Topic: Design notes for sharing work between multiple independent chains - page 2. (Read 15029 times)

Didn't know that.


Then I don't understand why people said in the demurrage fee thread that miners will forget transactions.

Thank you for all the clarifications.

The fee is not specified directly by the transaction. It is calculated by looking at the difference between input value (which is also not specified) and output value.

Ignoring the other problems with doing this, you could accept the transaction into your own blocks without knowing the exact fee, but you could not correctly verify other blocks that include the transaction. For all you know, the transaction you've forgotten permits a fee of 1000 BTC.


You don't gain any hashing power. Only disk space, which is cheap.

Imagine a transaction like this:

input 0: tx A output 0 [unknown by the miner]
input 1: tx B output 1 [known by the miner] 10 btc
input 2: tx C output 0 [known by the miner] 5 btc
output 0: address X, 14 btc
fee: 1 btc

The miner could just ignore tx A since it doesn't add value to this tx.
Can he accept this transaction as good even if he doesn't have tx A?


I would accept your block and if it turns out that the transaction is actually invalid later on, I've wasted hashing work.
I would balance the risk of wasting hash power by accepting invalid blocks with the gain in hashing power for not bothering about old transactions.
This can be done not only with 0-value outputs, but with any old transactions.
If I receive a transaction that I cannot verify, I ignore it (don't include it in my block), because otherwise my block could be rejected as invalid.
I just accept transactions that I cannot verify when it's in another block.

The question that remains is...
Is the gain in hashing power for not bothering about old transactions powerful enough to allow miners to forget old transactions?

This sharing of work... are you saying that a % of hashing would be pushed off to the other chain.. or, that useless hashes (ie that don't satisfy bitcoin difficulty) would somehow satisfy a smaller difficulty in another chain?

No. The 0-value output is used to store data. The other output is used to show ownership: you send this coin to transfer the domain. You also need to send the valued output for every new BitDNS command.

The valued output isn't necessary for "locking". A transaction can have just a 0-value output and still be "locked".

Our BitDNS spec wastes a lot of space because the 0-value transactions will exist forever. They can't ever be redeemed. But this is only necessary because our spec -- designed to work with current code -- writes the outputs in such a way that they are irredeemable. If script could be used freely, the 0-value outputs could both contain data and be redeemable. This was the original design, in fact, but IsStandard was created while we were writing it.


Miners must know all unspent transactions, or else they risk ending up in a situation where they need to verify a transaction but are unable to do so. If this ever happens, they will have to stop mining until they get the needed transaction, which might be difficult.


Inputs don't state what its value is, so the miner can't know that it's a 0-value input if it can't see the associated output. It would be clear that no value is taken by the outputs, but you can't determine the fee, which is necessary for verifying blocks. (Rejecting transactions like this is also impossible for other reasons.)


Forgetting transactions will usually slow down mining somewhat, and sometimes it could cause very unprofitable things to happen.

Example:

You are using a client that forgets unspent 0-value transactions after a while. 10% of the network is also running that code. I create a block with a transaction that redeems a 0-value transaction, and most of the network builds on my block. If you reject my block, you are isolated from the network. If you reject my block initially, but start working on it later on, you've just wasted a ton of hashing work. If you accept my block blindly, and it turns out that the transaction is actually invalid later on, you've just wasted a ton of hashing work. Your best option is to immediately find the transaction being redeemed so you can verify it. First, you'll contact your peers to see if they have it. If they don't, you'll have to connect to more peers. Maybe you'll use an archiver service. This is a second or two of wasted hashing time per transaction you need to look up. An attacker might create lots of these transactions just to mess with you.

You actually end up giving up quite a bit of mining power for some disk space.

If your side has more than 50% of the network's computational power, your side can reject transactions with impunity for as long as it is in control.

I'm not talking about the current bitcoin code but about what miners could do within the network protocol.
Anyway, I've not read the bitcoin code yet, So I'm not sure I've understand what you're saying.
You want 0 value outputs to be remembered until the receiver sends them out?

I thought bitDNS would use one transaction output (with 0 value) for storing the the DNS data (the IP, the URL and whatever else is needed) and other output for "parking" some coins and "lock" the transaction, preventing it to be forgotten.

What is the incentive for miners to remember 0 value outputs?
When they receive a transaction with an input that they don't know but that input doesn't add value to the transaction, they can just accept it as good.

That is assuming that miners will never forget outputs with values greater than zero. Maybe they could take the risk of accepting blocks they cannot completely verify if that increases their hash rate.

They can't be forgotten when you're limited to standard scripts, but if non-standard scripts were usable, you could spend the 0-value outputs to make the network forget about them. Yet another reason why IsStandard should be removed.

(watching)

So you don't think miners will forget DNS transactions.
I think bitDNS could be good for bitcoin if there's a way to prevent DNS transactions to last forever. If bitDNS prevents miners from forgeting the DNS data by parking (or worse, burning) bitcoins in one of the two outputs (the other contains the DNS map), bitDNS service is taking a service from the bitcoin chain for "free" (everlasting storing). I don't think that's fair for the bitcoin network.
With demurrage, bitDNS would need to renew DNS transactions from time to time and would pay miners for the service (through demurrage or transaction fees).
Although I see the problems Namecoin can have, I think it would be interesting to develop the work sharing software for it, since it's the only other block chain in place right now.

I argued against that notion in the thread:

No.
The demurrage fee will be charged only if the network agrees, but miners can forget transactions without asking permission. This was an argument against the need of demurrage fees. Most miners will forget old transactions, and only "archivers" (specialized miners) will get the fees for transactions that contain an "old account" as input.

That's only if >50% of the mining power agrees to do that. I doubt it will ever happen.

So people would put the DNS info in one output and would send bitcoins to the other to lock the transaction.
But in the demurrage fees thread has been said that miners can forget transactions even if they're not spent.

An output with 0 value is valid, and these outputs can't be forgotten by the network until they are spent (which is also valid). So you can stuff all of the DNS data into several of those outputs.

When the bitDNS spec was written, having more than two outputs was not considered standard; therefore, it was difficult to get those transactions into blocks. Now they are standard.

Can you explain (or give a link on) the "multiple 0-value output" solution?

Yes. Our spec handles this by requiring DNS renewals. There are ways to handle it more elegantly, though (using multiple 0-value outputs, for example). The spec was written a while ago.

As most miners will forget old transactions, you would have to renew the transactions from time to time with BitDNS.
Am I right, theymos?
Maybe BitDNS clients could act like archivers.

BitDNS can't use Bitcoin's lightweight client mode, so in the future it will always be rare for people to run their own BitDNS resolvers. I don't know if Namecoin is set up to use client mode, either, though. BitDNS probably requires more resources, too, since servers need to scan all non-DNS transactions.

I think Namecoin is broken for other reasons, though:
https://forum.bitcoin.org/index.php?topic=7244.msg106438#msg106438

How would Namecoin become a threat to Bitcoin?

Yeah, I know the opposing views on the subject. I'm asking purely from a technical standpoint if your system has any limitation that Namecoin doesn't have, thus making the existence of Namecoin still worthwhile even if bitDNS is implemented. I ask because I was planning on investing in Namecoin but I'm afraid that if it becomes a threat to Bitcoin (which I think it will if Bitcoin remains purely for financial transactions forever) then your system will be widely supported and implement, thus crashing the value of namecoins.