SHARE
TWEET

Email 3

a guest Aug 11th, 2017 3,861 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. From: Mike Hearn <mike@plan99.net>
  2. Date: Mon, Dec 27, 2010 at 8:21 PM
  3. To: Satoshi Nakamoto <satoshin@gmx.com>
  4.  
  5.  
  6. Happy Christmas Satoshi, assuming you celebrate it wherever you are in
  7. the world :-)
  8.  
  9. I have been working on a Java implementation of the simplified payment
  10. verification, with an eye to building a client that runs on Android
  11. phones. So I've been thinking a lot about storage requirements and the
  12. scalability of BitCoin, which led to some questions that the paper did
  13. not answer (maybe there could be a new version of the paper at some
  14. point, as I think aspects of it are now out of date).
  15.  
  16. Specifically, BitCoin has a variety of magic numbers and neither the
  17. code nor the paper explain where they came from. For example, the fact
  18. that inflation ceases when 21 million coins have been issued. This
  19. number must have been arrived at somehow, but I can't see how.
  20.  
  21. Another is the 10 minute block target. I understand this was chosen to
  22. allow transactions to propagate through the network. However existing
  23. large P2P networks like BGP can propagate new data worldwide in <1
  24. minute.
  25.  
  26. The final number I'm interested in is the 500kb limit on block sizes.
  27. According to Wikipedia, Visa alone processed 62 billion transactions
  28. in 2009. Dividing through we get an average of 2000 transactions per
  29. second, so peak rate is probably around double that at 4000
  30. transactions/sec. With a ten minute block target, at peak a block
  31. might need to contain 2.4 million transactions, which just won't fit
  32. into 500kb. Is this 500kb a temporary limitation that will be slowly
  33. removed over time from the official client or something more
  34. fundamental?
  35.  
  36. ----------
  37. From: Satoshi Nakamoto <satoshin@gmx.com>
  38. Date: Wed, Dec 29, 2010 at 10:42 PM
  39. To: Mike Hearn <mike@plan99.net>
  40.  
  41.  
  42.     I have been working on a Java implementation of the simplified payment
  43.     verification, with an eye to building a client that runs on Android
  44.     phones. So I've been thinking a lot about storage requirements and the
  45.     scalability of BitCoin, which led to some questions that the paper did
  46.     not answer (maybe there could be a new version of the paper at some
  47.     point, as I think aspects of it are now out of date).
  48.  
  49.  
  50. The simplified payment verification in the paper imagined you would receive transactions directly, as with sending to IP address which nobody uses, or a node would index all transactions by public key and you could download them like downloading mail from a mail server.
  51.  
  52. Instead, I think client-only nodes should receive full blocks so they can scan them for their own transactions.  They don't need to store them or index them.  For the initial download, they only need to download headers, since there couldn't be any payments before the first time the program was run (a header download command was added in 0.3.18).  From then on, they download full blocks (but only store the headers).
  53.  
  54. Code for client-only mode is mostly implemented.  There's a feature branch on github with it, also I'm attaching the patch to this message.
  55.  
  56. Here's some more about it:
  57.  
  58. "Here's my client-mode implementation so far.  Client-only mode only records block headers and doesn't use the tx index.  It can't generate, but it can still send and receive transactions.  It's not fully finished for use by end-users, but it doesn't matter because it's a complete no-op if fClient is not enabled.  At this point it's mainly documentation showing the cut-lines for client-only re-implementers.
  59.  
  60. With fClient=true, I've only tested the header-only initial download.
  61.  
  62. A little background.  CBlockIndex contains all the information of the block header, so to operate with headers only, I just maintain the CBlockIndex structure as usual.  The nFile/nBlockPos are null, since the full block is not recorded on disk.
  63.  
  64. The code to gracefully switch between client-mode on/off without deleting blk*.dat in between is not implemented yet.  It would mostly be a matter of having non-client LoadBlockIndex ignore block index entries with null block pos.  That would make it re-download those as full blocks.  Switching back to client-mode is no problem, it doesn't mind if the full blocks are there.
  65.  
  66. If the initial block download becomes too long, we'll want client mode as an option so new users can get running quickly.  With graceful switch-off of client mode, they can later turn off client mode and have it download the full blocks if they want to start generating.  They should rather just use a getwork miner to join a pool instead.
  67.  
  68. Client-only re-implementations would not need to implement EvalScript at all, or at most just implement the five ops used by the standard transaction templates."
  69.  
  70.  
  71.     Specifically, BitCoin has a variety of magic numbers and neither the
  72.     code nor the paper explain where they came from. For example, the fact
  73.     that inflation ceases when 21 million coins have been issued. This
  74.     number must have been arrived at somehow, but I can't see how.
  75.  
  76.  
  77. Educated guess, and the maths work out to round numbers.  I wanted something that would be not too low if it was very popular and not too high if it wasn't.
  78.  
  79.  
  80.     Another is the 10 minute block target. I understand this was chosen to
  81.     allow transactions to propagate through the network. However existing
  82.     large P2P networks like BGP can propagate new data worldwide in <1
  83.     minute.
  84.  
  85.  
  86. If propagation is 1 minute, then 10 minutes was a good guess.  Then nodes are only losing 10% of their work (1 minute/10 minutes).  If the CPU time wasted by latency was a more significant share, there may be weaknesses I haven't thought of.  An attacker would not be affected by latency, since he's chaining his own blocks, so he would have an advantage.  The chain would temporarily fork more often due to latency.
  87.  
  88.  
  89.     The final number I'm interested in is the 500kb limit on block sizes.
  90.     According to Wikipedia, Visa alone processed 62 billion transactions
  91.     in 2009. Dividing through we get an average of 2000 transactions per
  92.     second, so peak rate is probably around double that at 4000
  93.     transactions/sec. With a ten minute block target, at peak a block
  94.     might need to contain 2.4 million transactions, which just won't fit
  95.     into 500kb. Is this 500kb a temporary limitation that will be slowly
  96.     removed over time from the official client or something more
  97.     fundamental?
  98.  
  99.  
  100. A higher limit can be phased in once we have actual use closer to the limit and make sure it's working OK.
  101.  
  102. Eventually when we have client-only implementations, the block chain size won't matter much.  Until then, while all users still have to download the entire block chain to start, it's nice if we can keep it down to a reasonable size.
  103.  
  104. With very high transaction volume, network nodes would consolidate and there would be more pooled mining and GPU farms, and users would run client-only.  With dev work on optimising and parallelising, it can keep scaling up.
  105.  
  106. Whatever the current capacity of the software is, it automatically grows at the rate of Moore's Law, about 60% per year.
  107.  
  108.  
  109. diff -u old\db.cpp new\db.cpp
  110. --- old\db.cpp  Sat Dec 18 18:35:59 2010
  111. +++ new\db.cpp  Sun Dec 19 20:53:59 2010
  112. @@ -464,29 +464,32 @@
  113.      ReadBestInvalidWork(bnBestInvalidWork);
  114.  
  115.      // Verify blocks in the best chain
  116. -    CBlockIndex* pindexFork = NULL;
  117. -    for (CBlockIndex* pindex = pindexBest; pindex && pindex->pprev; pindex = pindex->pprev)
  118. +    if (!fClient)
  119.      {
  120. -        if (pindex->nHeight < nBestHeight-2500 && !mapArgs.count("-checkblocks"))
  121. -            break;
  122. -        CBlock block;
  123. -        if (!block.ReadFromDisk(pindex))
  124. -            return error("LoadBlockIndex() : block.ReadFromDisk failed");
  125. -        if (!block.CheckBlock())
  126. +        CBlockIndex* pindexFork = NULL;
  127. +        for (CBlockIndex* pindex = pindexBest; pindex && pindex->pprev; pindex = pindex->pprev)
  128.          {
  129. -            printf("LoadBlockIndex() : *** found bad block at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString().c_str());
  130. -            pindexFork = pindex->pprev;
  131. +            if (pindex->nHeight < nBestHeight-2500 && !mapArgs.count("-checkblocks"))
  132. +                break;
  133. +            CBlock block;
  134. +            if (!block.ReadFromDisk(pindex))
  135. +                return error("LoadBlockIndex() : block.ReadFromDisk failed");
  136. +            if (!block.CheckBlock())
  137. +            {
  138. +                printf("LoadBlockIndex() : *** found bad block at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString().c_str());
  139. +                pindexFork = pindex->pprev;
  140. +            }
  141. +        }
  142. +        if (pindexFork)
  143. +        {
  144. +            // Reorg back to the fork
  145. +            printf("LoadBlockIndex() : *** moving best chain pointer back to block %d\n", pindexFork->nHeight);
  146. +            CBlock block;
  147. +            if (!block.ReadFromDisk(pindexFork))
  148. +                return error("LoadBlockIndex() : block.ReadFromDisk failed");
  149. +            CTxDB txdb;
  150. +            block.SetBestChain(txdb, pindexFork);
  151.          }
  152. -    }
  153. -    if (pindexFork)
  154. -    {
  155. -        // Reorg back to the fork
  156. -        printf("LoadBlockIndex() : *** moving best chain pointer back to block %d\n", pindexFork->nHeight);
  157. -        CBlock block;
  158. -        if (!block.ReadFromDisk(pindexFork))
  159. -            return error("LoadBlockIndex() : block.ReadFromDisk failed");
  160. -        CTxDB txdb;
  161. -        block.SetBestChain(txdb, pindexFork);
  162.      }
  163.  
  164.      return true;
  165. diff -u old\main.cpp new\main.cpp
  166. --- old\main.cpp        Sat Dec 18 18:35:59 2010
  167. +++ new\main.cpp        Sun Dec 19 20:53:59 2010
  168. @@ -637,6 +637,9 @@
  169.      if (!IsStandard())
  170.          return error("AcceptToMemoryPool() : nonstandard transaction type");
  171.  
  172. +    if (fClient)
  173. +        return true;
  174. +
  175.      // Do we already have it?
  176.      uint256 hash = GetHash();
  177.      CRITICAL_BLOCK(cs_mapTransactions)
  178. @@ -1308,23 +1311,26 @@
  179.      if (!CheckBlock())
  180.          return false;
  181.  
  182. -    //// issue here: it doesn't know the version
  183. -    unsigned int nTxPos = pindex->nBlockPos + ::GetSerializeSize(CBlock(), SER_DISK) - 1 + GetSizeOfCompactSize(vtx.size());
  184. -
  185. -    map<uint256, CTxIndex> mapUnused;
  186. -    int64 nFees = 0;
  187. -    foreach(CTransaction& tx, vtx)
  188. +    if (!fClient)
  189.      {
  190. -        CDiskTxPos posThisTx(pindex->nFile, pindex->nBlockPos, nTxPos);
  191. -        nTxPos += ::GetSerializeSize(tx, SER_DISK);
  192. +        //// issue here: it doesn't know the version
  193. +        unsigned int nTxPos = pindex->nBlockPos + ::GetSerializeSize(CBlock(), SER_DISK) - 1 + GetSizeOfCompactSize(vtx.size());
  194. +
  195. +        map<uint256, CTxIndex> mapUnused;
  196. +        int64 nFees = 0;
  197. +        foreach(CTransaction& tx, vtx)
  198. +        {
  199. +            CDiskTxPos posThisTx(pindex->nFile, pindex->nBlockPos, nTxPos);
  200. +            nTxPos += ::GetSerializeSize(tx, SER_DISK);
  201.  
  202. -        if (!tx.ConnectInputs(txdb, mapUnused, posThisTx, pindex, nFees, true, false))
  203. +            if (!tx.ConnectInputs(txdb, mapUnused, posThisTx, pindex, nFees, true, false))
  204. +                return false;
  205. +        }
  206. +
  207. +        if (vtx[0].GetValueOut() > GetBlockValue(pindex->nHeight, nFees))
  208.              return false;
  209.      }
  210.  
  211. -    if (vtx[0].GetValueOut() > GetBlockValue(pindex->nHeight, nFees))
  212. -        return false;
  213. -
  214.      // Update block index on disk without changing it in memory.
  215.      // The memory index structure will be changed after the db commits.
  216.      if (pindex->pprev)
  217. @@ -1378,7 +1384,7 @@
  218.      foreach(CBlockIndex* pindex, vDisconnect)
  219.      {
  220.          CBlock block;
  221. -        if (!block.ReadFromDisk(pindex))
  222. +        if (!block.ReadFromDisk(pindex, !fClient))
  223.              return error("Reorganize() : ReadFromDisk for disconnect failed");
  224.          if (!block.DisconnectBlock(txdb, pindex))
  225.              return error("Reorganize() : DisconnectBlock failed");
  226. @@ -1395,7 +1401,7 @@
  227.      {
  228.          CBlockIndex* pindex = vConnect[i];
  229.          CBlock block;
  230. -        if (!block.ReadFromDisk(pindex))
  231. +        if (!block.ReadFromDisk(pindex, !fClient))
  232.              return error("Reorganize() : ReadFromDisk for connect failed");
  233.          if (!block.ConnectBlock(txdb, pindex))
  234.          {
  235. @@ -1526,7 +1532,7 @@
  236.  
  237.      txdb.Close();
  238.  
  239. -    if (pindexNew == pindexBest)
  240. +    if (!fClient && pindexNew == pindexBest)
  241.      {
  242.          // Notify UI to display prev block's coinbase if it was ours
  243.          static uint256 hashPrevBestCoinBase;
  244. @@ -1547,10 +1553,6 @@
  245.      // These are checks that are independent of context
  246.      // that can be verified before saving an orphan block.
  247.  
  248. -    // Size limits
  249. -    if (vtx.empty() || vtx.size() > MAX_BLOCK_SIZE || ::GetSerializeSize(*this, SER_NETWORK) > MAX_BLOCK_SIZE)
  250. -        return error("CheckBlock() : size limits failed");
  251. -
  252.      // Check proof of work matches claimed amount
  253.      if (!CheckProofOfWork(GetHash(), nBits))
  254.          return error("CheckBlock() : proof of work failed");
  255. @@ -1559,6 +1561,13 @@
  256.      if (GetBlockTime() > GetAdjustedTime() + 2 * 60 * 60)
  257.          return error("CheckBlock() : block timestamp too far in the future");
  258.  
  259. +    if (fClient && vtx.empty())
  260. +        return true;
  261. +
  262. +    // Size limits
  263. +    if (vtx.empty() || vtx.size() > MAX_BLOCK_SIZE || ::GetSerializeSize(*this, SER_NETWORK) > MAX_BLOCK_SIZE)
  264. +        return error("CheckBlock() : size limits failed");
  265. +
  266.      // First transaction must be coinbase, the rest must not be
  267.      if (vtx.empty() || !vtx[0].IsCoinBase())
  268.          return error("CheckBlock() : first tx is not coinbase");
  269. @@ -1623,13 +1632,14 @@
  270.          return error("AcceptBlock() : out of disk space");
  271.      unsigned int nFile = -1;
  272.      unsigned int nBlockPos = 0;
  273. -    if (!WriteToDisk(nFile, nBlockPos))
  274. -        return error("AcceptBlock() : WriteToDisk failed");
  275. +    if (!fClient)
  276. +        if (!WriteToDisk(nFile, nBlockPos))
  277. +            return error("AcceptBlock() : WriteToDisk failed");
  278.      if (!AddToBlockIndex(nFile, nBlockPos))
  279.          return error("AcceptBlock() : AddToBlockIndex failed");
  280.  
  281.      // Relay inventory, but don't relay old inventory during initial block download
  282. -    if (hashBestChain == hash)
  283. +    if (!fClient && hashBestChain == hash)
  284.          CRITICAL_BLOCK(cs_vNodes)
  285.              foreach(CNode* pnode, vNodes)
  286.                  if (nBestHeight > (pnode->nStartingHeight != -1 ? pnode->nStartingHeight - 2000 : 55000))
  287. @@ -2405,6 +2415,8 @@
  288.          {
  289.              if (fShutdown)
  290.                  return true;
  291. +            if (fClient && inv.type == MSG_TX)
  292. +                continue;
  293.              pfrom->AddInventoryKnown(inv);
  294.  
  295.              bool fAlreadyHave = AlreadyHave(txdb, inv);
  296. @@ -2441,6 +2453,9 @@
  297.  
  298.              if (inv.type == MSG_BLOCK)
  299.              {
  300. +                if (fClient)
  301. +                    return true;
  302. +
  303.                  // Send block from disk
  304.                  map<uint256, CBlockIndex*>::iterator mi = mapBlockIndex.find(inv.hash);
  305.                  if (mi != mapBlockIndex.end())
  306. @@ -2486,6 +2501,8 @@
  307.  
  308.      else if (strCommand == "getblocks")
  309.      {
  310. +        if (fClient)
  311. +            return true;
  312.          CBlockLocator locator;
  313.          uint256 hashStop;
  314.          vRecv >> locator >> hashStop;
  315. @@ -2556,6 +2573,8 @@
  316.  
  317.      else if (strCommand == "tx")
  318.      {
  319. +        if (fClient)
  320. +            return true;
  321.          vector<uint256> vWorkQueue;
  322.          CDataStream vMsg(vRecv);
  323.          CTransaction tx;
  324. @@ -2620,6 +2639,33 @@
  325.  
  326.          if (ProcessBlock(pfrom, &block))
  327.              mapAlreadyAskedFor.erase(inv);
  328. +    }
  329. +
  330. +
  331. +    else if (strCommand == "headers")
  332. +    {
  333. +        if (!fClient)
  334. +            return true;
  335. +        vector<CBlock> vHeaders;
  336. +        vRecv >> vHeaders;
  337. +
  338. +        uint256 hashBestBefore = hashBestChain;
  339. +        foreach(CBlock& block, vHeaders)
  340. +        {
  341. +            block.vtx.clear();
  342. +
  343. +            printf("received header %s\n", block.GetHash().ToString().substr(0,20).c_str());
  344. +
  345. +            CInv inv(MSG_BLOCK, block.GetHash());
  346. +            pfrom->AddInventoryKnown(inv);
  347. +
  348. +            if (ProcessBlock(pfrom, &block))
  349. +                mapAlreadyAskedFor.erase(inv);
  350. +        }
  351. +
  352. +        // Request next batch
  353. +        if (hashBestChain != hashBestBefore)
  354. +            pfrom->PushGetBlocks(pindexBest, uint256(0));
  355.      }
  356.  
  357.  
  358. diff -u old\main.h new\main.h
  359. --- old\main.h  Sat Dec 18 18:35:59 2010
  360. +++ new\main.h  Sun Dec 19 20:53:59 2010
  361. @@ -619,6 +619,8 @@
  362.  
  363.      bool ReadFromDisk(CDiskTxPos pos, FILE** pfileRet=NULL)
  364.      {
  365. +        assert(!fClient);
  366. +
  367.          CAutoFile filein = OpenBlockFile(pos.nFile, 0, pfileRet ? "rb+" : "rb");
  368.          if (!filein)
  369.              return error("CTransaction::ReadFromDisk() : OpenBlockFile failed");
  370. @@ -1174,6 +1176,7 @@
  371.  
  372.      bool ReadFromDisk(unsigned int nFile, unsigned int nBlockPos, bool fReadTransactions=true)
  373.      {
  374. +        assert(!fClient);
  375.          SetNull();
  376.  
  377.          // Open history file to read
  378. @@ -1231,7 +1234,7 @@
  379.  
  380.  
  381.  //
  382. -// The block chain is a tree shaped structure starting with the
  383. +// The block index is a tree shaped structure starting with the
  384.  // genesis block at the root, with each block potentially having multiple
  385.  // candidates to be the next block.  pprev and pnext link a path through the
  386.  // main/longest chain.  A blockindex may have multiple pprev pointing back
  387. diff -u old\net.cpp new\net.cpp
  388. --- old\net.cpp Wed Dec 15 22:33:09 2010
  389. +++ new\net.cpp Sun Dec 19 21:51:27 2010
  390. @@ -51,7 +51,15 @@
  391.      pindexLastGetBlocksBegin = pindexBegin;
  392.      hashLastGetBlocksEnd = hashEnd;
  393.  
  394. -    PushMessage("getblocks", CBlockLocator(pindexBegin), hashEnd);
  395. +    /// Client todo: After the initial block header download, start using getblocks
  396. +    /// here instead of getheaders.  For blocks generated after the first time the
  397. +    /// program was run, we need to download full blocks to watch for received
  398. +    /// transactions in them.  We're able to download headers only for blocks
  399. +    /// generated before we ever ran because they can't contain txes for us.
  400. +    if (::fClient)
  401. +        PushMessage("getheaders", CBlockLocator(pindexBegin), hashEnd);
  402. +    else
  403. +        PushMessage("getblocks", CBlockLocator(pindexBegin), hashEnd);
  404.  }
  405.  
  406.  
  407.  
  408.  
  409. ----------
  410. From: Mike Hearn <mike@plan99.net>
  411. Date: Thu, Dec 30, 2010 at 12:27 AM
  412. To: Satoshi Nakamoto <satoshin@gmx.com>
  413.  
  414.  
  415. Thanks for the info.
  416.  
  417. I reached the same conclusions about client only nodes and this is
  418. what I've been implementing. I'm nearly there ..... I have block chain
  419. download, parsing and verification of the blocks/transactions done,
  420. with creation of spend transactions almost done.
  421.  
  422. v1 will basically do as you propose, with the possible optimization of
  423. storing only the blocks needed to form the block locator (with the
  424. exponential thinning). As Android provides local storage that is
  425. private to the app, you don't need to store the entire block chain to
  426. be able to accept new blocks ... just enough to ensure you can always
  427. stay on the longest chain.
  428.  
  429. By the way, your code is easy to read and has been an invaluable
  430. reference. So thanks for that.
  431.  
  432. In v2 I'm thinking of showing transactions before they are integrated
  433. into the block chain by running secure/locked down relay nodes that
  434. send messages to the phones when a transaction is accepted into the
  435. memory pool. Android provides a secure, low power back channel to
  436. every phone. Messages are stored server side if the device is offline
  437. and apps are automatically started on the phone to handle incoming
  438. messages.
  439.  
  440. So as long as the relay nodes are unhacked, this system should give
  441. enough trust that low value transactions can be shown in the UI
  442. immediately. It introduces some centralization/single points of
  443. failure, but if the relay mechanism dies or is hacked, the damage only
  444. lasts for 10 minutes until the new blocks are downloaded.
  445.  
  446. > Client-only re-implementations would not need to implement EvalScript at
  447. > all, or at most just implement the five ops used by the standard transaction
  448. > templates."
  449.  
  450. Indeed, there's no point in client-only implementations implementing
  451. EvalScript because they can't verify transactions aren't being double
  452. spent without storing and indexing the entire block chain. My code
  453. parses the scripts and then relies on them having a standard
  454. structure, but doesn't actually run them.
  455.  
  456. > Educated guess, and the maths work out to round numbers.  I wanted something
  457. > that would be not too low if it was very popular and not too high if it
  458. > wasn't.
  459.  
  460. It'd be interesting to see the working for this. In some sense the
  461. number of coins is arbitrary as the nanocoin representation means the
  462. issuance is so huge it's practically infinite.
  463.  
  464. > A higher limit can be phased in once we have actual use closer to the limit
  465. > and make sure it's working OK.
  466.  
  467. It'd be worth implementing some kind of more robust auto update
  468. mechanism, or a schedule for the phase in of this, if only because
  469. when people evaluate "is BitCoin worth my time and effort" a solid
  470. plan for scaling up is good to have written down.
  471.  
  472. I'm not worried about the physical capabilities of the hardware, but
  473. more protocol ossification as the app is reimplemented and nodes which
  474. don't auto-update themselves increase in number. Client only
  475. reimplementations pose no problems of course, but other systems like
  476. SMTP have proven impossible to globally upgrade despite having
  477. extension mechanisms built in .... just too many implementations and
  478. too many installations.
  479.  
  480. ----------
  481. From: Satoshi Nakamoto <satoshin@gmx.com>
  482. Date: Fri, Jan 7, 2011 at 1:00 PM
  483. To: Mike Hearn <mike@plan99.net>
  484.  
  485.  
  486.     I reached the same conclusions about client only nodes and this is
  487.     what I've been implementing. I'm nearly there ..... I have block chain
  488.     download, parsing and verification of the blocks/transactions done,
  489.     with creation of spend transactions almost done.
  490.  
  491.  
  492. That's great!  The first client-only implementation will really start to move things to the next step.  Is it going to be open source, or Google proprietary?
  493.  
  494. ----------
  495. From: Mike Hearn <mike@plan99.net>
  496. Date: Fri, Jan 7, 2011 at 1:24 PM
  497. To: Satoshi Nakamoto <satoshin@gmx.com>
  498.  
  499.  
  500. > That's great!  The first client-only implementation will really start to
  501. > move things to the next step.  Is it going to be open source, or Google
  502. > proprietary?
  503.  
  504. Open source. It has to be - I am developing it as a personal project
  505. in my spare time and Googles policy is that this is only allowed if
  506. you open source the results. But I would have done that anyway.
  507.  
  508. I managed to spend my first coins on the testnet with my app a few
  509. days ago, hopefully will get another chance to make progress this
  510. weekend. Probably will have something to show publically sometime in
  511. Feb, touch wood.
  512.  
  513. ----------
  514. From: Satoshi Nakamoto <satoshin@gmx.com>
  515. Date: Mon, Jan 10, 2011 at 4:34 PM
  516. To: Mike Hearn <mike@plan99.net>
  517.  
  518.  
  519.     Open source.
  520.  
  521.  
  522. Perfect.  Once your code shows how to simplify it down, other authors can follow your lead.  Client is a less daunting challenge than full implementation.  If it's within reach of more developers, they'll come up with more polished UI and other things I didn't think of.  I expect the original software will become the industrial old thing used by GPU farms and pool servers.
  523.  
  524. BTW, later a good feature for a client version is to keep your private keys encrypted and you give your password each time you send.
  525.  
  526.  
  527.     I managed to spend my first coins on the testnet with my app a few
  528.     days ago, hopefully will get another chance to make progress this
  529.     weekend. Probably will have something to show publically sometime in
  530.     Feb, touch wood.
  531.  
  532.  
  533. Great, keep me updated.
  534.  
  535.  
  536.         I wanted something
  537.         that would be not too low if it was very popular and not too high if it
  538.         wasn't.
  539.  
  540.      It'd be interesting to see the working for this. In some sense the
  541.     number of coins is arbitrary as the nanocoin representation means the
  542.     issuance is so huge it's practically infinite.
  543.  
  544.  
  545. It works out to an even 10 minutes per block:
  546. 21000000 / (50 BTC * 24hrs * 365days * 4years * 2) = 5.99 blocks/hour
  547.  
  548. I fudged it to 364.58333 days/year.  The halving of 50 BTC to 25 BTC is after 210000 blocks or around 3.9954 years, which is approximate anyway based on the retargeting mechanism's best effort.
  549.  
  550. I thought about 100 BTC and 42 million, but 42 million seemed high.
  551.  
  552. I wanted typical amounts to be in a familiar range.  If you're tossing around 100000 units, it doesn't feel scarce.  The brain is better able to work with numbers from 0.01 to 1000.
  553.  
  554. If it gets really big, the decimal can move two places and cents become the new coins.
  555.  
  556.  
  557. ----------
  558. From: Mike Hearn <mike@plan99.net>
  559. Date: Mon, Jan 10, 2011 at 4:48 PM
  560. To: Satoshi Nakamoto <satoshin@gmx.com>
  561.  
  562.  
  563. Ah, of course, that makes sense.
  564.  
  565. By the way, if you didn't see it already, there's a discussion on the security of secp256k1 on the forum:
  566.  
  567. http://www.bitcoin.org/smf/index.php?topic=2699.0
  568.  
  569. Hal (i presume this is Hal Finney) seems to think the curve is at higher risk of attack than random curves. I guess you chose secp256k1 for the mentioned performance improvement?
  570.  
  571. ----------
  572. From: Satoshi Nakamoto <satoshin@gmx.com>
  573. Date: Mon, Jan 10, 2011 at 8:47 PM
  574. To: Mike Hearn <mike@plan99.net>
  575.  
  576.  
  577.     By the way, if you didn't see it already, there's a discussion on the security of secp256k1 on the forum:
  578.  
  579.     http://www.bitcoin.org/smf/index.php?topic=2699.0
  580.  
  581.     Hal (i presume this is Hal Finney)
  582.  
  583.  
  584. Yes, it's him.  He was supportive on the Cryptography list and ran one of the first nodes.
  585.  
  586.     seems to think the curve is at higher risk of attack than random curves. I guess you chose secp256k1 for the mentioned performance improvement?
  587.  
  588.  
  589. I must admit, this project was 2 years of development before release, and I could only spend so much time on each of the many issues.  I found guidance on the recommended size for SHA and RSA, but nothing on ECDSA which was relatively new.  I took the recommended key size for RSA and converted to equivalent key size for ECDSA, but then increased it so the whole app could be said to be 256-bit security.  I didn't find anything to recommend a curve type so I just... picked one.  Hopefully there is enough key size to make up for any deficiency.
  590.  
  591. At the time, I was concerned whether the bandwidth and storage sizes would be practical even with ECDSA.  RSA's huge keys were out of the question.  Storage and bandwidth seemed tighter back then.  I felt the size was either only just becoming practical, or would be soon.  When I presented it, I was surprised nobody else was concerned about size, though I was also surprised how many issues they argued, and more surprised that every single one was something I had thought of and solved.
  592.  
  593. As it turns out, ECDSA verification time may be the greater bottleneck.  (In my tests, OpenSSL was taking 3.5ms per ECDSA verify, or about 285 verifies per second)  Client versions bypass the problem.
  594.  
  595. As things have evolved, the number of people who need to run full nodes is less than I originally imagined.  The network would be fine with a small number of nodes if processing load becomes heavy.
RAW Paste Data
Top