Pages:
Author

Topic: Why do you need to download 7 years of chain block (Read 9128 times)

legendary
Activity: 1001
Merit: 1005
ok, so I installed bitcoin core latest version and it downloaded over 80G of chain block. Let's assume, just for the fun of it, there are 1000 bitcoin core users out there. That's ~8T of wasted disk space. and considering bitcoin will live another 7 years and it will grow of couse, that's like ~20T of disk space (1000 users remember?) for what? couldn't be a centerlaize, maybe mirrored, location that the client will ask for the chain block from there? Why do we need to download it?

I don't think it's necessary at all.

Here is a quote from the original whitepaper:

Quote
7. Reclaiming Disk Space
Once the latest transaction in a coin is buried under enough blocks, the spent transactions before
it can be discarded to save disk space. To facilitate this without breaking the block's hash,
transactions are hashed in a Merkle Tree [7][2][5], with only the root included in the block's hash.
Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do
not need to be stored.
A block header with no transactions would be about 80 bytes. If we suppose blocks are
generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems
typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of
1.2GB per year, storage should not be a problem even if the block headers must be kept in memory


8. Simplified Payment Verification
It is possible to verify payments without running a full network node. A user only needs to keep
a copy of the block headers of the longest proof-of-work chain, which he can get by querying
network nodes until he's convinced he has the longest chain, and obtain the Merkle branch
linking the transaction to the block it's timestamped in. He can't check the transaction for
himself, but by linking it to a place in the chain, he can see that a network node has accepted it,
and blocks added after it further confirm the network has accepted it.
As such, the verification is reliable as long as honest nodes control the network,

I just think this is just being shoved under the carpet because it probably conflicts with the devs idea to keep the 1MB blocksize limit in place.


I am assuming you are talking about the first method (in bold). Maybe I missed something in the debate but whats the connection with the block size and storing headers?
hero member
Activity: 1204
Merit: 531
Metaverse 👾 Cyberweapons
I think, if you can download 7 years of chain block, you should do it to support the the decentralized system. Do not fall into the trap of collective irresponsibility! Well, if you cannot download that much data, you still could use the client and do transactions or find an alternative, lightweight client. In the long term, we are advised to find a solution for the big data problem in-before bitcoin network starts a centralization pattern.
legendary
Activity: 1106
Merit: 1005
don't be a wuss and take it all
all 40 gigs Smiley
you can use lightweight clients like mycellium and save yourself the trouble of downloading and syncing
or you can use web based wallets
core wallets are for the hardcore bitcoin enthusiasts,I don't use core since 2014 and have no remorse.

the size is not a problem, but it takes a long time to download because you need to verify every single transaction and that takes a lot of processing power.

Normally I can download 40 gigabyte files in minutes, but downloading and verifying the blockchain takes weeks, if not longer.
legendary
Activity: 1106
Merit: 1005
ok, so I installed bitcoin core latest version and it downloaded over 80G of chain block. Let's assume, just for the fun of it, there are 1000 bitcoin core users out there. That's ~8T of wasted disk space. and considering bitcoin will live another 7 years and it will grow of couse, that's like ~20T of disk space (1000 users remember?) for what? couldn't be a centerlaize, maybe mirrored, location that the client will ask for the chain block from there? Why do we need to download it?

I don't think it's necessary at all.

Here is a quote from the original whitepaper:

Quote
7. Reclaiming Disk Space
Once the latest transaction in a coin is buried under enough blocks, the spent transactions before
it can be discarded to save disk space. To facilitate this without breaking the block's hash,
transactions are hashed in a Merkle Tree [7][2][5], with only the root included in the block's hash.
Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do
not need to be stored.
A block header with no transactions would be about 80 bytes. If we suppose blocks are
generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems
typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of
1.2GB per year, storage should not be a problem even if the block headers must be kept in memory

8. Simplified Payment Verification
It is possible to verify payments without running a full network node. A user only needs to keep
a copy of the block headers of the longest proof-of-work chain, which he can get by querying
network nodes until he's convinced he has the longest chain, and obtain the Merkle branch
linking the transaction to the block it's timestamped in. He can't check the transaction for
himself, but by linking it to a place in the chain, he can see that a network node has accepted it,
and blocks added after it further confirm the network has accepted it.
As such, the verification is reliable as long as honest nodes control the network,

I just think this is just being shoved under the carpet because it probably conflicts with the devs idea to keep the 1MB blocksize limit in place.
legendary
Activity: 2016
Merit: 1107
don't be a wuss and take it all
all 40 gigs Smiley
you can use lightweight clients like mycellium and save yourself the trouble of downloading and syncing
or you can use web based wallets
core wallets are for the hardcore bitcoin enthusiasts,I don't use core since 2014 and have no remorse.
hero member
Activity: 910
Merit: 533
I download blockchain bitcoin already 1 month ... I think, blockchain bitcoin will be his gravedigger ... The more people will use it - the longer download and will take up more space on disks
copper member
Activity: 1442
Merit: 529
In Australia most of our ADSL lines cap out at around 300kbps download - so if you want to download the blockchain then you better start 2 and a half days earlier than you actually want it. I wonder if eventually we will move to a centralised archive of transactions up to a certain date and 'reset' the local blockchain (similar to what happens with a web wallet now). As long as you trust the centralised archiver then it could prove to be convenient, albeit at the introduction of additional risk of corruption.

I am very much surprised with the low amount of download speed from Australia. I have read in news in the internet it is considered a developed country. In my country Italy it is very easy to get an ADSL which downloads with 20 MBPS and we can download the whole blockchain in just one day at the worse.

However if you don't want to download the full blockchain, you can use SPV wallets like electrum or Multibit.
Here are their websites:
www.electrum.org
www.multibit.org

newbie
Activity: 1
Merit: 0

Noob questions, but on the topic to SPV wallets. Is there a way of importing an old wallet (from 2009) into Eletrum with a "wallet.dat" file? Grin

Thanks in advance!
newbie
Activity: 28
Merit: 0
In Australia most of our ADSL lines cap out at around 300kbps download - so if you want to download the blockchain then you better start 2 and a half days earlier than you actually want it. I wonder if eventually we will move to a centralised archive of transactions up to a certain date and 'reset' the local blockchain (similar to what happens with a web wallet now). As long as you trust the centralised archiver then it could prove to be convenient, albeit at the introduction of additional risk of corruption.
hero member
Activity: 2464
Merit: 519
ok, so I installed bitcoin core latest version and it downloaded over 80G of chain block. Let's assume, just for the fun of it, there are 1000 bitcoin core users out there. That's ~8T of wasted disk space. and considering bitcoin will live another 7 years and it will grow of couse, that's like ~20T of disk space (1000 users remember?) for what? couldn't be a centerlaize, maybe mirrored, location that the client will ask for the chain block from there? Why do we need to download it?
The entire purpose of downloading the entire blockchain is to independently verify it and allow for the independent verification of every single block and transaction that occurs later. The only thing that a full node needs to "trust" is the genesis block, the very first block of the blockchain. This is actually hard coded into the software so that there is a defined starting point. After that, the node downloads all of the blocks from its peers. It will check each transaction in the block, and then check the block to ensure that it is valid. Because each block is chained together and transactions are also chained together, it is not possible to start from any point in the blockchain other than the beginning and still maintain trustlessness.
It answered my question of y download the block chain
full member
Activity: 317
Merit: 103
One is the change to the POW which requires the miner to show possession of state snapshot data.  This does nothing to assure users that the data is correct.  It ~may~ increase the odds there are multiple copies of it (though unless I misunderstand it-- your design is trivially delegatable so long as the miners are willing to trust the party storing the data until their coins mature, which users of mining pools already do almost ubiquitously).

If you see a newly generated block, that means "k" state snapshots in the past (for different heights) are stored by the network, and the guarantee is pretty strong. On delegation, to reach line 15 in the RollerPoW function with a new input (so anything changed in with fixed )  you need to recalculate a ticket so you can't fix a_t and outsourcing of ticket calculation doesn't make any sense.

The other is that you begin nodes from a state snapshot, not at the tip, but at some point somewhat back. This is also taught in in the citations I provided above.  This also does not prove that the state is correct, in fact it provides no evidence at all that the state is correct except under a strong assumption.

Which assumption?


Perhaps it would be revealing to answer a question:  You are a new node joining the network. I am part of an attacking consortium which has, for several months, had a super majority hashpower at my disposal.  Can I cause you to accept a chain extending the chain from no further than a few months back, otherwise compatible with a 'honest chain' (if it existed)-- meaning containing all the same transactions and ownership except as mentioned-- where I instead have a million extra BTC reassigned from the earliest blocks?

If "a super majority hashpower" is committed to adversarial behaviour, we got common prefix property (and chain quality also) from the GKL model broken. Light verification is also broken in this case(it assumes common prefix property being hold, see Theorem 2). Full verification is also broken though. Even more, how can you define a desirable bootstrapping procedure outcome if common prefix property isn't held? If it is held, bootstrapping outcome could be simply defined like "a new node is getting chain C such as set (C |_| chains of honest participants) satisfies common prefix property". I'm going to update the paper with a definition like that.
staff
Activity: 4284
Merit: 8808
Dear Greg, it seems you've missed a part of the protocol. Let me provide a quick description of Rollerchain, more precisely, modifications from the Bitcoin.

1. We authenticate the state and include root value into a blockheader. It is an old idea yes, and already implemented in Ethereum (and some other coins) as mentioned in the paper.

2. We then modify a Proof-of-Work function. A miner chooses "k" state snapshot versions out of last "n" a (sufficiently large) network stores collectively. In order to generate a block miner needs to provide proofs of possession for the state snapshots. On a new block arrival a miner updates k+1 states, not one, so full blocks (since minimal value in "k") are also needed.

Thus miners store a distributed database of last "n" full blocks AND state snapshots getting rewards for that activity. A new node could download not just a last snapshot, but from "n" blocks ago (or from somewhere in between). So it is not needed to "strongly trust the hashpower", but "hashpower" and also up to "n" last full blocks("n" considered to be >> than a deepest fork possible, say, 5000-10000 for Bitcoin) . And this is not about SPV, but about getting fullnode-going-from-genesis security(with probability of divergence going down exponentially with "n", see Theorem 2). Full blocks not needed in order to mine could be removed by all the nodes.

If you have concerns about this scheme please let me know, and I will try to formalize/address them.

Authenticated state root in a block header could be useful anyway for better SPVs. On efficient implementation, we're now working on that along with benchmarking. Let's see how it goes.


P.S. However, as PoW function modification is needed it is unlikely Bitcoin can go this way(miners will not throw away their ASICs).

I did not miss this.   But unless I am misunderstanding you,  you appear to be conflating two orthogonal changes.

One is the change to the POW which requires the miner to show possession of state snapshot data.  This does nothing to assure users that the data is correct.  It ~may~ increase the odds there are multiple copies of it (though unless I misunderstand it-- your design is trivially delegatable so long as the miners are willing to trust the party storing the data until their coins mature, which users of mining pools already do almost ubiquitously).

The other is that you begin nodes from a state snapshot, not at the tip, but at some point somewhat back. This is also taught in in the citations I provided above.  This also does not prove that the state is correct, in fact it provides no evidence at all that the state is correct except under a strong assumption.

Instead, participants hope that the state is correct without checking under a strong assumption that the majority hashpower would not extend a chain with invalid state updates. This is the SPV security assumption.

It is different and weaker than the normal Bitcoin behavior, trusting a majority hashpower for the soundness of state updates and not merely their sequencing. In practice it is not sufficient to simply take such a strong assumption and not question it's validity-- normally the SPV hashpower assumption is justified by the widespread and economically significant use of full nodes which will not be deceived by dishonest miners; but with full nodes also making a SPV assumption for blocks away from the tip, this argument becomes circular.

The SPV assumption is especially concerning because we have discovered that miners have begun bypassing validation themselves in order to mitigate the negative effects of larger amounts of transaction data on propagation. State sampling proof of work has been argued as a potential improvement for this particular issue, but proposals so far have worsened the generation of progress in the mining function (as the last miner to create a block has a state update advantage) and they still leave plenty of opportunity to optimize by shortcutting the parts of validation that the state updates do not expose.


Perhaps it would be revealing to answer a question:  You are a new node joining the network. I am part of an attacking consortium which has, for several months, had a super majority hashpower at my disposal.  Can I cause you to accept a chain extending the chain from no further than a few months back, otherwise compatible with a 'honest chain' (if it existed)-- meaning containing all the same transactions and ownership except as mentioned-- where I instead have a million extra BTC reassigned from the earliest blocks?
legendary
Activity: 2898
Merit: 1253
So anyway, I applied as a merit source :)
It really hurts to download the 7 years of blockchain on slow and turtle-speed internet connections like in my country. However as an alternative you can use Multibit-HD wallet which is very much compact ans useful since id does not need to download the entire 20GB+ blockchain.

Otherwise the need for the entire block ledger is there since that what is needed to understand the distribution of coins and for new transactions.
legendary
Activity: 1596
Merit: 1005
★Nitrogensports.eu★
I know that Bitcoin Core can run in Prune Mode, effectively cutting disk space you will need for storing blockchain data.
But you will still need to download whole blockchain before that. Is there even remote possibility that we won't need to download whole blockchain in the future by using some sort of 'pruning'?
legendary
Activity: 1027
Merit: 1005
I must say that I do not mine and that I do not know much about mining, but I have a question:
Can't the blockchain be imported from a usb medium?
I mean, if I download it and put it on a usb stick (if that is possible), can't I give it to my neighbour so that he does not have to download the blockchain?

Yes, this is possible. Your neighbor's client will read the blockchain and start where it left off.
member
Activity: 70
Merit: 10
You don't have to unless you download the main client. It supports the network to be a node, and you can even self-mine from your wallet (with little to no effect, though.)

At least some clients/miners need to maintain the entire blockchain at all times to reach consensus. Every single transaction matters because it affects the entire history.
hero member
Activity: 959
Merit: 500
I must say that I do not mine and that I do not know much about mining, but I have a question:
Can't the blockchain be imported from a usb medium?
I mean, if I download it and put it on a usb stick (if that is possible), can't I give it to my neighbour so that he does not have to download the blockchain?
full member
Activity: 317
Merit: 103
The difference I think is that SPV does not enforce nodes to store n blocks and its more or less a risk if every node prunes their chain to just 10 blocks (acting "rationally").

Even for a fullnode, Bitcoin protocol does not enforce nodes to store (any number) of full blocks, so if a new node is able to download blocks since genesis that is the artifact of altruistic behaviour. RC works under stronger assumptions about rationality of network participants. Please note nodes in RC could save more full blocks than required by the protocol, even from genesis (as in Bitcoin), but that's not really needed (as well as in Bitcoin).
hero member
Activity: 826
Merit: 504
I understand "why" we have to download it. But oh man, it's awful! I wish I knew I was in for eighty gigs about three years ago, when I got into Armory.

Back then it was only around 30 gigs, doable in a day. There has got to be an easier way. Let's hope that when the blockchain size hits something like 20 T, internet services will also have kept up and evolved at the same rate.
legendary
Activity: 1001
Merit: 1005
I think Rollerchain (RC) is similar in motivation to SPV but different under the hood.

(If I understood correctly, haven't spent too much time on it)

Assume round 0 is "now" , -1 is last block, -2 the one before that, etc.

Let U_i be UTXO set at round i

SPV stores Delta(U_{-n}, U_{-n+1}), Delta(U_{-n+1}, U_{-n+2}) .. Delta(U_{-1}, U_0)

RC stores: (U_{-n}, Delta(U_{-n}, U_{-n+1}), Delta(U_{-n+1}, U_{-n+2}) .. Delta(U_{-1}, U_0))

Thus, SPV is equivalent (at least in storage complexity) with RC having the additional initial state.
In RC, once a new block (delta) is mined, the state U_{-n} is updated to U_{-n+1} and U_{-n} is discarded.

The difference I think is that SPV does not enforce nodes to store n blocks and its more or less a risk if every node prunes their chain to just 10 blocks (acting "rationally").

RC claims to enforce within the protocol itself that the n blocks be stored.




Pages:
Jump to: