Pages:
Author

Topic: Segregated witness - The solution to Scalability (short term)? - page 4. (Read 23170 times)

legendary
Activity: 2674
Merit: 2965
Terminated.
Is there anyway to stop or block segregated witness? From what I understand, it hits testnet in two days... Sad
The only people who want to stop it so far are ones that either hate on Core developers or any of their proposals, or who lack the understanding for Segwit.
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Jeff and Gavin are not in the list. I had a feeling that block size limit has long become a political weapon for each faction to take control of the development process thus realize their own vision of bitcoin

And this is a result when lots of money is involved  Grin

In today's society, when you are talking about a project worth $6.6 billion in an enterprise, developers has no decision making right at all. It is the biggest shareholder make decisions at board level, and technical solution is only a small part of the decision making process

However in a decentralized open source project like bitcoin, there is no board, no one knows how it is going to work

That means it's time to start to write Bitcoin Protocole in stone.

Or devs with death threats, subponea or money interests will try to fuck it.

Bitcoin is fine now to be gold 2.0

For the rest, fork it. It's about independance, not fast free tx. Forget the coffees.


There is huge difference between a free software open source project (Linux) and a decentralized monetary system (Bitcoin). Imagine that if an enterprise or a group of programmers could take over the control of Federal Reserve, how many people would like to give it a try?

Bitcoin currently does not have self validation, it does not detect the change at protocol level and reject it, and miners only make sure the blocks are authenticate, not software itself, this makes its rule very flexible and constantly changing, a point of weakness

If some kind of code that make the validation of the client is also built in the blocks and pushed into thousands of nodes, then no one would be able to change the protocol without a hard fork. (I'm not sure if this is achievable since it is a chicken and egg problem)

This is the opposite direction of a soft fork, hardening the bitcoin thus make all the future improvements off-chain, can also be considered if no consensus can be reached upon core devs, or the risk that core devs become compromised is too large
legendary
Activity: 1512
Merit: 1057
SpacePirate.io
Is there anyway to stop or block segregated witness? From what I understand, it hits testnet in two days... Sad
legendary
Activity: 1386
Merit: 1009
Concern over validationless mining is incentivized by SepSig

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-December/012103.html


# Summary

1) Segregated witnesses separates transaction information about what
coins were transferred from the information proving those transfers were
legitimate.

2) In its current form, segregated witnesses makes validationless mining
easier and more profitable than the status quo, particularly as
transaction fees increase in relevance.

3) This can be easily fixed by changing the protocol to make having a
copy of the previous block's (witness) data a precondition to creating a
block.

Hmm. Doesn't inspire much confidence when the developers advocating the change (Peter Todd in this case) can't construct a simple logical argument.

What is the 'This' that is being 'easily fixed' in 3) above?
'This' is in the (2) -  'validationless mining', mining without validating witness data beforehand. Like 'SPV' mining, which is mining on top of headers without fully validating the previous block. This kind of an issue caused July, 2015 network split.
legendary
Activity: 3038
Merit: 1660
lose: unfind ... loose: untight
Concern over validationless mining is incentivized by SepSig

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-December/012103.html


# Summary

1) Segregated witnesses separates transaction information about what
coins were transferred from the information proving those transfers were
legitimate.

2) In its current form, segregated witnesses makes validationless mining
easier and more profitable than the status quo, particularly as
transaction fees increase in relevance.

3) This can be easily fixed by changing the protocol to make having a
copy of the previous block's (witness) data a precondition to creating a
block.

Hmm. Doesn't inspire much confidence when the developers advocating the change (Peter Todd in this case) can't construct a simple logical argument.

What is the 'This' that is being 'easily fixed' in 3) above?
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Concern over validationless mining is incentivized by SepSig

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-December/012103.html


# Segregated witnesses and validationless mining

With segregated witnesses the information required to update the UTXO
set state is now separate from the information required to prove that
the new state is valid. We can fully expect miners to take advantage of
this to reduce latency and thus improve their profitability.

We can expect block relaying with segregated witnesses to separate block
propagation into four different parts, from fastest to propagate to
slowest:

1) Stratum/getblocktemplate - status quo between semi-trusting miners

2) Block header - bare minimum information needed to build upon a block.
Not much trust required as creating an invalid header is expensive.

3) Block w/o witness data - significant bandwidth savings, (~75%) and
allows next miner to include transactions as normal. Again, not much
trust required as creating an invalid header is expensive.

4) Witness data - proves that block is actually valid.



This part concerns me: Although from individual miner's point of view, producing an invalid header is expensive, but if a malicious user want to attack the network by broadcasting invalid header, he doesn't need to process large amount of hash power, maybe even 1% is enough to cause large scale of orphan for the network every day

So from this point of view, I guess even in a SW architecture, all the data must be broadcasted as one single package and full nodes need all of them to validate the block. And SPV miners will have to pay for the orphan cost by themselves if they use header-only validation
legendary
Activity: 994
Merit: 1035
Concern over validationless mining is incentivized by SepSig

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-December/012103.html


# Summary

1) Segregated witnesses separates transaction information about what
coins were transferred from the information proving those transfers were
legitimate.

2) In its current form, segregated witnesses makes validationless mining
easier and more profitable than the status quo, particularly as
transaction fees increase in relevance.

3) This can be easily fixed by changing the protocol to make having a
copy of the previous block's (witness) data a precondition to creating a
block.


# Background

## Why should a miner publish the blocks they find?

Suppose Alice has negligible hashing power. She finds a block. Should
she publish that block to the rest of the hashing power? Yes! If she
doesn't publish, the rest of the hashing power will build a longer chain
than her chain, and she won't be rewarded. Right?

Well, can other miners build on top of Alice's block? If she publishes
nothing at all, the answer is certainely no - block headers commit to
the previous block's hash, so without knowing at least the hash of
Alice's block other miners can't build upon it.


## Validationless mining

Suppose Bob knows the hash of Alice's new block, as well as the height
of it. This is sufficient information for Bob to create a new, valid,
block building upon Alice's block. The hash is needed because of the
prevhash field in the block header; the height is needed because the
coinbase has to contain the block height. (technically he needs to know
nTime as well to be 100% sure he's satisfying the median time rule) What
Bob is doing is validationless mining: he hasn't validated Alice's
block, and is assuming it is valid.

If Alice runs a pool her stratum or getblocktemplate interfaces give
sufficient information for Bob to figure all this out. Miners today take
advantage of this to reduce their orphan rates - the sooner you can
start mining on top of the most recently found block the more money you
earn. Pools have strong incentives to only publish work that's valid to
their hashers, so as long as the target pool doesn't know who you are,
you have high assurance that the block hash you're building upon is
real.

Of course, when this goes wrong it goes very wrong, greatly amplifying
the effect of 51% attacks and technical screwups, as seen by the July
4th 2015 chain fork, where a majority of hashing power was building on
top of an invalid block.


## Transactions

However other than coinbase transactions, validationless mined blocks
are nearly always empty: if Bob doesn't know what transactions Alice
included in her block, he doesn't know what transaction outputs are
still unspent and can't safely include transactions in his block. In
short, Bob doesn't know what the current state of the UTXO set is. This
helps limit the danger of validationless mining by making it visible to
everyone, as well as making it not as profitable due to the inability to
collect transaction fees. (among other reasons)


# Segregated witnesses and validationless mining

With segregated witnesses the information required to update the UTXO
set state is now separate from the information required to prove that
the new state is valid. We can fully expect miners to take advantage of
this to reduce latency and thus improve their profitability.

We can expect block relaying with segregated witnesses to separate block
propagation into four different parts, from fastest to propagate to
slowest:

1) Stratum/getblocktemplate - status quo between semi-trusting miners

2) Block header - bare minimum information needed to build upon a block.
Not much trust required as creating an invalid header is expensive.

3) Block w/o witness data - significant bandwidth savings, (~75%) and
allows next miner to include transactions as normal. Again, not much
trust required as creating an invalid header is expensive.

4) Witness data - proves that block is actually valid.

The problem is #4 is optional: the only case where not having the
witness data matters is when an invalid block is created, which is a
very rare event. It's also difficult to test in production, as creating
invalid blocks is extremely expensive - it would be surprising if an
anyone had ever deliberately created an invalid block meeting the
current difficulty target in the past year or two.


# The nightmare scenario - never tested code ~never works

The obvious implementation of highly optimised mining with segregated
witnesses will have the main codepath that creates blocks do no
validation at all; if the current ecosystem's validationless mining is
any indication the actual code doing this will be proprietary codebases
written on a budget with little testing, and lots of bugs. At best the
codepaths that actually do validation will be rarely, if ever, tested in
production.

Secondly, as the UTXO set can be updated without the witness data, it
would not be surprising if at least some of the wallet ecosystem skips
witness validation.

With that in mind, what happens in the event of a validation failure?
Mining could continue indefinitely on an invalid chain, producing blocks
that in isolation appear totally normal and contain apparently valid
transactions. It's easy to imagine this happening from an engineering
perspective: a simple implementation would be to have the main mining
codepaths be a separate, not-validating, process that receives "invalid
block" notifications from another process containing a validating
implementation of the Bitcoin protocol. If a bug/exploit is found that
causes that validation process to crash, what's to guarantee that the
block creation codepath will even notice? Quite likely it will continue
creating blocks unabated - the invalid block notification codepath is
never tested in production.


# Easy solution: previous witness data proof

To return segregated witnesses to the status quo, we need to at least
make having the previous block's witness data be a precondition to
creating a block with transactions; ideally we would make it a
precondition to making any valid block, although going this far may
receive pushback from miners who are currently using validationless
mining techniques.

We can require blocks to include the previous witness data, hashed with
a different hash function that the commitment in the previous block.
With witness data W, and H(W) the witness commitment in the previous
block, require the current block to include H'(W)

A possible concrete implementation would be to compute the hash of the
current block's coinbase txouts (unique per miner for obvious reasons!)
as well as the previous block hash. Then recompute the previous block's
witness data merkle tree (and optionally, transaction data merkle tree)
with that hash prepended to the serialized data for each witness.

This calculation can only be done by a trusted entity with access to all
witness data from the previous block, forcing miners to both publish
their witness data promptly, as well as at least obtain witness data
from other miners. (if not actually validate it!) This returns us to at
least the status quo, if not slightly better.

This solution is a soft-fork. As the calculation is only done once per
block, it is *not* a change to the PoW algorithm and is thus compatible
with existing miner/hasher setups. (modulo validationless mining
optimizations, which are no longer possible)


# Proofs of non-inflation vs. proofs of non-theft

Currently full nodes can easily verify both that inflation of the
currency has no occured, as well as verify that theft of coins through
invalid scriptSigs has not occured. (though as an optimisation currently
scriptSig's prior to checkpoints are not validated by default in Bitcoin
Core)

It has been proposed that with segregated witnesses old witness data
will be discarded entirely. This makes it impossible to know if miner
theft has occured in the past; as a practical matter due to the
significant amount of lost coins this also makes it possible to inflate
the currency.

How to fix this problem is an open question; it may be sufficient have
the previous witness data proof solution above require proving posession
of not just the n-1 block, but a (random?) selection of other previous
blocks as well. Adding this to the protocol could be done as soft-fork
with respect to the above previous witness data proof.

Note that this fix can be designed to retain the possibility of
validationless mining, by allowing empty blocks to be created if the
previous witness data proof is omitted. This would achieve the same goal
as Gregory Maxwell's blockchain verification flag(1) but with
significantly less ability/reason to lie about the status of that flag.

1) [bitcoin-dev] Blockchain verification flag (BIP draft),
   Gregory Maxwell, Dec 4th 2015,
   http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-December/011853.html
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Jeff and Gavin are not in the list. I had a feeling that block size limit has long become a political weapon for each faction to take control of the development process thus realize their own vision of bitcoin

And this is a result when lots of money is involved  Grin

In today's society, when you are talking about a project worth $6.6 billion in an enterprise, developers has no decision making right at all. It is the biggest shareholder make decisions at board level, and technical solution is only a small part of the decision making process

However in a decentralized open source project like bitcoin, there is no board, no one knows how it is going to work
legendary
Activity: 994
Merit: 1035
Segregated witness still sounds complicated. Why not simply raise the maximum block size?

There’s a single line of code in Bitcoin Core that says the maximum block size is 1,000,000 bytes (1MB). The simplest change would be a hard fork to update that line to say, for example, 2,000,000 bytes (2MB).

Hard forks are anything but simple:

    We don’t have experience: Miners, merchants, developers, and users have never deployed a hard fork, so techniques for safely deploying them have not been tested.

    This is unlike soft forks, whose deployments were initially managed by Nakamoto, where we gained experience from the complications in the BIP16 deployment, where we refined our technique in the BIP34 deployment, and where we’ve gained enough experience with BIPs 66 and 65 to begin managing multiple soft forks with BIP9 version bits in the future.

    Upgrades required: Hard forks require all full nodes to upgrade or everyone who uses that node may lose money. This includes the node operator, if they use it to protect their wallet, as well as lightweight clients who get their data from the node.

    Other changes required: Even a single-line change such as increasing the maximum block size has effects on other parts of the code, some of which are undesirable. For example, right now it’s possible to construct a transaction that takes up almost 1MB of space and which takes 30 seconds or more to validate on a modern computer (blocks containing such transactions have been mined). In 2MB blocks, a 2MB transaction can be constructed that may take over 10 minutes to validate which opens up dangerous denial-of-service attack vectors. Other lines of code would need to be changed to prevent these problems.

Despite these considerable complications, with sufficient precautions, none of them is fatal to a hard fork, and we do expect to make hard forks in the future. But with segregated witness (segwit) we have a soft fork, similar to to other soft forks we’ve performed and gained experience in deploying, that provides us with many benefits in addition to allowing more transactions to be added to the blockchain.

Segwit does require more changes in higher level software stacks than a simple block size increase, but if we truly want to see bitcoin scale, far more invasive changes will be needed anyway, and segwit will gently encourage people to upgrade to more scalable models right away without forcing them to do so.

Developers, miners, and the community have accrued significant experience deploying soft forks, and we believe segwit can be deployed at least as fast, and probably more securely, than a hard fork that increases the maximum block size.

Will there be a hard fork before or as part of the segregated witness implementation?

No. That is not part of the roadmap.


How will segregated witness transactions work for wallets?

Wallets that currently support P2SH can migrate to full segregated witness in two phases:

    Phase 1: Scripts are hashed twice, first to 256 bytes and then to 160 bytes. The 160 byte hash will be compatible with existing P2SH addresses, so upgraded wallets will be able to send and receive bitcoins to and from currently existing wallets.

    Phase 2: Scripts are hashed once to 256 bytes. This format will not be compatible with existing wallets but will allow more efficient use of block space and will offer better security due to greater collision resistance.

If no one is forced to upgrade, why will anyone bother to upgrade? I heard P2SH took almost two years to become widely deployed.

Each byte of the witness part of a segregated witness (segwit) transaction will only count as 0.25 bytes towards the size of the transaction. Since transaction fees are based on the size of a transaction, this is effectively a 75% discount on fees for that part of a transaction—but only for people who use segwit.

David Harding provided a table of estimated savings at various fee/transaction levels. That is, if the fee for a typical 250-byte transaction is $0.01 USD, using segwit will save about $0.003 when spending a P2PK-in-P2SH transaction output.

Transaction    Bytes saved    $0.01/250B    $0.05/250B    $0.25/250B    $1.00/250B
P2PK-in-P2SH    79/107    $0.003    $0.015    $0.079    $0.316
1-of-1 P2SH multisig    83/112    $0.003    $0.016    $0.083    $0.332
2-of-2 P2SH multisig    163/219    $0.006    $0.032    $0.163    $0.652
2-of-3 P2SH multisig    189/254    $0.007    $0.037    $0.189    $0.756

(We don’t expect fees to get as high as the highest seen in this table; they are just provided for reference.)

Web wallets and exchanges that send large numbers of transactions each day at fixed rates (such as for free or for 1% per spend) are expected to be early adopters—even the small savings per spend seen in the table above adds up to significant amounts of money if repeated hundreds or thousands of times a day.

“Why would miners adopt the SegWit format, given that it does not provide any savings of bandwidth, storage, or processing time to them?”


Most previous soft forks have not provided these benefits to miners either. For example,
BIP16 (P2SH)    New transaction type
BIP30 (duplicate txids)    Required checking for duplicate txids
BIP34 (height in coinbase)    Reduced miner coinbase space by 4 bytes
BIP65 (OP_CLTV)    New opcode

The BIP66 (strict DER) soft fork which activated in July 2015 will soon be providing reduced processing time by making it possible to switch to libsecp256k1 for validation as described elsewhere is this FAQ. The reduced validation time make makes it fairly unique among soft forks in providing direct benefits to miners.

What segregated witness (segwit) does is provide several major benefits to anyone who uses it to create transactions:

A permanent fix for third-party malleability, allowing multi-stage smart contracts to flourish. A modest reduction in fees. Easy future upgrades to Bitcoin Script, so wallets can more easily gain access to new features.

Through the previous soft forks, and through conversations such as the Miners’ Panel at Scaling Bitcoin Hong Kong, miners have repeatedly shown that they want Bitcoin to be the most useful system possible even if they don’t receive any direct benefits. Segwit and the other improvements in the roadmap provide significant usability enhancements.

In addition, segwit allows miners to put more transactions in their blocks, which may allow them to increase their per-block revenue.
legendary
Activity: 994
Merit: 1035
https://bitcoin.org/en/bitcoin-core/capacity-increases-faq

Is the segregated witness soft fork equivalent to a 4MB block size increase, a 2MB increase, a 1.75MB increase, or what? I keep hearing different numbers.


The current proposal for soft fork segregated witness (segwit) counts each byte in a witness as 0.25 bytes towards the maximum block size limit, meaning the maximum size of a block is just under 4MB.

However, blocks are not expected to consist entirely of witness data and each non-witness byte is counted as 1.00 bytes towards the maximum block size limit, so blocks near 4MB in size would be unlikely.

According to some calculations performed by Anthony Towns, a block filled with standard single-signature P2PKH transactions would be about 1.6MB and a block filled with 2-of-2 multisignature transactions would be about 2.0MB.

Segregated witness sounds complicated; will the ecosystem be prepared for its deployment?

Some ideas are easy to explain but hard to execute. Other ideas are easy to execute but hard to explain. Segregated witness (segwit) seems to be the latter.

Segwit can be deployed incrementally without breaking compatibility, so no significant preparation of the ecosystem is necessary. Developers who want immediate hands-on experience with segwit can begin to test their software on the segwit testnet being deployed in Dec 2015.

Initially, only miners who wish to support it need to upgrade in order to activate it and enforce it on the mainnet. Existing applications only need to change if they wish to take advantage of the new features.

Segregated witness transactions will require lower fees, will afford much greater performance optimizations, and can support multistage smart contracts and protocols such as bi-directional payment channels that can scale without writing extra data to the blockchain. Wallets are strongly encouraged to upgrade but can continue to operate without modification as the deployment does not break backwards compatibility.

Segregated witness sounds complicated; will the ecosystem be prepared for its deployment?


Some ideas are easy to explain but hard to execute. Other ideas are easy to execute but hard to explain. Segregated witness (segwit) seems to be the latter.

Segwit can be deployed incrementally without breaking compatibility, so no significant preparation of the ecosystem is necessary. Developers who want immediate hands-on experience with segwit can begin to test their software on the segwit testnet being deployed in Dec 2015.

Initially, only miners who wish to support it need to upgrade in order to activate it and enforce it on the mainnet. Existing applications only need to change if they wish to take advantage of the new features.

Segregated witness transactions will require lower fees, will afford much greater performance optimizations, and can support multistage smart contracts and protocols such as bi-directional payment channels that can scale without writing extra data to the blockchain. Wallets are strongly encouraged to upgrade but can continue to operate without modification as the deployment does not break backwards compatibility.
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Trusting others to provide 'proof of fraud' is still trusting others.
Still that's a lot better than current headers-only SPV design

I guess I'm missing it. Seems to me that needing to trust others is needing to trust others. How is this an improvement?

I think every thing about trust eventually comes from risk, if there is no risk involved then you can trust anyone

There are many ways to manage risk. People still manage the risk very well in today's legacy financial system since they diversify the financial risk in different area or different country, not trusting any single entity, but multiple of them

Just like a bank's opinion, trust is not always a bad thing, it can dramatically increase the efficiency. A trust-less system is always of low efficiency since you have to independently verify every piece of data from anyone

For small money, I would rather just trust a service provider and do not even bother with those light nodes. A good example is localbitcoins, although they are centralized p2p exchange, but you do get lots of benefit from it over true p2p exchanges, like having human admin to resolve complex dispute or scam, and even frozen coins from a scammer, instant and fee free coin transaction between users etc... you only need to be careful to not put lots of money there. A true P2P exchange however are not consumer friendly, due to enormous amount of scammers and hackers out there
legendary
Activity: 1260
Merit: 1002
the irony: "trust others" to provide "proof of fraud" Roll Eyes

I have no issue with trusting others to provide proof of fraud. If fraud has been proven, I would like to know. But proof of fraud is a by no means a substitute for proof of lack of fraud. There's a chasm wide enough to absorb all the funds one can imagine between those two proofs.


yes, my thoughts exactly, there is no "proof of not fraud", and hence this will open a fraud -ie security- breach, at core level.
something that is way more crucial than increasing transaction capacity, which is not a bug, but a feature for such decentralized system to prevail.

but cant stop the progress it seems, the socialmedia forces have been pushing hard for a bloatchain if not outright denaturing of the satoshi codebase.
legendary
Activity: 994
Merit: 1035
See, that's not making any sense at all to me. Currently, Bitcoin Core performs complete validation. If most users download the 'update', they end up not with an upgrade, but rather a downgrade that requires them to trust that others will not feed them false data.


Full nodes like Bitcoin core will continue full validation even with SepSig, its just the SPV nodes that will slowly start upgrading to fraud proof layers of security when their devs roll out the changes.

Those that currently run full nodes will download Bitcoin Core/or other implementations and continue with full validation and security. Those that run spv wallets like those found on their cell phone will automatically upgrade from a regular SPV client to a SPV client with fraud proofs when it starts being used. On the mailing lists many of the SPV wallet devs support this and have indicated a quick roll out . To the user it will be seamless and not change anything but upgrade their security.

If you are insinuating that new fraud proof layers will convince some to switch from full validation to partial validation I would disagree as there is no evidence for that. Those that currently run full nodes do so because they are miners or understand the importance of them, or simply are resistant to changing what they are used to ... because doing so is a heavy burden compared to SPV nodes. Right now there is, unfortunately, strong incentives to run lite or web clients Cry We need to upgrade those SPV clients with fraud proofs and figure out ways of increasing full node count simultaneously.
legendary
Activity: 3038
Merit: 1660
lose: unfind ... loose: untight
the irony: "trust others" to provide "proof of fraud" Roll Eyes

I have no issue with trusting others to provide proof of fraud. If fraud has been proven, I would like to know. But proof of fraud is a by no means a substitute for proof of lack of fraud. There's a chasm wide enough to absorb all the funds one can imagine between those two proofs.
legendary
Activity: 3038
Merit: 1660
lose: unfind ... loose: untight
OK. I'm just not seeing what type of user would switch from an SPV client to a SegWit 'medium-weight' client. Especially when the SegWit 'medium-weight' client makes not only on the same order of magnitude, but around half as much, demands on their system as does a full node.

Within separated signatures (I'm going to start calling the upgrade SepSig, as segwit is misleading and a horrible name*) there is an incentive structure to lower tx fees and encourage adoption with a discount . This might not even be necessary as most users simply accept and download the update which will upgrade them automatically to "medium weight" SPV client.

See, that's not making any sense at all to me. Currently, Bitcoin Core performs complete validation. If most users download the 'update', they end up not with an upgrade, but rather a downgrade that requires them to trust that others will not feed them false data.

So we go from full nodes with zero trust requirement to medium-weight nodes that need to trust others. > net loss of security

Meantime, SPV users make no change, so their net security is unchanged.

Unless you want to make the argument that SPV users are going to adopt this new medium-weight client -- which in terms of resource requirements is much closer to full node than SPV. I just don't see it happening.

This entire SegWit 'lighter-weight' claim seems like a veneer meant to disguise the other changes being ushered in.
legendary
Activity: 1260
Merit: 1002
Trusting others to provide 'proof of fraud' is still trusting others.
Still that's a lot better than current headers-only SPV design

I guess I'm missing it. Seems to me that needing to trust others is needing to trust others. How is this an improvement?


the irony: "trust others" to provide "proof of fraud" Roll Eyes





bitcoin is trust.

legendary
Activity: 994
Merit: 1035
legendary
Activity: 994
Merit: 1035
OK. I'm just not seeing what type of user would switch from an SPV client to a SegWit 'medium-weight' client. Especially when the SegWit 'medium-weight' client makes not only on the same order of magnitude, but around half as much, demands on their system as does a full node.

Within separated signatures (I'm going to start calling the upgrade SepSig, as segwit is misleading and a horrible name*) there is an incentive structure to lower tx fees and encourage adoption with a discount . This might not even be necessary as most users simply accept and download the update which will upgrade them automatically to "medium weight" SPV client.

Nothing in SegWit seems to address this.

Agreed, that is out of separated signatures scope. We need other solutions to address this problem as bitnodes lottery clearly isn't enough and centralization will get worse when SepSig allows for the blocksize capacity to increase from 1.8-4x in capacity. I have been thinking long and hard about various solutions and am testing things now. My guess is various "off the chain" solutions to encourage full nodes might be good enough.


* "segregated" has negative connotations and "witness" usually refers to probabilistic proof in which signatures aren't.

Edit- Developers rallying behind SepSig and Gregory Maxwell's scaling roadmap:
https://github.com/bitcoin-dot-org/bitcoin.org/pull/1165
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-December/011865.html

BTCC skeptical but appears to give 3 months or room to see rollout before hard forking
https://twitter.com/Excellion/status/679066301168418816
legendary
Activity: 3038
Merit: 1660
lose: unfind ... loose: untight
SPV nodes with Fraud proofs raise the standard and allow for fraud alerts and limited auditing with SPV lite nodes that currently don't have these capabilities.

OK. I'm just not seeing what type of user would switch from an SPV client to a SegWit 'medium-weight' client. Especially when the SegWit 'medium-weight' client makes not only on the same order of magnitude, but around half as much, demands on their system as does a full node.

Quote
Your point is still valid in our need to have more full nodes as well.

Nothing in SegWit seems to address this.
legendary
Activity: 994
Merit: 1035
I guess I'm missing it. Seems to me that needing to trust others is needing to trust others. How is this an improvement?

SPV nodes with Fraud proofs raise the standard and allow for fraud alerts and limited auditing with SPV lite nodes that currently don't have these capabilities. As long as having these fraud proofs doesn't incentivize us to drop full nodes than security will be improved within the ecosystem. The SPV client isn't directly dependent upon one full node but can audit many full nodes with a fraud proof.

Further reading in different proposals -
https://www.reddit.com/r/bitcoin_devlist/duplicates/3vzm35/why_sharding_the_blockchain_is_difficult_peter/
https://gist.github.com/justusranvier/451616fa4697b5f25f60

Your point is still valid in our need to have more full nodes as well.
Pages:
Jump to: