Your "plan" reminds me of an old joke about the difference between programmers and engineers:

I changed my timestamper to set nLockTime on every transaction it creates to the current block height. Every 10 minutes it checks if any timestamps are pending, and if so, creates a timestamp transaction; from the point of view of block creation the timestamps are created randomly. I also changed it to randomly set the fees between 2 and 5mBTC for each timestamp, which works out to a range of 5mBTC/KB to 12.5mBTC/KB.

Note that I have not changed the sequence numbers from MAXINT, so the nLockTime thing is informational only and won't affect propagation.

I seem to be getting a dozen timestamp requests per day at what appear to be random intervals, and I added some temporary code to create some additional dummy ones. Over time it could be an interesting data source, albeit one with an unusual transaction form.

54e243ffb097f5b6acd6ea4a55925fddba4078ca750b4aef4142b837ffdff2b8 is an example transaction; they all have 13MH4zmU4UT4Ct6BhoRFGjigC8gN9a9FNn as the first multisig address. (the second is the tip of the merkle tree of submitted digests to be timestamped)

Think through this voting proposal carefully: can you think of a way to game the vote?


There was some heated IRC discussion on this point - gmaxwell made the excellent comment that any type of exponentially increasing blocksize function runs into the enormous risk that the constant is either too large, and the blocksize blows up, or too small, and you need the off-chain transactions it was supposed to avoid anyway. There is very little room for error, yet changing it later if you get it wrong is impossible due to centralization.


Same here. I read Satoshi's predictions about achieving scalability through large blocks about two years ago, and simply accepted it as inevitable and ok. It was only much, much later, that I thought about the issue carefully and realized how dangerous the implications would be to Bitcoin's decentralization.



It's good that you have had experience with such environments, but remember that centrally run systems, even if the architecture itself is distributed, are far, far easier to manage than truly decentralized systems. When your decentralized system must be resistant to attack, the problem is even worse.

As an example, consider your (and Mike's) proposal to propagate headers and/or transaction hash information, rather than full transactions. Can you think of a way to attack such a system? Can you think of a way that such a system could make network forking events more likely? I'll give you a hint for the latter: reorganizations.



Bitcoin began with a 32MiB blocksize limit, which was reduced to 1MB later by Satoshi.

I'd also suggest Tor hidden services, and using private hidden service URLs that are different for each partner. The URL's don't give any information about the network topology, and if any individual URL is compromised and DoS attacked the individual URL can easily be taken down. Even URL's for individual high-volume traders would be feasible, although, keep in mind I'm no Tor expert so someone who knows more should weigh in before doing this. In particular what the Tor developers think of the attention and attacks it may attract.

In some cases using Amazon's infrastructure could work too. Amazon Simple Notification Service is essentially a DoS-resistant broadcast medium. Of course, it's central infrastructure, so not appropriate for every use, but  there is a lot of public information like price tickers that could use it. In any case information should be distributed though multiple methods.


Regardless of what is done, an important first step is to sign and timestamp all public information broadcasts so that regardless of where you got the data, you can verify it as being genuine; the current API does not appear to authenticate pricing information other than via https.

FWIW currently the majority of the core team members, Gregory Maxwell, Jeff Garzik and Pieter Wuille, have all stated they are against increasing the blocksize as the solution to the scalability problem. Each has different opinions and degrees of course on exactly what that position constitutes, but ultimately all of them believe off-chain transactions need to be the primary way to make Bitcoin scale.

EDIT: to be clear no-one, including myself, thinks the blocksize must never change. Rather achieve scalability first through off-chain transactions, and only then do you consider increasing the limit. I made a rough guess myself that it may make sense to raise the blocksize at a market cap of around 1 trillion - still far off in the future. Fees in this scenario would be something like $5 per transaction, or $1billion/year of proof of work security. (not including the inflation subsidy) That's low enough to be affordable for things like payroll, and is still a lot cheaper than international wire transfers. Hopefully at that point Bitcoin will need less security against takedowns by authority, and/or technological improvements make it easier to run nodes.


As far as I know Wladimir J. van der Laan and Nils Schneider haven't stated an opinion, leaving Gavin Andresen.

I think Jeff Garzik's post on the issue is apropos, particularly his last point:


The worst that can happen if the 1MB limit stays is growth gets slowed for awhile. In the grand scheme of things that's a manageable problem.

Essentially yes, but they can do something far more interesting than just a client - Mastercard or Visa have the trust and knowhow required to make that smartcard chip guarantee that it will A: keep the private keys secure, and B: never double-spend. Thus allowing for very safe zero-confirmation transactions, provided they come from such a card.

They can also go the next step beyond that, and make the whole system off-chain as well, allowing Bitcoin card holders to avoid blockchain transaction fees entirely. Of course this can be done as a hybrid system, with the card using either method to make a payment, depending on the circumstances.

There is no reason to expect any of Visa, Mastercard, PayPal etc. to stay out of Bitcoin forever. With the 1MB blocksize limit they can all offer off-chain transaction services, and at the same time, if the limit is raised they can also all offer zero-conf transaction services, as well as run the expensive validating nodes that will be required and mining pools.

Raising the limit as the first response to scalability problems sets a precedent that the limit will be simply raised again and again as Bitcoin grows. Why spend the effort solving the problem, when you can simply accept less security and punt the issue another year into the future? Fast growing internet startups aren't exactly known for their long-term planning.


Bitcoin as a payment system is interesting in that as it becomes easier and faster to complete the fiat->Bitcoin->fiat loop required to make a payment, the economic influence of that use becomes less and less important, all things being equal. The reason is simple: the faster you can complete that loop, the fewer Bitcoins are tied up making payments, and thus the demand for Bitcoins for that application goes down. Similarly those users care less about what the value of Bitcoin is at any given moment.

Conversely your investors, the people holding Bitcoins who believe they will maintain their value in the long run, perform far fewer transactions, yet constitute the economic majority and for now are the people paying for the security of Bitcoin. (via the still large inflation subsidy) This group has every reason to oppose changes that will sacrifice the security of their investment just so people can make cheap transactions.

We already have off-chain transactions, for instance Mt. Gox, and AurumXchange's code systems. Similarly web wallets allow for transfers from one user to another directly; MPOE reports that quite large amounts of BTC are exchanged between users every day. The Silk Road is another example of off-chain transactions - deposits go into a big shared wallet and transfers within the system are totally off-chain. In that case there are significant privacy advantages, not to mention how it makes implementing escrow easy.

There isn't going to be a single service that does this, that's my whole point: if you achieve scalability by just raising the blocksize, you wind up with all your trust is in a tiny number of validating nodes and mining pools. If you achieve scalability through off-chain transactions, you will have many choices and options. I'm sure the users of the Silk Road have very different ideas about who they can trust than users of BitPay...


Off-chain transactions aren't something that will be implemented in one big go. Like I said above, the markets can naturally adjust bit by bit gradually moving uses of Bitcoin from on-chain to off-chain as the fees gradually increase. At worst growth in the least important, lowest value, parts of the Bitcoin economy is slowed while off-chain tx solutions catch up.

On the other hand, if the blocksize is raised and it leads to centralization, Bitcoin as a decentralized currency will be destroyed forever.

It might not be sexy and exciting, but like it or not leaving the 1MB limit in place for the foreseeable future is the sane, sober and conservative approach. Exactly what I want from the developers of the brand-new and still poorly understood technology underpinning Bitcoin's $1.5billion market cap. For that matter, I personally have a good chunk of my wealth tied up in Bitcoins and want them to be valuable in the long run.

You know, I work in engineering at a company filled with ex-aerospace guys, guys who are careful and try not to get people killed by things they don't understand. They all find my work on Bitcoin interesting, and a big part of that is because of how crazy high-stakes it is. If anything Bitcoin is kinda like being given alien technology that happens to be able to make a plane that never has to land, and unfortunately doesn't even even seem to be able to land. It's brilliant at moving passengers around, although the current plane can only fit 1000 of them. It's also the only one we have so if you want to change anything you have to do a bit of wing walking and be careful not to get any body parts near the props. Oh, and not to mention, it's currently raining cats and dogs, well, actually mostly dead puppies...

Now, under those circumstances do you think I'd go up to my boss and say "Gee, I dunno, how about I climb out that access hatch at the back and add some sheet metal until the plane is long enough to shove 200,000 passengers in there?" Fuck no. For one thing this plane of ours damn near fell out of the sky a month ago, and it only took 700 passengers to make that happen. We also don't really understand why it flies at all; we've all got our own theories and some of the theories are probably even right, but we've never flown this plane in serious turbulence, let alone been attacked by those monocled guys in airships off in the distance. Heck, we got worried enough when one of them sent us a nasty telegram the other day about how shabby our records were or something.

No, instead I'd be told to work on some prototypes and write some papers and see if maybe I could make some small nimble plane that could fly along-side our hulking monolith. Preferably a plane that can land for maintenance.

Privacy, and the best way to achieve that, chaum signatures, is inherently irreversible and instant as well.

Making the blocksize large as a solution will cripple Bitcoin with centralization and lack of anonymity.

The most revolutionary thing about Bitcoin is that it is a truly decentralized store of value; 1MB will be enough to act as a store of value for the forseeable future.



If you want to sink to that level, fine.

What does Mike's employer, Google, stand to gain from large blocks that only large companies can afford to process and validate? What does Google stand to gain from a system where every last transaction is recorded on a public blockchain, ripe for datamining? Mike after all works for a company that has a "real names" policy and actively tries to ensure users can-not use its services anonymously. Keep in mind Mike is also being paid by Google to work on Bitcoin; 20% time projects, while often speculative, are approved by management and must relate to Google's business interests in some fashion.

You know, it says a lot when your opponents resort to attacking you rather than your ideas:

So, in the countries where mining, and presumably Bitcoin in general, has been banned, do you think Bitcoins will have any value?



...which means if I want to prevent mining behind Tor, all I have to do is fill my blocks with transactions that I haven't relayed to them. On the other hand, if it's a rule that you only mine to extend blocks if the transactions were broadcast first, anything that even makes transaction propagation slower, like a bunch of fake nodes, but far from 100%, causes orphan rates to jump. Not to mention I can make it very risky, due to orphaning, to mine blocks containing transactions that a large fraction of the nodes out there have decided to blacklist for whatever reason. You also create new forking risks if transaction propagation is ever prevented, when block propagation isn't.

Mike, lets suppose for a second that I am correct, and Tor bandwidth and other anonymity technologies do not scale with the bandwidth possible at VPN/co-location providers, and thus running mining (not hashing) operations is not possible anonymously.

What do you expect to happen?

"God damn it, why won't that 5% of miners stop putting '1MB' in their coinbases. They're holding up progress!

Fine, lets just block those stuck pigs, we're not colluding or anything."


"FinCEN: From now on miners are money transmitters and must report all unusual transactions.

FinCEN: From now on miners must not mine transactions over xBTC if they satisfy the criteria of unusual.

FinCEN: From now on miners must also not build upon blocks that have transactions that they themselves would not be able to mine due to our regulations."

VPN's and offshore jurisdiction are irrelevant in this scenario - Bitcoin hasn't been banned so we can fully expect mining pools to stay in the US and other visible, regulated, countries to take advantage of the cheap high-bandwidth internet connections required to run a pool.

tl;dr: Don't be naive.

It's impossible to ask for a significant minority of 'no' votes to be your decision point, because a majority of 'yes' votes can decide to only mine on top of blocks that do not vote 'no'

All you can measure is a majority either way.


On-chain have some privacy, and privacy that can be taken away by regulating miners. Off-chain with chaum tokens can have mathematically provable privacy simply unattainable by on-chain transactions.

...which means an attacker has strong incentives to buy, rent, or coerce hashing power to vote for a blocksize increase. For instance in FinCEN was devious, part of regulating mining would be forcing miners to vote for a blocksize increase; inherently on-chain transactions vs. off-chain meet their goals of financial transparency and restricting privacy. Or this may be something as subtle as funneling money to tx fees for lots of low-value tx's, perhaps with unspendable but non-prunable outputs to further increase the cost of running a mining node well into the future.

Fundamentally miners are not representative of Bitcoin and the choice of what the blocksize needs to be must not be under their control.

Note how the recent run-up in price, and in particular the media coverage about it, has been focusing on Bitcoin as a store of value rather than Bitcoin as a payment system. The media has correctly identified what makes Bitcoin truly special, and it's not by being a irrevocable version of PayPal.

We're an order of magnitude away from filling up blocks without crowding out the low-value stuff yet at all, and rudimentary off-chain transaction stuff already exists in multiple forms. At the same time it's clear that FinCEN may in the future decide to regulate mining directly, so the arguments to keep the blocksize small to allow for anonymous mining are clearly valid; even 1MB blocks are a bit marginal with Tor.

The fundamental security assumption of bitcoin is that information is easy to copy, and hard to censor. Thus there should exist multiple ways of distributing the information that comprises the blockchain to ensure that criteria is met. In particular blockheaders provide critical information about what chain the majority of hash power is working on, and themselves are self validating with some assumptions.

Thus I have developed two alternate blockheader distribution systems to be used in addition to the current p2p network.

The first, blockheaders via DNS. Headers are just eighty bytes, thus it takes just five 16 byte AAAA records to distribute one header. The advantage of using AAAA records is resistance to censorship: it can be expected that even most badly behaved DNS resolvers will pass AAAA records correctly. Equally AAAA records do not need special reaolvers, requiring just the standard gethostaddr() type calls supported by a plethora of languages.

DNS also has the advantage of built in caching to reduce the load on the central header server. A test implementation is available: blk(num)-(0-4).blkhdrs.bitcoin.petertodd.org It should be running in this auspicious day - if not I will give the server a kick later tonight. (I just crawled out of a cave in rural West Virginia)

The second method I have developed needs no explanation: http://twitter.com/blockheaders

There are enough old nodes still running on the network to get 100k txs propagated to miners if you start with a well connected node.