|
61
|
Bitcoin / Development & Technical Discussion / Re: Block headers download
|
on: April 15, 2013, 10:22:26 PM
|
TierNolan, Zeilap - thanks. Now I understand better.
It seems the only option to implement parallel download is to provide multiple checkpoints - if I want N parallel requests, I must hardcode N somewhat evenly-spaced checkpoints.
Yes exactly  - see edit |
|
|
|
|
62
|
Bitcoin / Development & Technical Discussion / Re: Block headers download
|
on: April 15, 2013, 10:11:16 PM
|
I have trouble implementing parallel blockchain download (headers only). I read wiki back and forth, but do not understand:
1) What exactly is block locator object.
2) How to download headers before certain block (towards genesis block)
Now I can start from genesis and work up blockchain (using 0 as hash_stop). Is it possible to move in opposite direction (from newest blocks to genesis)?
Block locator is a list of block hashes that you know about, starting from your head, back towards the genesis block. The idea is that the remote peer can know which blocks/headers to send you. If it determines that your most recent blocks are actually now on a side chain, then it will work backwards through your block locator to find a block which is on the main chain and then send you blocks from there onwards. If it cannot find any blocks in your locator which are on the main chain, it will send you blocks from the genesis block. Current implementations create a block locator roughly as follows,
var i = current head height
var stepSize = 1
while(i > 0) {
insert the hash of the block at height i
i = i - stepSize
stepSize = stepSize * 2
}
So many more recent blocks are added, and as you work back, the steps get bigger (because of the decreased likelihood of deeper and deeper reorgs). When downloading the headers before the last checkpoint, you can simply use the hash of the most recent header you have as the locator, i.e. only one hash. EDIT: As for working backwards, this is not possible. What is possible however is to hardcode checkpoint hashes, this way you can download the headers between each checkpoint separately enabling your parallel download. I have code to do exactly this, but I haven't bothered to test it to see if the speed improvement was worth it compared to downloading from a single peer. Others may see this as a waste of network resources perhaps. |
|
|
|
|
63
|
Bitcoin / Development & Technical Discussion / Re: Alternate methods of blockheader distribution
|
on: April 14, 2013, 06:53:07 PM
|
What is the advantage of using twitter or another server as opposed to just p2p? Wouldnt p2p be the most resilient, secure, accurate source for this?
To take out the bitcoin network, you only have to attack the relatively few nodes that allow incoming connections, most of which are running on commodity hardware at users' homes. Taking out one of the largest sites on the internet is a completely different story. Also, the bitcoin network provides no guarantees about the accuracy or security of the data it carries - so you gain nothing from getting your data from it compared to from some other source. That is in fact, pretty much the whole innovation of Bitcoin - that each node can arrive at the same globally consistent view, with zero trust of anyone else on the network, instead determining for itself whether it thinks the data is legitimate. |
|
|
|
|
66
|
Bitcoin / Development & Technical Discussion / Re: Bitcoin clients should have a MESSAGE option !
|
on: April 13, 2013, 07:27:17 PM
|
|
Attaching messages to transactions that get stored in the blockchain is highly wasteful and won't be implemented.
However, what will be possible in the next version is something like you want: Instead of making a payment by taking the payment address, creating a transaction and broadcasting it yourself, you'll instead be able to create the transaction and wrap it up with some other information like a message to the receiver, and then you send this whole thing to the receiver directly (like by submitting it to their website). The receiver then has the choice whether to accept the payment in which case he broadcasts it himself, or declines the payment, either way sending you a reply to tell you whether it's accepted or declined and additionally a message.
|
|
|
|
|
67
|
Bitcoin / Development & Technical Discussion / Re: Blind Transactions
|
on: April 11, 2013, 08:10:10 AM
|
|
I don't see how this provides any more privacy than Alice simply creating a new address herself for each transaction. The difference being that your scheme allows for Bob to send without contacting Alice to get a fresh address, but what's the use case where you send coins to someone you've never contacted?
There is also the trust issue - if Alice doesn't really care about your privacy she might spend some of her coins together, associating her various blinded addresses with each other. Your payment links your address with an address which now is seen to be belonging to Alice, defeating the whole purpose.
|
|
|
|
|
70
|
Bitcoin / Development & Technical Discussion / Re: Creating an "official" protocol specification for the Bitcoin internet currency
|
on: April 09, 2013, 01:10:36 PM
|
There's only one thing you actually need to worry about - block validation, which is explained here. I disagree. The core validation is a description of the rules for validating transactions. This would include the script language and the rules for the encryption. Much of what is in the above rules is, as the title says, protocol rules. They are mostly to ensure efficient operation of the network and keep spam low. Actually that page is fairly detailed on what constitutes valid and invalid transactions and blocks. for example: - 12. For each input, if the referenced output transaction is coinbase (i.e. only 1 input, with hash=0, n=-1), it must have at least COINBASE_MATURITY (100) confirmations; else reject this transaction
- 13. Verify crypto signatures for each input; reject if any are bad
- 14. For each input, if the referenced output has already been spent by a transaction in the main branch, reject this transaction
There's also the question of why you actually want to implement a fully verifying node. The only reason I can think of is if you want to mine with it - so you don't waste your effort producing invalid blocks. Other than that, you can get all the functionality you need from SPV checks and a full blockchain (making sure to verify the merkle root) for significantly less development effort, less cpu+ram use, less likelihood of forking yourself into oblivion, for a tiny reduction in security. It would be nice to be able to validate the system in a distributed way. Also, the SPV system is vulnerable to double spends, since you have to trust the node you connect to. Not really, your attacker still has to craft a whole fake block for you which must pass the current proof-of-work - this is exactly as hard as creating a legitimate block. Additionally, if you are connected to more than one node, then the other nodes are going to be telling you about new blocks much faster, and the fake one you got is going to be orphaned. So the result is that an attacker has to give up what would be a 25BTC reward for solving a block in exchange for a window of a few minutes where he may be able to take advantage of a double spend against me. At the moment, there are 2 extremes, either you validate everything or validate almost nothing. A system for notifying invalid blocks which proof of invalidity attached would allow distributed validation. If you have 10k nodes and each node validates a random 1% of the transactions, then the probability of an invalid tx been missed is (0.99)^10000 = 2 * 10^(-44).
This is a nice idea, but in practice you end up creating a DoS vulnerability: if I create an invalid transaction on purpose and send it to you, then you determine it is invalid and rush to announce the fact to the rest of the network, spamming everyone with an invalid transaction. The current way this is handled is that you determine my transaction is invalid and ban me for 24 hours. The rest of the network never have to hear about my transaction at all. The other problem is that you have to perform the attached proof in order to accept it, which results in the same amount of work as if you'd just performed the verification yourself, but with a lot more network traffic. |
|
|
|
|
71
|
Economy / Web Wallets / Re: blockchain.info api - how to determine if callback is valid.
|
on: April 09, 2013, 08:07:46 AM
|
Hi, does anyone else use the blockchain.info api?
If so how do you determine that the callback is from them.
I used to use gethostbynamel("blockchain.info"); but then they changed the callback IP to one not in that list [185.7.149.10].
Yesterday they seem to have changed it again to [91.223.16.20].
Any idea how i can do this automatically without having to log their IPs and when a customer complains, update the php script?
Use https. |
|
|
|
|
72
|
Bitcoin / Development & Technical Discussion / Re: Funding of network security with infinite block sizes
|
on: April 09, 2013, 05:43:23 AM
|
people dont want one piece of software to occupy whole harddisks Users have neither the ability nor desire for the blockchain to grow without bound. That's why no hard-coded limit on the block size is necessary. People tend not to want to murder others or be murdered themselves, yet it still happens and we have laws to prevent / discourage it. Add my vote too. Other stances have the premise that block space is valuable and can't be allowed to get too big too fast, but with the contradictory fear that it would be given away for free. And that miners would allow such large blocks to be created that miners wouldn't be able to handle it, which is also a self-correcting "problem".
You're working under the assumptions that everyone mining coins want what's best for Bitcoin / care about Bitcoin's future, and all miners are equal - they are not, some will realize that producing large blocks that others can't handle is very much in their interest. Others may have the aim of just causing as many problems as possible because Bitcoin is a threat to them in some way, who knows? All you're doing is creating a vulnerability and expecting no-one to take advantage. We aren't all hippies living on a fucking rainbow - problems don't just fix themselves because in your one-dimensional view of the world you can't imagine anyone not acting rationally and for the greater good. |
|
|
|
|
75
|
Bitcoin / Development & Technical Discussion / Re: Creating an "official" protocol specification for the Bitcoin internet currency
|
on: April 09, 2013, 03:16:38 AM
|
As it appears to be consensus that deriving the spec is too complex and tricky for a human being
I really don't understand this sentiment, especially from one of the devs. I think that everyone who complains that it's too difficult have just not bothered to find out how anything works. In fact, I think it speaks volumes about those complaining that every one of these threads talk about a 'protocol spec', when in fact the way that the network passes messages is largely irrelevant to the working of Bitcoin (aside from the fact that it's very well documented and simple). The only important part is the binary format of transactions and blocks, so that you can verify proof-of-work and merkle roots, other than that it really doesn't matter how you obtain them - you could get all the data you need from blockexplorer.com and bypass having to connect to the network at all if you really wanted to. There's only one thing you actually need to worry about - block validation, which is explained here. If it's too much to implement in one go, start with SPV style checks and work your way up, it's better to accept bad blocks than to reject good ones. Just don't mine or relay blocks until you're sure you've got verification completed, or isolate yourself from the rest of the network by connecting to a single trusted reference client node. There's also the question of why you actually want to implement a fully verifying node. The only reason I can think of is if you want to mine with it - so you don't waste your effort producing invalid blocks. Other than that, you can get all the functionality you need from SPV checks and a full blockchain (making sure to verify the merkle root) for significantly less development effort, less cpu+ram use, less likelihood of forking yourself into oblivion, for a tiny reduction in security. Additionally, there is almost zero financial incentive for creating an alternative implementation - no-one will trust it if it's not open source, and no-one will buy it if it is open source. The biggest problems in creating an alternative client are software engineering type problems, not implementing the network protocol. How do you guarantee database consistency or recover from corruption if the power goes out while you're processing a block? How do you deal with re-orgs? How do you store your blocks/headers for best performance? How do you minimize the expensive processing you perform on bad data before you realize it's bad? How do you properly deal with errors like failed verification or your DB crapping out so that you don't confuse one with the other and end up stuck on a fork? If you receive an invalid block a number of times from different peers, when do you decide that either you're under attack or maybe you're rejecting a block that's actually good, and what do you do? Etc. I think people are just scared of having to deal with network sockets and processing binary data, if everything was dealt with as JSON there'd be no complaints (other than network usage). |
|
|
|
|
78
|
Bitcoin / Development & Technical Discussion / Re: Who is creating non-DER signatures?
|
on: April 07, 2013, 03:40:59 PM
|
Possible cause? http://www.bouncycastle.org/releasenotes.html2.18.2 Defects Fixed - getCriticalExtensionOIDs on an X.509 attribute certificate was returning the non-critical set. This has been fixed.
- Encoding uncompressed ECDSA keys could occasionally introduce an extra leading zero byte. This has been fixed.
- Expiry times for OpenPGP master keys are now recognised across the range of possible certifications.
- PGP 2 keys can now be decrypted by the the OpenPGP library.
- PGP 2 signature packets threw an exception on trailer processing. This has been been fixed.
- Attempting to retrieve signature subpackets from an OpenPGP version 3 signature would throw a null pointer exception. This has been fixed.
- Another occasional defect in EC point encoding has been fixed.
- In some cases AttributeCertificateHolder.getIssuer() would return an empty array for attribute certificates using the BaseCertificateID. This has been fixed.
- OIDs with extremely large components would sometimes reencode with unnecessary bytes in their encoding. The optimal DER encoding will now be produced instead.
|
|
|
|
|
79
|
Bitcoin / Development & Technical Discussion / Re: How to generate a private key?
|
on: April 07, 2013, 05:53:15 AM
|
There's got to be a simple way to get the public key from the private key. Generating the private key is easy. Just make a random number, then check for proper range of values.
Then to convert the new private key into wallet import format (base58check) is also easy, I think. A few lines of code.
Yes, once you have your elliptic curve code, you just multiply your private key by the generator point of the elliptic curve. The public key is then simply 0x04 followed by the x and y coordinates, 32 bytes for each. |
|
|
|
|
Show Posts
