[bitcoin-dev] Fraud proofs for block size/weight

Luke Dashjr luke at dashjr.org
Sat Mar 25 05:16:25 UTC 2017

On Thursday, March 23, 2017 6:27:39 PM Jorge Timón via bitcoin-dev wrote:
> I think it would be clearer to put the "Creation of proofs" section
> before "Proof verification", maybe even before "Proof format" if a
> high level defintion of "full tx size proof" is provided before.

Creation of proofs isn't part of the spec itself.
I've moved it out of the Specification section (but it's still below it).

> Also, in "For the full-size proof, each transaction should be assumed
> to be at a minimum the stripped-size rather than the fixed 60 bytes."
> it seems you are referring to a "full-size block proof" as opposed to
> a "full size tx proof", perhaps a better term could be "full-weight
> block proof" if what you are referring to is the proof of the weight
> instead of only the pre-segwit size.
> Perhaps some short definitions for "stripped-size proof", "full tx
> size proof", "full-size proof" and maybe also "size component" at the
> beginning would be enough.

Added a definitions section above.

> In "Network protocol", "It should not recheck blocks known to be
> valid, " does "known to be valid" include the blocks that the peer
> told us where valid (with their hash and 0 in the enumerated varint)?
> Those could be invalid too if the peer was lying, no?
> Do you mean "It should not recheck blocks known to be invalid,"?

Right, fixed.

> Why do you need to have at least one full tx size?
> In Rationale you have:
> "
> Why must a full tx size proof be included?
> This is necessary to establish that the claimed block transaction
> count is correct.
> "
> Why do you need to establish that? If you can establish that the
> number of transactions is at least N and that N * 60 bytes is greater
> than the size/weight limit, isn't it that enough?

The only way to establish the number of transactions at all, is to show that a 
leaf is a parsable transaction. Which this doesn't actually show, so it's 
broken. :( Need to think on this. Any ideas? :/


More information about the bitcoin-dev mailing list