|
Title: Is it possible to trim the public key in bitcoin transaction's script? Post by: zhouqi_cn on January 19, 2015, 07:34:23 AM For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.
In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB) Is it possible to do that? Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: amaclin on January 19, 2015, 08:20:09 AM Quote Is it possible to do that? Yes and no. Yes: it is possible to 1) create hard-fork or alt-coin with another protocol 2) use P2PK outputs instead of P2PKH outputs. This saves some space 3) use compression while storing tx data on hard disk No: it is almost impossible to 1) change the current consensus protocol 2) use P2PK outputs instead of P2PKH outputs because all software works with addresses, not public keys 3) use realtime compression of blockchain because it is economically unreasonable OK, everything is possible. but this is not reasonable. Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: jl2012 on January 19, 2015, 08:21:35 AM For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin. In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB) Is it possible to do that? It is technically possible with a fork, but that will cause a much bigger problem. In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever. Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution". -------------------- Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time. Read more: https://bitcointalk.org/index.php?topic=6430.0 http://www.secg.org/sec1-v2.pdf section 4.1.6 Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: zhouqi_cn on January 19, 2015, 08:48:47 AM Quote Is it possible to do that? Yes and no. Yes: it is possible to 1) create hard-fork or alt-coin with another protocol 2) use P2PK outputs instead of P2PKH outputs. This saves some space 3) use compression while storing tx data on hard disk No: it is almost impossible to 1) change the current consensus protocol 2) use P2PK outputs instead of P2PKH outputs because all software works with addresses, not public keys 3) use realtime compression of blockchain because it is economically unreasonable OK, everything is possible. but this is not reasonable. The question is not about P2PK and P2PKH. We can recover the public key from r+s with rec_id, and verifying this with previous output address will be enough. Thanks :D Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: zhouqi_cn on January 19, 2015, 08:49:35 AM For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin. In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB) Is it possible to do that? It is technically possible with a fork, but that will cause a much bigger problem. In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever. Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution". -------------------- Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time. Read more: https://bitcointalk.org/index.php?topic=6430.0 http://www.secg.org/sec1-v2.pdf section 4.1.6 I think we are talking about the full node implementatioin, not SPV And for full nodes, the storage is much more expensive than CPU. Thanks :D Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: jl2012 on January 19, 2015, 08:54:21 AM For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin. In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB) Is it possible to do that? It is technically possible with a fork, but that will cause a much bigger problem. In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever. Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution". -------------------- Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time. Read more: https://bitcointalk.org/index.php?topic=6430.0 http://www.secg.org/sec1-v2.pdf section 4.1.6 I think we are talking about the full node implementatioin, not SPV And for full nodes, the storage is much more expensive than CPU. Thanks :D The section 7 of Satoshi's paper is NOT about SPV Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: zhouqi_cn on January 19, 2015, 08:57:25 AM For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin. In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB) Is it possible to do that? It is technically possible with a fork, but that will cause a much bigger problem. In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever. Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution". -------------------- Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time. Read more: https://bitcointalk.org/index.php?topic=6430.0 http://www.secg.org/sec1-v2.pdf section 4.1.6 I think we are talking about the full node implementatioin, not SPV And for full nodes, the storage is much more expensive than CPU. Thanks :D The section 7 of Satoshi's paper is NOT about SPV "Reclaiming Disk Space". OK. Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: amaclin on January 19, 2015, 09:03:19 AM Quote And for full nodes, the storage is much more expensive than CPU. Proof?Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: zhouqi_cn on January 19, 2015, 09:18:11 AM Quote And for full nodes, the storage is much more expensive than CPU. Proof?1st. For 30MB -> 20MB, CPU is more expensive than Space. For 30GB -> 20GB, Space is more expensive. For 30TB -> 20TB, Space is far more...... 2nd. The CPU's verification need be done only once, but the storage occupation are forever. Thanks. :D Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: amaclin on January 19, 2015, 09:26:08 AM Quote For 30MB -> 20MB, CPU is more expensive than Space. I do not understang your math.For 30GB -> 20GB, Space is more expensive. For 30TB -> 20TB, Space is far more...... Cost of sum should be equal to sum of costs Quote The CPU's verification need be done only once, but the storage occupation are forever. I have two 1TB HDD in my computer. First one is 90% full, second one is 10% full. Does it mean that there is difference in their cost? Title: Re: Is it possible to trim the public key in bitcoin transaction's script? Post by: zhouqi_cn on January 19, 2015, 09:42:06 AM The smaller size of transaction is not only good for disk but also network. Yes, you can have a high performance computer, so you will not meet performance problem at all. Thanks. :D |