Idea on the "Blocks are [not] full problem"

[DeathAndTaxes]

No there is no merit.  It is completely unworkable.   Nodes share txs, and the txs known between any two arbitrary nodes is generally similar with maybe a few unique txs.  However a node has no idea what particularly subset of the memory pool an arbitrary miner will include in the next block.  A node doesn't even know what txs are in the memory pool of an arbitrary node, nor can they know for certain that they are aware of all txs in known to all nodes.  Also mining nodes don't announce themselves as mining nodes, and shouldn't for a variety of security reasons.  For the purpose of message relaying (blocks, txs, etc are all simply messages) they are no different than any other peer on the network.  So every tx set of every active miner would need to be relayed to every peer on the network to ensure they reach every miner.

Even if such a scheme was workable given that using tx hashes as a proxy for full txs already reduces the size of a block message by 90%+ that is an incredibly increase in internode bandwidth to reduce the already reduced block message by a small amount.

If the order of the transactions in the block is deterministic, I don't think this is correct.

The ordering of tx can easily (with a hard fork) be made deterministic simply sort tx by tx id hash.  Tada.  That is a non-issue however no node can know what tx are known by any other node.   So while the order can be deterministic the entirity of the memory pool is not.

Example node 1 knows of txs
B, C, D, E and we have put them in deterministic order.

However node 2 knows of txs
A, B, C, F and they also are in deterministic order.

However it is clear the two nodes don't share the exact same set.

Still even for two nodes which share the same set a miner will chose some unknown (or only known to the miner) subset of the memory pool for inclusion in the next block.   So given a set of n txs sequenced by tx id how would a miner identity the tx set for a block without using tx ids?

[DeathAndTaxes]

The whitepaper also talks about simplified payment verification, and how that makes it "possible to verify payments without running a full network node".

True but SPV don't require a trusted third party.  SPV perform the same validation of txs but rather than performing them on the entire blockchain they just perform them on the subset of the blockchain that the node is interested in.

Full node = I will keep a copy of entire blockchain and validate all txs even those which I have no personal connect to.
SPV node = I will keep a copy of block headers and request in realtime subsets of blockchain I need to verify my own txs.

Both perform the same sets of validations the difference is the scope.  Also obviously the SPV node concept only works if the are some full nodes.  Someone (preferably a lot of independent someones) needs to maintain a full copy of the blockchain that can be provided in realtime to SPVs as needed.

[gmaxwell]

That said, I'm not sure what the benefit is of this "trust no one" mindset.

Classical currencies are based on trust, and their trust argument is _far_ stronger than what the bitcoin community can offer: regulated instutions, the enforcement of laws backed up by firepower, millions of people who can absorb and correct problems, experts with mile long lists of credentials. Etc. And yet many hold the view that the trusted guardians of the popular currencies are violating this trust and will continue to do so. When you look at the Bitcoin ecosystem— it's hard to find arguments for well placed trust even a fraction as convincing as the trust thats failing in the wider world.

Complete trustlessness probably can't be achieved— with a wide enough definition, e.g. I haven't personally proven all of mathematics to myself or inspected my cpu with a home built electron microscope, but it can be approximated apparently arbitrarily close.

But first, there is a big distinction between trusting in the a world wide currency and trusting in a single trade of some small value.  However trust dependent Bitcoin itself is no set of transactions denominated in BTC can be less trust dependent than the underlying Bitcoin.  If you make ten small trades what is the probability that _all_ ten screw you?  It is something like the probability of an individual failure raised to the tenth power (e.g. probably negligible) plus the probability that Bitcoin screws you— The currency is a single point of failure, encompassing all the money in its economy, so it must be strong if anything is to be strong.

Ultimately you have to trust someone.

Secondly, this is in fact not the case: In situations where people are buying and selling digital data or services which occur within the context of machine verifiable processes it's sometimes possible to trade with absolutely no risk at all. E.g. CoinSwap can let you trade Bitcoins and foocoins in a cheat proof way (so long as Bitcoin and Foocoin are secure), or e.g. this protocol can allow selling knoweldge in a bidirectionally cheat proof way, in both cases without any third parties at all.

Even when a cheat-proof protocol isn't possible, as is the case for physical goods, you're not stuck with "a" trusted third party. In Bitcoin you can construct blockchain escrows with release rules like "(A and B) or ((A or B) and any-3-of(C, D, E, F, G))".   How likely is a single arbitrator to screw you?  Fine, add more until the potential for dishonesty is negligible, if what you're doing justifies it.  But this only works if the system itself isn't imposing its own trusted parties on you.

These are all why Bitcoin has script to begin with— simply making transactions isn't enough to achieve trustlessness. Powerful transactions are required to achieve Bitcoin's goals.

Then there is the issue of betrayal by 1000 cuts, by expedience, and with all honest intentions. In classically human mediated systems there is a constant pressure to bend the rules a little bit: "Read this guys email, he's no good", "block this transaction, just this one, the funds are stolen. I swear!", "just print a bit more money, we need to fund a war, it's important.". We find it hard to say no to small compromises, even when the logical outcome, shown by history to be inevitable, is no mystery to us.  Improved trustlessness is improved robustness to small betrayals adding up to big ones.

WRT SPV, it's only secure so long as there is an {adequate} supply of fully verifying nodes to keep miners honest. If there isn't then miners as a group (consider: even without an explicit conspiracy, they have some highly correlated interests…) can freely deceive SPV nodes. If there is, then for many use-cases SPV security is quite close to a full node (e.g. accepting confirmed payments with values small relative to the generated coins confirming them).  SPV is what makes compact mobile devices viable, and it's also necessary for efficiently binding Bitcoin into other system. But its security absolutely depends on validation being very well distributed.

[gmaxwell]

If I let A, B, C, D, E, F, and G verify the blockchain for me, and let me know if any invalid blocks are ever accepted, then A and B and C and D and E and F and G would all have to screw me over in order for me to be screwed over.

No, Bitcoin is a consensus system. If A, B, C, D, E, F, G are telling you that the chain is invalid because miners have started inflating it— but no one else is taking action because no one else is running a validating node, no one else is bothering to consult with A, B, C, D, E, F, G or believes them— well then, tough luck for you. You can stay on your true Bitcoin all alone with A..G, while almost everyone else ventures off on inflatacoin. There is currently no alarm bell in the system, and currently no way to give an alarm bell compact proof so that it could be acted on automatically. (Though it's possible to change things so that they can be done, and I think doing so should be a necessary precondition for anything with substantial risk of hurting decentralization)

Besides, why should you believe A..G for the security of _all_ your coins? You missed the point I was making that one shot securing single transactions isn't the same as securing everything. Maybe on one transaction you're secured by A..G on another you're secured by E..H, and yet another avoids the cost of arbitrators by being performed in a trust-less way, and meanwhile you have a stash of coins sitting safely without risk of losing their value. The diversity spreads your risks and minimizes chances of total loss.

that's not a very common case [...] but 99.99999% of the world hasn't, and has to trust you on that.

They don't have to trust me, they can check for themselves or pay multiple other people they marginally trust to check for them. Hm? Selling data and exchanging digital assets aren't uncommon cases. Doing them in more secure ways certainly is, but here you were telling me it was impossible to be trustfree. It will take time for people to adapt to what Bitcoin makes possible (and from the constant stream of theft and betrayal in Bitcoin space making them realize they need to look into alternatives).

Of course, if the owners of more than 50% of the hashing power start colluding to screw everyone over, they can probably do that anyway, whether you verify the blockchain or not, among other things because they can replace the blockchain with their secret one.

Replacing the blockchain has an entirely different risk/reward payoff than inflating the currency. You generally don't see central banks breaking into people's vaults and taking money these days…  And as I mentioned, extensive explicit collusion isn't required. Remove the maximum subsidy check ... advertise that you've done so in the coinbase. Produce bigger blocks when a supermajority indicates they have. SPV clients will happily follow along.

[johnyj]

I support the vision of Bitcoin as I originally learned about it, which is a trust-less decentralized system intended to make it easy for people to transact without interference or mediation by trusted parties. Bitcoin is a system where we minimize the interaction of failure prone men in making decisions— with the best of intentions— which are pushed on others without their consent— it's a system made somewhat immune to even majority whim by the widely distributed hard enforcement of system invariants which are purposefully difficult to change, especially if the changes are controversial.

To the extent that trustlessness and scaling aren't in conflict, I say— and I think everyone with honest intentions would agree: great! lets have all the things!  I believe that as technology improves the level of conflict free scaling improvements will increase.

I am, however, also concerned that even at today's scale we have operating cost and education problems which are endangering the system's security assumptions. I believe these are perfectly solvable problems.

Generally, to the extent that trustlessness and scaling come into direct conflict I believe that Bitcoin should tend to prefer trustlessness. There are a couple of reasons I believe this:

Scaling with trustlessness should improve in time just from the march of technological progress. Trustlessness seems harder to regain (e.g. p2pool didn't replace all the centralized pools, though I believe if it had come first we'd probably have no centeralized pools today or at least they'd be substantially different) than scaling is to add.

Scaling can always be achieved through alternative payment mechanisms, but I know of no similar way to improve trustlessness through overlay systems. Alternative payment networks for Bitcoin must exist in order to support things like instantaneous (semi-)irreversibility, improved privacy, offline payments, etc. Bitcoin will never be as scalable as a less decenteralized payment system. E.g. If we had to choose between Bitcoin having a dozen miner supernodes that do all the validation which we effectively must trust, or having to run low value bitcoin transactions through distributed 5-party chaum banks, which exist by the hundreds around the world... I'd prefer the latter. This is doubly true because if Bitcoin is too bloated it will harm diversity in these alternative payment systems.

Finally, trustlessness should be preferred because it is the unique value that Bitcoin (and its clones) provide. Visa does the scaling game better than we do, for fundamental reasons. Many prior ecash systems with ample funding and brilliant technology failed, largely because their trusted center provided a chokepoint.

But all thats assuming that there is a conflict and I think our job in Bitcoin is to advance the technology and minimize the conflict, foremost.  And then we don't have to answer the hard questions like who picks who wins and who loses, it's better to have everyone win. Past that, it's a balancing act— one where either extreme diminishes Bitcoin's value to the world.

Marvelous! This is so far the best post I have read on this topic!

The core value of bitcoin is to get rid of the risk of a centralized organization disturbing the money supply and transactions, that value is highly desired when people store and transfer significant amount of capitals

But for daily grocery spending, people don't complain if their credit card company has made the price of a bottle of milk 3 cents higher, and they don't care that bitcoin can make them pay 3 cents less either, because the risk involved here are so small that it does not worth the effort

Maybe for purchasing of cars and houses people could use bitcoin, but for each person that is typically 1 transaction per 5 years

Today, lots of transactions are coming from mining pool payouts, that frequency could be reduced if a consensus is reached

A possible future: Just like multimedia filled today's high speed network with lots of digital trash, the increase of bitcoin block size might push another round of network and storage upgrading world wide, it will create lots of jobs  

[readerbtc]

Hi! My first post here.

I don't consider this padding of blocks a good idea.

It can lead to a "compact blocks miners conspiracy ". Some miners agree to pad their blocks with predictable data, like, let's say, only zeros or only ones. Then they relay a compacted version of the blocks between themselves, like [header] + [valid data] + [number of zeros]. Or something.

Members of the conspiracy would suffer with much less orphaned blocks than the other miners. As the conspiracy grows, [header] + [valid data] + [number of zeros] becomes the new bitcoin standard.

[zvs]

If Bitcoin blocks become gigabytes in size such that only powerful entities bother running validation nodes, then I think Bitcoin will collapse since it loses its main feature that is appealing (truselessness).

A transaction rate which produces 144 1 GB blocks per day is achievable on a home internet connection which I can get for less than $100/month, assuming transaction messages are suitably optimized as mentioned by D&T.

You could probably validate 1 gig of blocks per minute on EC2 for under $10/month. They don't charge for incoming bandwidth, and validation should be easily handled by a small spot instance.

That said, I'm not sure what the benefit is of this "trust no one" mindset. Ultimately you have to trust someone. The merchant could snatch your smartphone out of your hands right after you enter your password. The buyer could snatch the bag of groceries and run out the door without paying. With online sales it's even more necessary that someone trusts someone. Either the merchant has to trust the buyer not to take the goods/services and run, or the buyer has to trust the merchant not to take the money and run (or one or both of them have to trust a third party to escrow the transaction).

Bitcoin is decentralized, but it isn't, and can't be, completely trustless.

What do they charge for outgoing bandwidth?

What exactly would be the purpose of running a node that simply validates blocks and doesn't relay them to anyone?  Oh, wait, I guess they could relay it to one node, one of the 'powerful entities' that runs a pool.

1Gbps dedicated ports w/ unlimited traffic still cost quite a bit.  They probably won't in a few years.

I think people should just pay their 10c and stfu.