User:Gmaxwell/features: Difference between revisions
Proofs |
headings. |
||
Line 2: | Line 2: | ||
This is a non-official list of features I personally would like to see in the reference Bitcoin software. Although it's just my personal list, some of these items are generally supported by other people— and I've included many things that I wouldn't use myself but think would be very good to have. | This is a non-official list of features I personally would like to see in the reference Bitcoin software. Although it's just my personal list, some of these items are generally supported by other people— and I've included many things that I wouldn't use myself but think would be very good to have. | ||
===Core user-facing client features=== | |||
*Type-2 deterministic wallets ([https://gist.github.com/1799467 in progress]) | *Type-2 deterministic wallets ([https://gist.github.com/1799467 in progress]) | ||
*Multi-wallet (including watchmode wallets) | *Multi-wallet (including watchmode wallets) | ||
Line 20: | Line 20: | ||
*Async RPC | *Async RPC | ||
===Behind the scenes wallet improvements=== | |||
*Transaction queuing (to improve coin selection and allow the use of sendmany without explicitly asking for it) | *Transaction queuing (to improve coin selection and allow the use of sendmany without explicitly asking for it) | ||
*Smarter coin selection (minds fees!), general solver is probably too much. :) See: [[User:Gmaxwell/coin_selection]] | *Smarter coin selection (minds fees!), general solver is probably too much. :) See: [[User:Gmaxwell/coin_selection]] | ||
Line 26: | Line 26: | ||
*Wallet sweeping (avoid jagged coins, get excess inputs destroyed when you have a chance) | *Wallet sweeping (avoid jagged coins, get excess inputs destroyed when you have a chance) | ||
===Features to avoid inefficient/insecure uses of the network=== | |||
*Merged mining notary service, validation in client | *Merged mining notary service, validation in client | ||
*Detached transaction signatures to prove payment/identity (avoids 'green address' privacy lost and bloat) | *Detached transaction signatures to prove payment/identity (avoids 'green address' privacy lost and bloat) | ||
Line 32: | Line 32: | ||
*Separate network for message relay? Keep people's IM traffic out of the blockchain? (ugh) | *Separate network for message relay? Keep people's IM traffic out of the blockchain? (ugh) | ||
===Network layer improvements=== | |||
*NTP integration (if trusted, healthy, ntp— use instead of network time) | *NTP integration (if trusted, healthy, ntp— use instead of network time) | ||
*Better network time intelligence | *Better network time intelligence | ||
Line 47: | Line 47: | ||
*Blockchain over satellite receiver (peak average block chain datarate 14kbit/sec, sat bandwidth isn't that expensive) | *Blockchain over satellite receiver (peak average block chain datarate 14kbit/sec, sat bandwidth isn't that expensive) | ||
===Backend security=== | |||
*scrypt wallet encryption | *scrypt wallet encryption | ||
*Network sanity checks. Trusted peers down, network very slow? don't take txn out of unconfirmed. | *Network sanity checks. Trusted peers down, network very slow? don't take txn out of unconfirmed. | ||
Line 55: | Line 55: | ||
*Provable notice of doublespend (when a node sees a doublespend it prepares an alert indexed by the doublespent output, including at least two spends of it, and floods it, if a client receives a such a notice for a transaction sent to it, it shoots fireworks and greatly delays showing it as confirmed) | *Provable notice of doublespend (when a node sees a doublespend it prepares an alert indexed by the doublespent output, including at least two spends of it, and floods it, if a client receives a such a notice for a transaction sent to it, it shoots fireworks and greatly delays showing it as confirmed) | ||
===Validation performance=== | |||
*<s>Fast chain sync (fix database stupidity) (partially completed in 0.6.0)</s>(0.8) | *<s>Fast chain sync (fix database stupidity) (partially completed in 0.6.0)</s>(0.8) | ||
**Compressed blockchain history, decompress to build the summary preserving zero trust | **Compressed blockchain history, decompress to build the summary preserving zero trust | ||
Line 62: | Line 62: | ||
*Start as a SPV (lite) client, validate to become a full node in the background | *Start as a SPV (lite) client, validate to become a full node in the background | ||
===Mining=== | |||
*P2Pool | *P2Pool | ||
**If P2Pools have a significant amount of hashpower, and their shares carry commitments to transactions, P2Pool can create sub-minute evidence of intent to mine — coupled with double-spend-alerts can create pretty good fast confidence. | **If P2Pools have a significant amount of hashpower, and their shares carry commitments to transactions, P2Pool can create sub-minute evidence of intent to mine — coupled with double-spend-alerts can create pretty good fast confidence. | ||
Line 75: | Line 75: | ||
*Directed graph fee/priority computation (a later txn can pay fee for parents, must avoid memory DOS) | *Directed graph fee/priority computation (a later txn can pay fee for parents, must avoid memory DOS) | ||
===Fee tweaks=== | |||
*Consider net unspent output change (txn which decrease the unspent outputs on the network should have fewer fees) | *Consider net unspent output change (txn which decrease the unspent outputs on the network should have fewer fees) | ||
*NAK for dropped transactions so clients (sometimes) know when their txn aren't making progress | *NAK for dropped transactions so clients (sometimes) know when their txn aren't making progress | ||
===Proofs=== | |||
If full nodes become expensive to operate in the future then they may become uncommon and this could compromise the security of Bitcoin. This can be avoided if it's made possible for Bitcoin nodes to check all the rules at random and transmit compact proofs of rule violations. If this is done even if there is only one honest full node in the world the system is secure so long as it can communicate to all others. Right now not all of the rules can be checked randomly or have compact proofs. | If full nodes become expensive to operate in the future then they may become uncommon and this could compromise the security of Bitcoin. This can be avoided if it's made possible for Bitcoin nodes to check all the rules at random and transmit compact proofs of rule violations. If this is done even if there is only one honest full node in the world the system is secure so long as it can communicate to all others. Right now not all of the rules can be checked randomly or have compact proofs. | ||
* Proof of invalid script | * Proof of invalid script | ||
** Possible in the current system: Proof is tree fragments for the invalid txn in question as well as one invalid input (no need to include more than one). | ** Possible in the current system: Proof is tree fragments for the invalid txn in question as well as one invalid input (no need to include more than one). Also proves nlocktime, etc. | ||
* Proof of double spend | * Proof of double spend |
Revision as of 04:50, 22 March 2013
This is a non-official list of features I personally would like to see in the reference Bitcoin software. Although it's just my personal list, some of these items are generally supported by other people— and I've included many things that I wouldn't use myself but think would be very good to have.
Core user-facing client features
- Type-2 deterministic wallets (in progress)
- Multi-wallet (including watchmode wallets)
- disk corruption robust wallet storage
- Peer management RPCs (
peer info (last connect, version, transaction stats, blocks stats) (done), add, remove) A pseudo-cli interface for the GUI. e.g. file->console(done, 0.7.0)
- Thin client mode
- Should be able to run many bitcoin-cli bitcoin-qt instances over the network against a single trusted bitcoind network node
- Offline wallet— BIP10ish (semidone; raw txn does this now but without good usability)
- Ability to cancel a transaction if blocks have passed and it hasn't been mined. Canceling should put the transaction into 'hold' mode for many hours (several days?) before making its outputs available for respending, perhaps a resend-with-fee option that requires all outputs to be the same (except the change output) that can be executed faster.
- Show negative confirmations— how deep is the deepest conflicting transaction. Allow canceling transactions which have at least -6 (say) confirmations. Easier to do safely than general cancellation.
- Async RPC
Behind the scenes wallet improvements
- Transaction queuing (to improve coin selection and allow the use of sendmany without explicitly asking for it)
- Smarter coin selection (minds fees!), general solver is probably too much. :) See: User:Gmaxwell/coin_selection
- Better anonymity (avoid cross-linking), but multiwallet helps
- Wallet sweeping (avoid jagged coins, get excess inputs destroyed when you have a chance)
Features to avoid inefficient/insecure uses of the network
- Merged mining notary service, validation in client
- Detached transaction signatures to prove payment/identity (avoids 'green address' privacy lost and bloat)
- Payment protocol too, but it's not enough alone (in progress)
- Separate network for message relay? Keep people's IM traffic out of the blockchain? (ugh)
Network layer improvements
- NTP integration (if trusted, healthy, ntp— use instead of network time)
- Better network time intelligence
- Roaming connections (reduced attack risk, learn about peers faster)
- Roaming inbound (when full knock off some instead of just capping)
- Lightweight node announce to (dns)seeds?
- Priority relaying (measure which nodes are most 'useful' based on blocks/txn-w-fees then relay to them before other nodes, relay to them first— move to front on good actions probably enough)
- Authenticated peers for addnode so a network attacker can't isolate you without your knowledge
- Peer management RPCs (peer info (last connect, version, transaction stats, blocks stats), add, remove)
IPv6(done, 0.7.0)- Onion-cat style onion peers (pull semi-ready for 0.7.0)
- Tor integration (request its own hidden service via the control port)
- Blockchain over satellite receiver (peak average block chain datarate 14kbit/sec, sat bandwidth isn't that expensive)
Backend security
- scrypt wallet encryption
- Network sanity checks. Trusted peers down, network very slow? don't take txn out of unconfirmed.
- timewarp fix
- More DOS/network attack hardening (time skewing, memory exhaustion, etc)
- Ability to mark keys as compromised and enable autosweeping of inputs that are sent to them
- Provable notice of doublespend (when a node sees a doublespend it prepares an alert indexed by the doublespent output, including at least two spends of it, and floods it, if a client receives a such a notice for a transaction sent to it, it shoots fireworks and greatly delays showing it as confirmed)
Validation performance
Fast chain sync (fix database stupidity) (partially completed in 0.6.0)(0.8)- Compressed blockchain history, decompress to build the summary preserving zero trust
Rescan that checks all the hashes to detect and recover from on disk corruption(0.8)- Backwards header sync, then fill blocks, reverse header-fetching sync
- Start as a SPV (lite) client, validate to become a full node in the background
Mining
- P2Pool
- If P2Pools have a significant amount of hashpower, and their shares carry commitments to transactions, P2Pool can create sub-minute evidence of intent to mine — coupled with double-spend-alerts can create pretty good fast confidence.
- Simplistic GPU miner (bitcoin screensaver?)
- Smarter tree rebulding
- Share in lieu of TXN fees
- No funds for anti-dos fee? Generate at least a diff N share with a commitment to the txn in the coinbase (paying whomever), distribute along with the txn (allows us to keep mining as our singular POW system, but still use small amounts of it without a pooling solution that works at cpu miner levels!)
- Directly pay pools txn fees via computation, attempting blocks that pay them.
- Directed graph fee/priority computation (a later txn can pay fee for parents, must avoid memory DOS)
Fee tweaks
- Consider net unspent output change (txn which decrease the unspent outputs on the network should have fewer fees)
- NAK for dropped transactions so clients (sometimes) know when their txn aren't making progress
Proofs
If full nodes become expensive to operate in the future then they may become uncommon and this could compromise the security of Bitcoin. This can be avoided if it's made possible for Bitcoin nodes to check all the rules at random and transmit compact proofs of rule violations. If this is done even if there is only one honest full node in the world the system is secure so long as it can communicate to all others. Right now not all of the rules can be checked randomly or have compact proofs.
- Proof of invalid script
- Possible in the current system: Proof is tree fragments for the invalid txn in question as well as one invalid input (no need to include more than one). Also proves nlocktime, etc.
- Proof of double spend
- Possible in the current system: Proof is tree fragments for the two transactions which spend the same input.
- Proof of false inflation
- Not possible in the current system: Coinbase's payment is the sum of fees in a block and the subsidy. Fees require knowing the transactions input, to check subsidy you must not only have all the transactions but all their inputs as well.
- This is fixable. Replace the hash tree with one that H((fees_left+fees_right)||H(left)||H(right)) so that the tree commits to the fees. Nodes can randomly check this by grabbing a random txn and checking its inputs, and compactly prove violation by showing where the fees don't match their commitments.
- Proof of block too large
- Similar to false inflation, requires all the transactions, can similarly be solved by including the sum of txn sizes in the tree.
- Proof of spending a non-existing input
- Not possible in the current system: proof requires scanning the entire blockchain history
- Requires a UXTO set commitment as well as a tree for outputs created and consumed within one block. Proof is a pair of tree fragments for the higher and lower records for the missing entry, and another pair for the outputs created within a block but consumed.