From: ZmnSCPxj <ZmnSCPxj@protonmail•com>
To: Mostafa Sedaghat joo <mostafa.sedaghat@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Stamping transaction
Date: Sun, 07 Jun 2020 15:01:42 +0000 [thread overview]
Message-ID: <gNdtY-_W10fFe8vwyhQNUOCIWCtBj0G9LLUu5GQ7PYlRXejM1jwIX__TMYUhq6DDczOTQ3YYgVACOBSv6yIqx5nZ5vRbXkXPn-yjsOqi52w=@protonmail.com> (raw)
In-Reply-To: <CAJr8eKtV=W8wLkZZP9tagnL8F3jxOv8t-J9oBCFV6MrRPDmGiw@mail.gmail.com>
Good morning Mostafa,
> The main point of stamping transactions is decoupling transactions from the block.
>
> Blockchain size matters
> SegWit is a good witness that shows blockchain size matters. Nowadays, Data storage is cheap and easy, but that doesn't mean it's a simple matter. If you need to have a data-center to keep a copy of a blockchain, then you are far from a decentralization system.
>
> A Solution
> Stamping transaction is a simple idea to keep the size of the blockchain as small as possible. The question that I was looking to answer is how we can decouple the transaction from the blocks.
> Who cares about the transaction that happened 10 years ago. In the real world you may go to your bank and ask them to give you transaction history. But they probably have limits. They might say we just only keep the last 3 months in our system.
Stamping transaction is not how you would be able to keep **blockchain** size low.
The reason why very old history is retained is that, if a new node is brought up, you need to prove to that node that you are in fact the correct owner of the current coins.
Thus the entire history of Bitcoin is needed when starting a new node, and why archive nodes exist.
You might argue that banks do not do that, and that is because we want to do better than banks; we know that existing currency systems have not only the "official" minter, but also many "unofficial" minters (commonly called counterfeiters) which dilute the value of the currency.
It is this insistence on a full accounting of the provenance for every satoshi that separates Bitcoin from previous currency systems; bank fraud exists, and it hides in such sloppy techniques as deleting old transaction records.
Work has been done to have client-side validation (i.e. the owner of a coin keeps the entire history, and when paying, you hand over the entire history of your coin to the payee, instead of everyone validating every transaction).
Look up Peter Todd for some initial work on this.
> Implementation
>
> > First off, the proposed mechanism can be made into a softfork by using an unspendable `scriptPubKey` with 0 output value.
> SoftFork is not possible here. Because the transaction will not be saved inside the block (only tx hashes). Block format needs to be changed. Therefore the block will be invalid.
That greatly reduces the chances your proposal will get into Bitcoin; you would need to have very good advantages to counterbalance the tremendous risk that hardforks introduce in the continuity of the coin.
Bitcoin has never gone through a hardfork that has not instead created a new cryptocurrency, so any solution that requires a hardfork is going to be unlikely to be accepted by everyone.
> > Engineering-wise, block validation now needs to memorize the last N block hashes.
> I don't think we need to memorize the last N block hashes. We can have something like:
> ```
> Current_Height - Height_Of(tx.stamp) <= N
> ```
...
`Height_Of()` would basically be a mapping from block hashes to block heights, with the number of elements equal to the height of the blockchain, and thus continuously growing.
Thus, validation is expected to become more expensive as the blockchain grows.
Since stamped transactions have a time-to-live anyway, instead you can use a *set* of the most recent N block hashes.
Then you simply check if the stamp is in the set.
This creates a data structure that is constant in size (at each block, you remove the block from N blocks ago), which is good for validation.
> Incentives
> I think Stamping transactions have nothing to do with the incentivization mechanism. Forgive me if I couldn't get your point.
A stamped tranasction has a stamp, an unstamped transaction has no stamp.
The stamped transaction is larger because of the stamp.
Larger transactions are more expensive because fees.
Thus, stamped transactions are more expensive than unstamped transactions.
Convince me why I would make *my* transaction stamped when I can just convince *everyone else* to stamp *their* transactions and use unstamped transactions myself.
If you propose that all transactions must be stamped in a new version of Bitcoin, then take note that users will prefer to run older versions and never upgrade to the new version that requires stamped transactions.
Why should users prefer a more expensive transaction format?
For the good of the network?
That is precisely an incentives problem: if it is so good for the network, then it should be good for an individual user, because the network is made up of individual users anyway; if individual users are not incentivized to use it, then that fact suggests it might not be as good for the network as you might think.
If you answer "the stamp can be discounted" then be aware that validating the stamp is still a cost on every node, and it is that cost that we want to be reflected in pricing every byte in the transaction.
For instance, UTXOs are retained, potentially indefinitely, and the UTXO lookup structure has to be very fast and is referred to at every transaction validation, so outputs (which create new UTXO entries) in SegWit are 4x more expensive than signatures, since signatures are only validated once when the transaction is queued to be put in the mempool.
> Mempool
> It's bad of me that I don't really know how mempool works in Bitcoin. My assumption is that there are some junk transactions (transactions that are valid but have very low or zero fees) inside the mempool. Stamping transactions might help to get rid of them time to time.
Why would you think that stamping reduces mempool size?
If I wanted to I could just re-send the transaction with a fresh stamp.
Then the mempool usage would still be the same, and bandwidth use will increase (because the same transaction is now re-broadcast with a fresh stamp, and the added size of the stamps themselves).
Regards,
ZmnSCPxj
next prev parent reply other threads:[~2020-06-07 15:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-05 12:05 Mostafa Sedaghat joo
2020-06-07 0:40 ` ZmnSCPxj
2020-06-07 7:27 ` Mostafa Sedaghat joo
2020-06-07 15:01 ` ZmnSCPxj [this message]
2020-06-09 9:34 ` Mostafa Sedaghat joo
2020-06-09 14:16 ` Chris Riley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gNdtY-_W10fFe8vwyhQNUOCIWCtBj0G9LLUu5GQ7PYlRXejM1jwIX__TMYUhq6DDczOTQ3YYgVACOBSv6yIqx5nZ5vRbXkXPn-yjsOqi52w=@protonmail.com' \
--to=zmnscpxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=mostafa.sedaghat@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox