User:Gmaxwell/features: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
headings.
→‎Proofs: proofs aren't quite enough to make bitcoin secure without full nodes on their own— mining is still a concern
Line 80: Line 80:


===Proofs===
===Proofs===
If full nodes become expensive to operate in the future then they may become uncommon and this could compromise the security of Bitcoin. This can be avoided if it's made possible for Bitcoin nodes to check all the rules at random and transmit compact proofs of rule violations. If this is done even if there is only one honest full node in the world the system is secure so long as it can communicate to all others.  Right now not all of the rules can be checked randomly or have compact proofs.
If full nodes become expensive to operate in the future then they may become uncommon and this could compromise the security of Bitcoin. This risk can be reduced if it's made possible for Bitcoin nodes to check all the rules at random and transmit compact proofs of rule violations. If this is done even if there is only one honest full node in the world the system is secure so long as it can communicate to all others.  Right now not all of the rules can be checked randomly or have compact proofs.


* Proof of invalid script
* Proof of invalid script
Line 89: Line 89:


* Proof of false inflation
* Proof of false inflation
** Not possible in the current system: Coinbase's payment is the sum of fees in a block and the subsidy. Fees require knowing the transactions input, to check subsidy you must not only have all the transactions but all their inputs as well.
** Not possible in the current system: The coinbase payment is the sum of fees in a block and the subsidy. Fees require knowing the transaction's inputs output values, to check subsidy you must not only have all the transactions but all their inputs as well.
** This is fixable. Replace the hash tree with one that H((fees_left+fees_right)||H(left)||H(right)) so that the tree commits to the fees. Nodes can randomly check this by grabbing a random txn and checking its inputs, and compactly prove violation by showing where the fees don't match their commitments.   
** This is fixable. Replace the hash tree with one that H((fees_left+fees_right)||H(left)||H(right)) so that the tree commits to the fees. Nodes can randomly check this by grabbing a random txn and checking its inputs, and compactly prove violation by showing where the fees don't match their commitments.   



Revision as of 05:06, 22 March 2013

This is a non-official list of features I personally would like to see in the reference Bitcoin software. Although it's just my personal list, some of these items are generally supported by other people— and I've included many things that I wouldn't use myself but think would be very good to have.

Core user-facing client features

  • Type-2 deterministic wallets (in progress)
  • Multi-wallet (including watchmode wallets)
  • disk corruption robust wallet storage
  • Peer management RPCs (peer info (last connect, version, transaction stats, blocks stats) (done), add, remove)
  • A pseudo-cli interface for the GUI. e.g. file->console (done, 0.7.0)
  • Thin client mode
    • Should be able to run many bitcoin-cli bitcoin-qt instances over the network against a single trusted bitcoind network node
  • Offline wallet— BIP10ish (semidone; raw txn does this now but without good usability)
  • Ability to cancel a transaction if blocks have passed and it hasn't been mined. Canceling should put the transaction into 'hold' mode for many hours (several days?) before making its outputs available for respending, perhaps a resend-with-fee option that requires all outputs to be the same (except the change output) that can be executed faster.
  • Show negative confirmations— how deep is the deepest conflicting transaction. Allow canceling transactions which have at least -6 (say) confirmations. Easier to do safely than general cancellation.
  • Async RPC

Behind the scenes wallet improvements

  • Transaction queuing (to improve coin selection and allow the use of sendmany without explicitly asking for it)
  • Smarter coin selection (minds fees!), general solver is probably too much. :) See: User:Gmaxwell/coin_selection
  • Better anonymity (avoid cross-linking), but multiwallet helps
  • Wallet sweeping (avoid jagged coins, get excess inputs destroyed when you have a chance)

Features to avoid inefficient/insecure uses of the network

  • Merged mining notary service, validation in client
  • Detached transaction signatures to prove payment/identity (avoids 'green address' privacy lost and bloat)
    • Payment protocol too, but it's not enough alone (in progress)
  • Separate network for message relay? Keep people's IM traffic out of the blockchain? (ugh)

Network layer improvements

  • NTP integration (if trusted, healthy, ntp— use instead of network time)
  • Better network time intelligence
  • Roaming connections (reduced attack risk, learn about peers faster)
  • Roaming inbound (when full knock off some instead of just capping)
  • Lightweight node announce to (dns)seeds?
  • Priority relaying (measure which nodes are most 'useful' based on blocks/txn-w-fees then relay to them before other nodes, relay to them first— move to front on good actions probably enough)
  • Authenticated peers for addnode so a network attacker can't isolate you without your knowledge
  • Peer management RPCs (peer info (last connect, version, transaction stats, blocks stats), add, remove)
  • IPv6 (done, 0.7.0)
  • Onion-cat style onion peers (pull semi-ready for 0.7.0)
  • Tor integration (request its own hidden service via the control port)
  • Blockchain over satellite receiver (peak average block chain datarate 14kbit/sec, sat bandwidth isn't that expensive)

Backend security

  • scrypt wallet encryption
  • Network sanity checks. Trusted peers down, network very slow? don't take txn out of unconfirmed.
  • timewarp fix
  • More DOS/network attack hardening (time skewing, memory exhaustion, etc)
  • Ability to mark keys as compromised and enable autosweeping of inputs that are sent to them
  • Provable notice of doublespend (when a node sees a doublespend it prepares an alert indexed by the doublespent output, including at least two spends of it, and floods it, if a client receives a such a notice for a transaction sent to it, it shoots fireworks and greatly delays showing it as confirmed)

Validation performance

  • Fast chain sync (fix database stupidity) (partially completed in 0.6.0)(0.8)
    • Compressed blockchain history, decompress to build the summary preserving zero trust
  • Rescan that checks all the hashes to detect and recover from on disk corruption(0.8)
  • Backwards header sync, then fill blocks, reverse header-fetching sync
  • Start as a SPV (lite) client, validate to become a full node in the background

Mining

  • P2Pool
    • If P2Pools have a significant amount of hashpower, and their shares carry commitments to transactions, P2Pool can create sub-minute evidence of intent to mine — coupled with double-spend-alerts can create pretty good fast confidence.
  • Simplistic GPU miner (bitcoin screensaver?)
  • Smarter tree rebulding
  • Share in lieu of TXN fees
    • No funds for anti-dos fee? Generate at least a diff N share with a commitment to the txn in the coinbase (paying whomever), distribute along with the txn (allows us to keep mining as our singular POW system, but still use small amounts of it without a pooling solution that works at cpu miner levels!)
    • Directly pay pools txn fees via computation, attempting blocks that pay them.
  • Directed graph fee/priority computation (a later txn can pay fee for parents, must avoid memory DOS)

Fee tweaks

  • Consider net unspent output change (txn which decrease the unspent outputs on the network should have fewer fees)
  • NAK for dropped transactions so clients (sometimes) know when their txn aren't making progress

Proofs

If full nodes become expensive to operate in the future then they may become uncommon and this could compromise the security of Bitcoin. This risk can be reduced if it's made possible for Bitcoin nodes to check all the rules at random and transmit compact proofs of rule violations. If this is done even if there is only one honest full node in the world the system is secure so long as it can communicate to all others. Right now not all of the rules can be checked randomly or have compact proofs.

  • Proof of invalid script
    • Possible in the current system: Proof is tree fragments for the invalid txn in question as well as one invalid input (no need to include more than one). Also proves nlocktime, etc.
  • Proof of double spend
    • Possible in the current system: Proof is tree fragments for the two transactions which spend the same input.
  • Proof of false inflation
    • Not possible in the current system: The coinbase payment is the sum of fees in a block and the subsidy. Fees require knowing the transaction's inputs output values, to check subsidy you must not only have all the transactions but all their inputs as well.
    • This is fixable. Replace the hash tree with one that H((fees_left+fees_right)||H(left)||H(right)) so that the tree commits to the fees. Nodes can randomly check this by grabbing a random txn and checking its inputs, and compactly prove violation by showing where the fees don't match their commitments.
  • Proof of block too large
    • Similar to false inflation, requires all the transactions, can similarly be solved by including the sum of txn sizes in the tree.
  • Proof of spending a non-existing input
    • Not possible in the current system: proof requires scanning the entire blockchain history
    • Requires a UXTO set commitment as well as a tree for outputs created and consumed within one block. Proof is a pair of tree fragments for the higher and lower records for the missing entry, and another pair for the outputs created within a block but consumed.