Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: Theo on June 20, 2011, 11:13:24 PM



Title: Bitcoin Tech Talk
Post by: Theo on June 20, 2011, 11:13:24 PM
Hi,

I'm holding a talk about Bitcoin in a couple of days. Target audience are computer scientists and it's focused on technology.

http://dl.dropbox.com/u/212148/bitcoin-talk.pdf (http://dl.dropbox.com/u/212148/bitcoin-talk.pdf)

Any corrections appreciated.
I'm also preparing some backup slides about recent hacks, Namecoin and why non-scalability isn't the end of the world.

Regards,
Theo


Title: Re: Bitcoin Tech Talk
Post by: just_someguy on June 20, 2011, 11:43:27 PM
Very nice!

Its hard to judge slides because its just the bullets without context.
Two things I noticed which you may already be addressing in the talk:

"Apart from securing Bitcoin, the energy is wasted"
Is there another way to phrase that?

Also, in the part about scalability you don't mentioned the simple mode clients using just 4.5 MB a year.
Then it says bitcoin doesn't scale with the number of transactions.
Not exactly sure what that means but if it makes sense in context its all good.

Looks like its going to be a great presentation!


Title: Re: Bitcoin Tech Talk
Post by: tubro on June 21, 2011, 03:11:45 PM
Good work, I like it. Make sure you have a lot of time for all those slides, though. Calculate 4min/slide.


Title: Re: Bitcoin Tech Talk
Post by: Sukrim on June 21, 2011, 06:16:26 PM
You DID read + understand https://en.bitcoin.it/wiki/Scalability - right?


Title: Re: Bitcoin Tech Talk
Post by: Theo on June 22, 2011, 08:55:37 AM
Thanks for your feedback!

Regarding scalability I say basically the same as the Wiki page does: scalability is limited and there are ideas to improve it in future.


Title: Re: Bitcoin Tech Talk
Post by: gmaxwell on June 22, 2011, 06:28:38 PM
"Apart from securing Bitcoin, the energy is wasted"
Is there another way to phrase that?

Yea, thats unfairly negative.

"Mining gold takes energy, apart from increasing the supply of gold, most of which will simply be locked away in vaults, the energy is wasted"

"Validating and transporting cash takes energy, apart from discouraging counterfeiting and moving the cash from place to place, the energy is wasted"

People complaining about bitcoin's energy usage are ignoring the externalized (and thus hidden) energy costs in the alternatives.  Perhaps bitcoin is worse right now given the low amount of economic activity, but its nowhere near as bad as a simplistic analysis would make it sound.

Ob pedantry:  The 21M limit comes not from the quantization limit at 1e-8, it arises as the limit of the geometric series.  If the bitcoin precision is increased the total number of bitcoins will not go past that limit.

You're also overstating the current blockchain size.  The client keeps orphan forks that it heard about plus a number of excessively bloated indexes. The blocks themselves are in blk0001.dat.  On client I bootstrapped a few weeks ago (so it has some amount of dead forks in it already) is 285MBytes.

The blockchain can also be significantly compressed because almost all txn use the same script and because public keys in signed transactions can be reliably derived from the signature. (It's not clear that Satoshi knew this, but even soŚ it takes a bit more computation to validate without the public key.) Just running a simple compression on it that doesn't take advantage of the ability to recover public keys shrinks the file to 190MBytes.


Title: Re: Bitcoin Tech Talk
Post by: Theo on June 22, 2011, 08:21:51 PM
Yeah, the word "wasted" is too judging, I will change that to something neutral.

Ob pedantry:  The 21M limit comes not from the quantization limit at 1e-8, it arises as the limit of the geometric series.  If the bitcoin precision is increased the total number of bitcoins will not go past that limit.

Ok right.

You're also overstating the current blockchain size.  The client keeps orphan forks that it heard about plus a number of excessively bloated indexes. The blocks themselves are in blk0001.dat.  On client I bootstrapped a few weeks ago (so it has some amount of dead forks in it already) is 285MBytes.

Interesting, I assumed orphan forks are removed when main chain matures.

The blockchain can also be significantly compressed because almost all txn use the same script and because public keys in signed transactions can be reliably derived from the signature. (It's not clear that Satoshi knew this, but even soŚ it takes a bit more computation to validate without the public key.) Just running a simple compression on it that doesn't take advantage of the ability to recover public keys shrinks the file to 190MBytes.

You really mean derive the public key solely from the signature? Do you have additional information on that?


Title: Re: Bitcoin Tech Talk
Post by: gmaxwell on June 22, 2011, 10:11:33 PM
Interesting, I assumed orphan forks are removed when main chain matures.

Could be, should be, but isn't right now. The actual blockchain file is a dumb blob of bytes. The BDB file store offsets into that file. Pruning it would require atomic operations which cover both, or building a separate file and switching.... or putting it all in the database, which I assume is not done for performance/space reasons.

Quote
You really mean derive the public key solely from the signature? Do you have additional information on that?

Not quite solely: You need to know something to tell if its the right keyŚ otherwise you'd just accept any signature!  Fortunately, the transaction already provides the address, and we're already using the address to determine if the public key is the right one.

Page 48 of http://www.secg.org/download/aid-780/sec1-v2.pdf describes how to do key recovery, see step 1.6.1.  Note that there can be two possible public keys, but I don't think this creates a security issue because if someone can find a case where both candidates hash to the same address then they can already cause trouble with our current system.
Edit: I was corrected that it's up to four possible matching public keys


Title: Re: Bitcoin Tech Talk
Post by: Theo on June 22, 2011, 10:48:11 PM
Thanks, I'll take a look at it.


Title: Re: Bitcoin Tech Talk
Post by: gmaxwell on June 23, 2011, 07:55:31 AM
Thanks, I'll take a look at it.

Looking at your slides again I see you say no backup in .23Ś but the bitcoin has had the backupwallet RPC for some time now.  Is this not exposed in the gui?

I have a cron job that uses backupwallet + gpgs to do offsite backups daily. Works great.