Once transactions are validated and buried "deep enough" in the blockchain you can forget their inputs, because the inputs are only needed for validation.
... although SOMEBODY on the network should remember them, in case I-don't-trust-anybody nodes want to validate the entire blockchain.
Actually, I'm not sure this makes sense without major protocol changes. Currently, if you throw away the transaction inputs you can't prove to other nodes that the transaction was actually buried in the blockchain at the place you claim it was - transactions are hashed as a single piece of data and there's no way of verifying the hash without the entire transaction. So it's not really safe to bootstrap new mining nodes without a complete transaction history including inputs, even if they don't validate the entire chain. |
|
|
|
I don't think there are any FPGA that run at 600 Mhz. More likely they are using a "larger" chip. Spartan 6-150 is used because it takes ~150K LUT to fit a complete unrolled double bitcoin hash logic. Thus 1 hash per clock running at 200 Mhz = 200 MH/s.
If their FPGA have enough LUT to fit 2 complete unrolled hashers then the board would do 4 hashes per clock. 800 MH/s = 200 Mhz.
Almost, except that Spartan-6 LUTs aren't equivalent to the LUTs used in other FPGAs - about half of them are useless for Bitcoin mining because they don't have any adders. Expect somewhere in the ballpark of half that many LUTs for a completely unrolled miner on a more suitable FPGA. Sure, but first they need to ship. I they have collected 1000 orders till the day the ship and they only released pictures with sanded off ICs they have achieved their delay. If they'd put the pictures online with everybody to see what kind of units they are using their competition could go to work right away. That's not the main obstacle to competition though - the main obstacle seems to be how on earth to get the FPGAs at a low enough price. |
|
|
|
- Old clients and miners count each OP_CHECKMULTISIG in a scriptSig or scriptPubKey as 20 "signature operations (sigops)." And there is a maximum of 20,000 sigops per block. That means a maximum of 1,000 BIP-17-style multisig inputs per block. BIP 16 "hides" the CHECKMULTISIGs from old clients, and (for example) counts a 2-of-2 CHECKMULTISIG as 2 sigops instead of 20. Increasing the MAX_SIGOPS limit would require a 'hard' blockchain split; BIP 16 gives 5-10 times more room for transaction growth than BIP 17 before bumping into block limits.
Unless I'm entirely mistaken there was a rather nasty vulnerability in OP_EVAL caused by this added bit of complexity, one that BIP 16 would've inherited if you hadn't spotted and fixed it. While technically it was only a denial of service vulnerability that prevented nodes that supported it from mining any blocks, a denial of service vulnerability of this kind is enough to create transactions spending other people's bitcoins from their P2SH addresses and get non-upgraded nodes to accept them even after the switch-on date, which is kind of a big deal. |
|
|
|
How exactly do you deal w/ conflicts.
Chain A says coins transferred from address 123 to address 456.
Chain B says coins transferred from address 123 to address 789.
Where do the coins go?
Forget 51%. Double spending is as easy as making a duplicate block w/ different transaction.
Yeah, that's the problem. It only works so long as whoever's attacking the chain doesn't attempt a double spend. We can still cope with sub-50% double spend attempts by essentially picking the side of the double-spend with the most confirmations (though there's a lot of subtlty in how this must be calculated) and throwing away the other double-spend block and its descendants, but greater-than-51% ones are a huge problem. |
|
|
|
|
Interestingly, it looks like there is actually a way of making coins immune from this particular attack that doesn't require any kind of trusted central authorities and can't be used to fork the blockchain. Unfortunately it'd be a huge pain to implement correctly and wouldn't be able to deal with 51% double-spending attacks.
The trick is that there's no inherent reason why the Bitcoin blockchain actually had to be in the form of a chain. Simply add a rule that blocks can merge multiple non-conflicting forks of the blockchain by having multiple parents, calculating its total work as the sum of its work and work done for all its ancestor blocks. That way, it doesn't matter that Eligius is mining faster than the rest of the network because we can use the attacker's work against him - our non-attack versions of the best chain are counted as having the strength of all his work plus all ours, and the only way he can benefit from this effect is if he includes other's blocks and transactions which is what we wanted in the first place!
There's almost certainly some subtle flaw in this and it'd be a nightmare to implement correctly and in a way that couldn't be exploited, but on paper it seems like a clever idea. Don't think I'm going to go through with it though. (There are a whole bunch of subtle details that have to be taken care of. For example, we need to cap how far back a fork that's being merged can come from to block spam, but this limits the power of this scheme against denial-of-service.)
|
|
|
|
In a way, everyone in that pool HAS now been asked that question, and current pool hashing power should reflect their answer. I WISH I had so many choices in phone companies as miners have in pools!  Not entirely. Luke-Jr keeps making statements that whilst technically true are carefully worded to mislead people into thinking that Eligius was not in fact merged mining CLC, and I think a few people have come to believe this. (Not that it'd probably make much difference anyway.) |
|
|
|
Being broken on the initial release of the algorithm absolutely disqualifies it as cryptography. If initially it is uncrackable and over time new methods come to light which degrade its effectiveness, that is one thing (specifically your SHA1 example, which is a hash, not encryption btw). But calling ROT26 an encryption algorithm is senseless and just playing at semantics. Blaming someone for cracking ROT26 is mindless and betrays a complete misunderstanding of what cryptography is for. Errrm... you do realize that Bitcoin has more or less the same cryptographic flaw, right? |
|
|
|
1) I am suggestion we try a defense other than just have more hashing power. That's... non-trivial, and most of the proposed suggestions either require centralization, cause more problems, or both 2) Can't we do something similar but not have it centralized. Solidcoin chooses his own trusted nodes. Why can't I choose? It's important that different nodes' view of the blockchain converges in a reasonable time, and this is hard - probably even impossible - to guarantee if every node is following different rules about which blockchain they prefer. Are these attacks detectable? Are these attacks correctable if detected? Can it be done semi-autonomously?
They're detectable, even automatically detectable in theory, there's just not an easy way to prevent them. |
|
|
|
Ding ding ding.
51% provides an economic disincentive to use hashing power for "bad". That doesn't mean someone who doesn't mind destroying millions of dollars can't try but there is no ECONOMIC INCENTIVE to do so.
There is no economic incentive to do so so long as you're primarily invested in Bitcoins. For example, suppose someone really wealthy concluded that Bitcoins were potentially harmful to their wealth elsewhere; it might make economic sense for them to spend a few million dollars destroying Bitcoin. |
|
|
|
So you're against two consenting parties being able to form a contract, enforced by software that they both agree on ahead of time? That sounds rather anti-capitalist to me.
DRM is just a form of electronically enforced contract. If you don't like the terms of the contract, don't buy the software/music/movie/whatever. Except they're not exactly consenting parties and they don't exactly agree on the contract - one party unilaterally offers a contract whose terms are hidden in cryptic fine print if they're even mentioned at all. In fact, the media companies are obviously aware that people wouldn't be willing to buy their products if the conditions were more obvious. How many ads have you seen encouraging customers to "buy" a particular product with DRM? Now how many have you seen encouraging them to "enter a contract to access, subject to technical and legal restrictions on what hardware may be used to access" one? The media companies rely on the fact that consumers think of it as just buying a copy of something, much like they would a book, in order to avoid scaring customers away. |
|
|
|
|
OK, so since Luke Jr doesn't seem to think he can explain this usefully, a brief summary merged mining for miners:
As far as miners are concerned, it looks to your mining software as though you're just mining Bitcoins normally with all your mining power. Your mining software gets normal Bitcoin-mining work and submits normal shares at the same rate as it would if you weren't merged mining, if the pool is well-written it'll credit your shares towards Bitcoins at the same rate as if it wasn't merged mining, and the pool will have the same chance of finding blocks too. From a purely Bitcoin-mining perspective it doesn't have any effect whatsoever.
However, because of a clever trick with the work you're sent that you have no way to detect, the shares you submit can also be used as shares towards every other merged-mining-supporting altchain that the pool chooses to mine and can be used to generate blocks for that chain. Again, they don't stop being valid as Bitcoin shares or blocks because they're used them in this way - in theory all the chains gets the benefit of all the shares you submit, though in practice this is only entirely true for Bitcoin. This is actually how I can prove that Eligius is merged mining CLC. A large proportion of the Bitcoin blocks found by Eligius were created from the same share as a CLC block.
In summary, whilst this doesn't affect your income from Bitcoin or Namecoin mining in any way it does mean that you're helping to shut down CLC by mining at Eligius. How important this is, is something for you to judge.
Edit: as k9quant in IRC points out, there's one small inaccuracy. It's more accurate to say that you have no easy way to detect that you're merged mining and no reliable way to tell which chains you're helping to mine on. If you personally find a Bitcoin block you can tell from the block that merged mining was used but not which chains, and in theory you could also detect that you'd mined a block on a particular altchain if you knew to look out for it.
|
|
|
|
I can't quite agree with him, that's a blatant breach of agreement.
Miners mine at Eligius with the assumption that their hashing power is being exclusively used for Bitcoin (and since merged mining was introduced, Namecoin) mining.
Any other usage of the hashing power is simply unauthorized.
Please think the situation over once more Luke.
Errm, good luck with that. Apparently he's already made his position on this quite clear: There's an ongoing discussion in #bitcoin-otc about this right now. Direct quote: <btc_novice> luke-jr also, it was unethical to take your users' hashing power and use it for other purposes
<+luke-jr> btc_novice: I didn't.
<btc_novice> luke-jr did you use your hashing power, or eligius combined hashing power?
<+luke-jr> btc_novice: all hashing involving CLC was done by me Again, both technically true and intentionally misleading. Because of the way merged mining works hashing involving CLC was indeed done by him - even if they were helping to mine CLC the miners just hashed normal Bitcoin blocks which unbeknownst to them were constructed to be used as proof-of-work for CLC blocks. Even if their hash power was being utilized to help shut down CLC - and it looks like it was - they weren't directly hashing anything CLC-related. |
|
|
|
Well, he's pointing well over 250 GHash/sec of mining power at CLC, and he's also been begging in IRC for remote access to computers with OpenCL-capable GPUs for unrelated software develoment purposes due to not having any of his own, so it'd be rather... surprising if he didn't use Eligius users' hash power for this. Edit: Coiledcoin block #6948 corresponds to Bitcoin block #161234, the 3rd most recent block mined by Eligius, so yeah... While there are personal attacks in this thread which are bad, most of the discussion of what was done with the pool and coilcoin (or whatever it is) are relevant to the topic of the pool and should not be deleted. Why does it seem like people don't read anything? The Coiledcoin nonsense is NOT RELATED TO THE POOL. Shameful. Utterly shameful. Well, it's certainly rather less than honest, but he genuinely does seem to believe that whatever other things he does with his pool are irrelevant to miners so long as they get their Bitcoins. (By the way, the same is true of the Eligius-mined Bitcoin block two earlier, block #161142, and Coiledcoin block #6433. Also, by "corresponds" I mean that they share the exact same proof-of-work and were therefore merged-mined together. There are almost certainly more too, I just haven't looked further back.) |
|
|
|
Luke, could you please shed some light on the CLC events related to eligius or point me to where I can find this info.
Specifically: were eligius pool hashes used to merge mine CLC or any other chains besides btc and nmc?
Thanks.
Well, he's pointing well over 250 GHash/sec of mining power at CLC, and he's also been begging in IRC for remote access to computers with OpenCL-capable GPUs for unrelated software develoment purposes due to not having any of his own, so it'd be rather... surprising if he didn't use Eligius users' hash power for this. Edit: Coiledcoin block #6948 corresponds to Bitcoin block #161234, the 3rd most recent block mined by Eligius, so yeah... |
|
|
|
Your blockchain isn't fixed, it is whatever you want it to be, whenever you want it to be. Users are forced to upgrade by your enforcer nodes, and your enforcer nodes can be decertified by a code update (which your users must adopt or they will be cast out of the blockchain). There's a slight error in your logic here. Nodes can only be forced to adopt an update if CodeHunter's "enforcer nodes" go along with it, and they've got no reason to do this for an update that takes away their power. Assuming that those nodes are genuinely independent of CoinHunter, he doesn't actually have much more control over SolidCoin than the Bitcoin developers have over Bitcoin - if they release a major change and the mining pools go along with it, users pretty much have to go along too. |
|
|
|
I really miss FAtlas who was head and shoulders more funny than any of the other goons. Near the end of his interest on the SA threads he was lamenting the fact that he was to lazy or stupid to figure out Bitcoinica so he could short Bitcoin to the end. Lucky for him that his deficiencies kept him safe. I think that had rather less to do with laziness and rather more to do with the fact that shorting Bitcoins would require trusting Bitcoinica. |
|
|
|
He just stated he didn't use the pool to do it. I was mistaken that he used merged mining. You should read his post better.
Interesting. The other statement from him was rather more weasily: I will clarify that Eligius miners were not adversely impacted by this, and that the CLC mining involved only adding data that I hashed myself to my own transactions; and I was careful to ensure that nobody lost any confirmed CLC Which of course, is entirely true except for the part about not losing confirmed CLC, because that's how merged mining works - through the pool adding data they'd hashed themselves (namely the merged mining merkle-tree root) to their own transactions (more specifically, the pool's coinbase transactions). Judging from observations of the hashrate, the reason Eligius miners weren't adversely affected was because he intentionally didn't trigger long polls on receiving a new CLC block. |
|
|
|
What the heck is going on with the pool? For the last three hours, many addresses hash rates have dropped off and the current block estimate graph has stopped working.
That's about when he removed OP_EVAL support from the pool's Bitcoin client. (During Coiledcoin development I found an interesting security vulnerability in it whereby you could feed pools and mining nodes a poisoned transaction that'd make them unable to successfully mine any blocks. Thankfully not everyone is quite as malicious as Luke Jr. Apparently Gavin had already fixed it in the proposed replacement for OP_EVAL but presumably not thought to warn the pools for whatever reason.) |
|
|
|
Here's a fun exercise by the way: figure out what flaw in Bitcoin's implementation of OP_EVAL this code triggers, and if you've got a copy of the Coiledcoin source take a look at how it fixes it. (Only just got around to looking into this properly.) For bonus points, can you guess why Luke Jr is really lucky I don't hold a grudge? |
|
|
|
They're not yet because it takes time to do things right, but there is no evidence that they won't be. We can see here what can result from not taking the time to do things right.
In that case, I'm sure you'll figure everything out by yourselves. Good luck. |
|
|
|
|
Show Posts
