Topic: Bootstrapping the pruned blockchain (Read 1991 times)

And it works, because that is not the only method available to it.  Ripple is a fine concept, but fails because it's dependent upon a viable web-of-trust; something that can, and often does, collapse in real life.

Non-colluding, so a light client is in some ways like a Ripple that actually works?

Thank you.

Sorry about that:
https://bitcointalksearch.org/topic/ultimate-blockchain-compression-w-trust-free-lite-nodes-88208

Could u give the link to etotheipi's suggestion, plz? Can't google it.

A light client has to trust other nodes to not collude to tell it lies, but doesn't have to trust a single node; it can request reports from several random nodes and compare notes.  If node A says XXX = 5 BTC and node B says XXX = 10 BTC, ask nodes C, D, E & F to see what they say (by default, the bitcoin client talks to at least 8 randomly chosen peers).  If all of the others agree with A, node B is lying to you, and you can safely ignore it forever.

As for bootstrapping a fresh full node, a full blockchain isn't actually required.  The reference client is built with both a zero trust methodology and a high degree of paranoia, both great places to start for such a project.  However, a full node can be altered to start it's own bootstrapping from 1) an internally hardwired & pre-pruned copy of the blockchain, which it trusts automaticly because it's part of it's own code, 2) from the most recent 'checkpoint' encoded into it's own code (search for the term on the forum) in much the same way that the genesis block is encoded into the clients' codebase now, or both.  It's neither necessary, nor particularly helpful, if every new client has to start from the genesis block; eventually clients that start with an internally checkpointed block number from within the past year or so will be much more common.  A client that uses both methods can entirely skip years of pruned transactions and hashwork, and still mine against the resulting pruned blockchain.

Ok, then I apologize for spreading misinformation. I definitely saw this somewhere though...

I wouldn't say that really is the end to the thread, since you are then trusting that the developers set the correct hash for the unspent transaction output tree at a given time. Admittedly, it is far better to trust them than random nodes, so it is better than nothing. However, a solution that implements something like etotheipi has suggested would be preferable assuming that it can be made practical.

This is nonsense. The bootstrap isn't validated in any way - it's just a way to get blocks to your client, and the blocks are verified before accepting them.

Bitcoin - at least as implemented by the reference client today - is a zero-trust system: every rule that can be validated is validated by your local node upon receiving data from other nodes. If you want to apply this principle to history, it means you have to see history. There is no way around it: bootstrapping a full node requires either feeding it the entire history, or trusting someone else to give you the current state that resulted from that history.

That does not mean everyone needs to keep the entire chain around, it just has to be available enough so that new nodes can get it (once).

There is an alternative, with almost as good security properties, namely if we could somehow encode a hash of the current state inside blocks (in the coinbase, for example). That would mean someone bringing up a new code could just download the historic headers, verify the proof-of-work in it, download the current state from somewhere, and verify it against the latest block. This would allow him to only require "SPV-level" trust in the past (maybe up to some point ago he considers safe), and then continue full validation from there.

Ah, that makes sense. Thx.

/thread

The validity of bootstrap can easily be checked by checking the hash (which has to be hardcoded into the software) - the way current (full) blockchain bootstrap works.

There is no such thing as TRUST in Bitcoin.

This. If you wan't this information by not checking it yourself, there will always have to be some trust (unless something like etotheipi suggested is implemented).

And what should I do if I've just launched bootstrapping? Pray that I get non-tampered data?

You believe your own *pruned* blockchain rather than anyone else's don't you (i.e. how can it contradict itself)?

Yes, I understand this, but...

Alice says that unspent output of XXX is 10 BTC.
Bob says that unspent output of XXX is 5 BTC.

Whom should I believe?

You can always check the amount of btc XXX has by checking all unspent outputs. Those are still there after pruning. Spent outputs not being there won't affect the total amount of btc XXX has.

What exactly should I do if node A sent "XXX owns 10 BTC", but node B sent "XXX owns 5 BTC"?

EDIT: I can check proof-of-work of blockchain headers. Now I need to make sure how many coins XXX has.

The proof-of-work is in the block header.  You can still check proof of work via the block header and merkle tree.