[bitcoin-dev] Reaching consensus on policy to continually increase block size limit as hardware improves, and a few other critical issues

Michael Naber mickeybob at gmail.com
Wed Jul 1 07:15:15 UTC 2015


This is great: Adam agrees that we should scale the block size limit
discretionarily upward within the limits of technology, and continually so
as hardware improves. Peter and others: What stands in the way of broader
consensus on this?


We also agree on a lot of other important things:
-- block size is not a free variable
-- there are trade-offs between node requirements and block size
-- those trade-offs have impacts on decentralization
-- it is important to keep decentralization strong
-- computing technology is currently not easily capable of running a global
transaction network where every transaction is broadcast to every node
-- we may need some solution (perhaps lightning / hub and spoke / other
things) that can help with this

We likely also agree that:
-- whatever that solution may be, we want bitcoin to be the "hub" / core of
it
-- this hub needs to exhibit the characteristic of globally aware global
consensus, where every node knows about (awareness) and agrees on
(consensus) every transaction
-- Critically, the Bitcoin Core Goal: the goal of Bitcoin core is to build
the "best" globally aware globally consensus network, recognizing there are
complex tradeoffs in doing this.


There are a few important things we still don't agree on though. Our
disagreement on these things is causing us to have trouble making progress
meeting the goal of Bitcoin Core. It is critical we address the following
points of disagreement. Please help get agreement on these issues below by
sharing your thoughts:

1) Some believe that fees and therefore hash-rate will be high by limiting
capacity, and that we need to limit capacity to have a "healthy fee market".

Think of the airplane analogy: If some day technology exists to ship a
hundred million people (transactions) on a plane (block) then do you really
want to fight to outlaw those planes? Airlines are regulated so they have
to pay to screen each passenger to a minimum standard, so even if the plane
has unlimited capacity, they still have to pay to meet minimum security for
each passenger.

Just like we can set the block limit, so can we "regulate the airline
security requirements" and set a minimum fee size for the sake of security.
If technology allows running 100,000 transactions per second in 25 years,
and we set the minimum fee size to one penny, then each block is worth a
minimum of $600,000. Miners should be ok with that and so should everyone
else.


2) Some believe that it is better for (a) network reliability and (b)
validation of transaction integrity, to have every user run a "full node"
in order to use Bitcoin Core.

I don't agree with this. I'll break this into two pieces of network
reliability and transaction integrity.

Network Reliability


Imagine you're setting up an email server for a big company. You decide to
set up a main server, and two fail-over servers. Somebody says that they're
really concerned about reliability and asks you to add another couple
fail-over servers. So you agree. But at some point there's limited benefit
to adding more servers: and there's real cost -- all those servers need to
keep in sync with one another, and they need to be maintained, etc. And
there's limited return: how likely is it really that all those servers are
going to go down?

Bitcoin is obviously different from corporate email servers. In one sense,
you've got miners and volunteer nodes rather than centrally managed ones,
so nodes are much more likely to go down. But at the end of the day, is our
up-time really going to be that much better when you have a million nodes
versus a few thousand?

Cloud storage copies your data a half dozen times to a few different data
centers. But they don't copy it a half a million times. At some point the
added redundancy doesn't matter for reliability. We just don't need
millions of nodes to participate in a broadcast network to ensure network
reliability.

Transaction Integrity

Think of open source software: you trust it because you know it can be
audited easily, but you probably don't take the time to audit yourself
every piece of open source software you use. And so it is with
Bitcoin: People need to be able to easily validate the blockchain, but they
don't need to be able to validate it every time they use it, and they
certainly don't need to validate it when using Bitcoin on their Apple
watches.

If I can lease a server in a data center for a few hours at fifty cents an
hour to validate the block chain, then the total cost for me to
independently validate the blockchain is just a couple dollars. Compare
that to my cost to independently validate other parts of the system -- like
the source code! Where's the real cost here?

If the goal of decentralization is to ensure transaction integrity and
network reliability, then we just don't need lots of nodes or every user
running a node to meet that goal. If the goal of decentralization is
something else: what is it?

3) Some believe that we should make Bitcoin Core to run as a high-memory
server-grade software rather than for people's desktops.

I think this is a great idea.

The meaningful impact to the goals of decentralization by limiting which
hardware nodes can run on will be minimal compared with the huge gains in
capacity. Why does increasing capacity of Bitcoin Core matter when we can
"increase capacity" by moving to hub and spoke / lightning? Maybe we should
ask why does growing more apples matter if we can grow more oranges instead?

Hub and spoke and lightning are useful means of making lower cost
transactions, but they're not the same as Bitcoin Core. Stick to the goal:
the goal of Bitcoin core is to build the "best" globally aware globally
consensus network, recognizing there are complex tradeoffs in doing this.

Hub and spoke and lightning could be great when you want lower-cost fees
and don't really care about global awareness. Poker chips are great when
you're in a casino. We don't talk about lightning networks to the guy who
designs poker chips, and we shouldn't be talking about them to the guy who
builds globally aware consensus networks either.

Do people even want increased capacity when they can use hub and spoke /
lightning? If you think they might be willing to pay $600,000 every ten
minutes for it (see above) then yes. Increase capacity, and let the market
decide if that capacity gets used.



On Tue, Jun 30, 2015 at 3:54 PM, Adam Back <adam at cypherspace.org> wrote:

> Not that I'm arguing against scaling within tech limits - I agree we
> can and should - but note block-size is not a free variable.  The
> system is a balance of factors, interests and incentives.
>
> As Greg said here
>
> https://www.reddit.com/r/Bitcoin/comments/3b0593/to_fork_or_not_to_fork/cshphic?context=3
> there are multiple things we should usefully do with increased
> bandwidth:
>
> a) improve decentralisation and hence security/policy
> neutrality/fungibility (which is quite weak right now by a number of
> measures)
> b) improve privacy (privacy features tend to consume bandwidth, eg see
> the Confidential Transactions feature) or more incremental features.
> c) increase throughput
>
> I think some of the within tech limits bandwidth should be
> pre-allocated to decentralisation improvements given a) above.
>
> And I think that we should also see work to improve decentralisation
> with better pooling protocols that people are working on, to remove
> some of the artificial centralisation in the system.
>
> Secondly on the interests and incentives - miners also play an
> important part of the ecosystem and have gone through some lean times,
> they may not be overjoyed to hear a plan to just whack the block-size
> up to 8MB.  While it's true (within some limits) that miners could
> collectively keep blocks smaller, there is the ongoing reality that
> someone else can take break ranks and take any fee however de minimis
> fee if there is a huge excess of space relative to current demand and
> drive fees to zero for a few years.  A major thing even preserving
> fees is wallet defaults, which could be overridden(plus protocol
> velocity/fee limits).
>
> I think solutions that see growth scale more smoothly - like Jeff
> Garzik's and Greg Maxwell's and Gavin Andresen's (though Gavin's
> starts with a step) are far less likely to create perverse unforeseen
> side-effects.  Well we can foresee this particular effect, but the
> market and game theory can surprise you so I think you generally want
> the game-theory & market effects to operate within some more smoothly
> changing caps, with some user or miner mutual control of the cap.
>
> So to be concrete here's some hypotheticals (unvalidated numbers):
>
> a) X MB cap with miner policy limits (simple, lasts a while)
> b) starting at 1MB and growing to 2*X MB cap with 10%/year growth
> limiter + policy limits
> c) starting at 1MB and growing to 3*X MB cap with 15%/year growth
> limiter + Jeff Garzik's miner vote.
> d) starting at 1MB and growing to 4*X MB cap with 20%/year growth
> limiter + Greg Maxwell's flexcap
>
> I think it would be good to see some tests of achievable network
> bandwidth on a range of networks, but as an illustration say X is 2MB.
>
> Rationale being the weaker the signalling mechanism between users and
> user demanded size (in most models communicated via miners), the more
> risk something will go in an unforeseen direction and hence the lower
> the cap and more conservative the growth curve.
>
> 15% growth limiter is not Nielsen's law by intent.  Akamai have data
> on what they serve, and it's more like 15% per annum, but very
> variable by country
>
> http://www.akamai.com/stateoftheinternet/soti-visualizations.html#stoi-graph
> CISCO expect home DSL to double in 5 years
> (
> http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/VNI_Hyperconnectivity_WP.html
> ), which is about the same number.
>
> (Thanks to Rusty for data sources for 15% number).
>
> This also supports the claim I have made a few times here, that it is
> not realistic to support massive growth without algorithmic
> improvement from Lightning like or extension-block like opt-in
> systems.  People who are proposing that we ramp blocksizes to create
> big headroom are I think from what has been said over time, often
> without advertising it clearly, actually assuming and being ok with
> the idea that full nodes move into data-centers period and small
> business/power user validation becomes a thing of the distant past.
> Further the aggressive auto-growth risks seeing that trend continuing
> into higher tier data-centers with negative implications for
> decentralisation.  The odd proponent seems OK with even that too.
>
> Decentralisation is key to Bitcoin's security model, and it's
> differentiating properties.  I think those aggressive growth numbers
> stray into the zone of losing efficiency.  By which I mean in
> scalability or privacy systems if you make a trade-off too far, it
> becomes time to re-asses what you're doing.  For example at that level
> of centralisation, alternative designs are more network efficient,
> while achieving the same effective (weak) decentralisation.  In
> Bitcoin I see this as a strong argument not to push things to that
> extreme, the core functionality must remain for Lightning and other
> scaling approaches to remain secure by using the Bitcoin as a secure
> anchor.  If we heavily centralise and weaken the security of the main
> Bitcoin chain, there remains nothing secure to build on.
>
> Therefore I think it's more appropriate for high scale to rely on
> lightning, or a semi-centralised trade-offs being in the side-chain
> model or similar, where the higher risk of centralisation is opt-in
> and not exposed back (due to the security firewall) to the Bitcoin
> network itself.
>
> People who would like to try the higher tier data-center and
> throughput by high bandwidth use route should in my opinion run that
> experiment as a layer 2 side-chain or analogous.  There are a few ways
> to do that.  And it would be appropriate to my mind that we discuss
> them here also.
>
> An experiment like that could run in parallel with lightning, maybe it
> could be done faster, or offer different trade-offs, so could be an
> interesting and useful thing to see work on.
>
> > On Tue, Jun 30, 2015 at 12:25 PM, Peter Todd <pete at petertodd.org> wrote:
> >> Which of course raises another issue: if that was the plan, then all you
> >> can do is double capacity, with no clear way to scaling beyond that.
> >> Why bother?
>
> A secondary function can be a market signalling - market evidence
> throughput can increase, and there is a technical process that is
> effectively working on it.  While people may not all understand the
> trade-offs and decentralisation work that should happen in parallel,
> nor the Lightning protocol's expected properties - they can appreciate
> perceived progress and an evidently functioning process.  Kind of a
> weak rationale, from a purely technical perspective, but it may some
> value, and is certainly less risky than a unilateral fork.
>
> As I recall Gavin has said things about this area before also
> (demonstrate throughput progress to the market).
>
> Another factor that people have said, which I think I agree with
> fairly much is that if we can chose something conservative, that there
> is wide-spread support for, it can be safer to do it with moderate
> lead time.  Then if there is an implied 3-6mo lead time we are maybe
> projecting ahead a bit further on block-size utilisation.  Of course
> the risk is we overshoot demand but there probably should be some
> balance between that risk and the risk of doing a more rushed change
> that requires system wide upgrade of all non-SPV software, where
> stragglers risk losing money.
>
> As well as scaling block-size within tech limits, we should include a
> commitment to improve decentralisation, and I think any proposal
> should be reasonably well analysed in terms of bandwidth assumptions
> and game-theory.  eg In IETF documents they have a security
> considerations section, and sometimes a privacy section.  In BIPs
> maybe we need a security, privacy and decentralisation/fungibility
> section.
>
> Adam
>
> NB some new list participants may not be aware that miners are
> imposing local policy limits eg at 750kB and that a 250kB policy
> existed in the past and those limits saw utilisation and were
> unilaterally increased unevenly.  I'm not sure if anyone has a clear
> picture of what limits are imposed by hash-rate even today.  That's
> why Pieter posed the question - are we already at the policy limit -
> maybe the blocks we're seeing are closely tracking policy limits, if
> someone mapped that and asked miners by hash-rate etc.
>
> On 30 June 2015 at 18:35, Michael Naber <mickeybob at gmail.com> wrote:
> > Re: Why bother doubling capacity? So that we could have 2x more network
> > participants of course.
> >
> > Re: No clear way to scaling beyond that: Computers are getting more
> capable
> > aren't they? We'll increase capacity along with hardware.
> >
> > It's a good thing to scale the network if technology permits it. How can
> you
> > argue with that?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150701/6d43b13a/attachment-0001.html>


More information about the bitcoin-dev mailing list