages, file system blocks,) and the client software could hide the details.

Best wishes for continued success to the project.

Regards,
Akiva

P.S. I found a funny anagram for SATOSHI NAKAMOTO: "NSA IS OOOK AT MATH"


_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev