[Bitcoin-development] Ultimate Blockchain Compression w/ trust-free lite nodes

Peter Todd pete at petertodd.org
Sun Jun 17 19:05:11 UTC 2012

On Sun, Jun 17, 2012 at 02:39:28PM -0400, Alan Reiner wrote:
> All,
> With the flurry of discussion about blockchain compression, I
> thought it was time to put forward my final, most-advanced idea,
> into a single, well-thought-out, *illustrated*, forum post.
> Please check it out: https://bitcointalk.org/index.php?topic=88208.0
> This is a huge undertaking, but it has some pretty huge benefits.
> And it's actually feasible because it can be implemented without
> disrupting the main network.  I'm sure there's lots of issues with
> it, but I'm putting it out there to see how it might be improved and
> actually executed.
> ----
> *Summary:
> */Use a special tree data structure to organize all unspent-TxOuts
> on the network, and use the root of this tree to communicate its
> "signature" between nodes.  The leaves of this tree actually
> correspond to addresses/scripts, and the data at the leaf is
> actually a root of the unspent-TxOut list for that address/script.
> To maintain security of the tree signatures, it will be included in
> the header of an alternate blockchain, which will be secured by
> merged mining.
> This provides the same compression as the simpler unspent-TxOut
> merkle tree, but also gives nodes a way to download just the
> unspent-TxOut list for each address in their wallet, and verify that
> list directly against the blockheaders.  Therefore, even lightweight
> nodes can get full address information, from any untrusted peer, and
> with only a tiny amount of downloaded data (a few kB). /*

How are you going to prevent people from delibrately unbalancing the
tree with addresses with chosen hashes?

One idea that comes to mind, which unfortunately would make for a
pseudo-network rule, is to simply say that any *new* address whose hash
happens to be deeper in the tree than, say, 10*log(n), indicating it was
probably chosen to be unbalanced, gets discarded. The "new address" part
of the rule would be required, or else you could use the rule to get
other people's addresses discarded.

Having said that, such a rule just means that anyone playing games will
find they can't spend *their* money, and only with pruning clients.
Unrelated people will not be effected. The coins can also always be
spent with a non-pruning client to an acceptable address, which can
later re-spend on a pruning client.

It also comes to mind is that with the popularity of firstbits it may be
a good idea to use a comparison function that works last bit first...

It's merkles all the way down...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20120617/f3a21565/attachment.sig>

More information about the bitcoin-dev mailing list