[ANN] Litecoin - a lite version of Bitcoin. Launched!

[notme]

Right.  The miners need the full chain, but normal clients can drop most of it if they need to conserve space.

[1713461992]

1713461992

[1713461992]

1713461992

[1713461992]

1713461992

[DeathAndTaxes]

I don't think that's exactly right. The lite clients need only check confirmations, miners validate transactions and only apply them to the blockchain if they make sense. Other miners only build on those blocks if they make sense so the network has protection from dodgy miners.

You need only trust the confirmation count.

Like I said good way to get robbed.  How do you know the block you got from the network isn't malicious?  You shouldn't be trusting any miner.  The proof of work ensures miners can cheat among themselves however the client "verifies" all the work they do.  If you aren't going to be using the blockchain that is fine.  You simply need to rely on someone else (blockchain server, e-wallet, etc) to verify the blockchain for you.  However the entity doing the validation  ashould be trusted and not some random node on the network there is no way to trust information you get from the network without validating it.  You should assume that anything you receive on the network IS MALICOUS until verified that it isn't.

Assumming blocks are valid just because they are signed is a recipe for getting robbed.  The network works under a "trust nobody" model.  There isn't one piece of data your node gets from other nodes (who may not be trustworthy) that isn't validated.  When your node is sent a transaction it verifies the transaction is properly signed and valid (by rules of the network).  When your node gets a block it not only validated the signature (by hashing the header used by the miner and ensuring the hash matches and is below the target) it also verifies each transaction in the block and then reconstructs the merkle tree to ensure the merkle tree for the block is valid.  Only once all transactions are known to be valid, and the merkle tree is valid, and the block is valid, and the hash for the block is valid does the client consider that block confirmed and increment the confirmation counters.

There is no shortcut.  All that works needs to be completed in order to validate transactions.  This doesn't mean YOU need to have the blockchain but you will need to rely on someone else who does have the blockchain.  For example if you use Electrum client you are relying on the Electrum server to do the validation work for you.  If you use the strongcoin ewallet you are relying on strongcoin to do the validation for you.

Simply trusting blocks as they appear on the network is completely insecure.

[coblee]

You're right. As long as the spam transaction issue is fixed. We shouldn't be growing faster than Bitcoin.

[notme]

Like I said good way to get robbed.  How do you know the block you got from the network isn't malicious?  You shouldn't be trusting any miner.  The proof of work ensures miners can cheat among themselves however the client "verifies" all the work they do.  If you aren't going to be using the blockchain that is fine.  

Right, don't trust any miner.  But you have to trust > 50% of them.  If the block has invalid transactions it will be rejected by the honest nodes.  If you don't trust more than half of miners, I suggest you go back to fiat or some other model because cryptocurrencies aren't going to work for you.

[DeathAndTaxes]

Right, don't trust any miner.  But you have to trust > 50% of them.  If the block has invalid transactions it will be rejected by the honest nodes.  

Unless you validate the block yourself you have no idea if 50% of miners trust it.  You have no idea if the block is even valid.  You have no idea if the transactions inside the "valid" block are valid.  In essence you are just praying that no cancer/poison nodes are feeding you false info. 

No lite client just assumes data coming from the network is valid.  Not one.  It is inherently insecure.  If you think otherwise then make one and be ready for the fallout when customers get spoofed.  There are lots of creative solutions around the need for the blockchain but just trusting blocks given to you by the network (you may only be seeing what the attacker wants you to see) is naive and giant attack vector waiting to happen. 

If you don't trust more than half of miners, I suggest you go back to fiat or some other model because cryptocurrencies aren't going to work for you.

Spend less time being snarky and more time learning the protocol.  What you suggested is insecure.  Period.  If you don't understand that then you shouldn't be writing a lite client.  Luckily every lite client that exists (so far) has been written by people that do understand that nothing on the network can be trusted until verified.

[notme]

Right, don't trust any miner.  But you have to trust > 50% of them.  If the block has invalid transactions it will be rejected by the honest nodes.  

Unless you validate the block yourself you have no idea if 50% of miners trust it.  You have no idea if the block is even valid.  You have no idea if the transactions inside the "valid" block are valid.  In essence you are just praying that no cancer/poison nodes are feeding you false info. 

No lite client just assumes data coming from the network is valid.  Not one.  It is inherently insecure.  If you think otherwise then make one and be ready for the fallout when customers get spoofed.  There are lots of creative solutions around the need for the blockchain but just trusting blocks given to you by the network (you may only be seeing what the attacker wants you to see) is naive and giant attack vector waiting to happen. 

If you don't trust more than half of miners, I suggest you go back to fiat or some other model because cryptocurrencies aren't going to work for you.

Spend less time being snarky and more time learning the protocol.  What you suggested is insecure.  Period.  If you don't understand that then you shouldn't be writing a lite client.  Luckily every lite client that exists (so far) has been written by people that do understand that nothing on the network can be trusted until verified.

How is keeping a partial blockchain worse than no blockchain?  That makes no sense to me.  Please enlighten me.  Or perhaps you don't understand what I am proposing?  I never said you can trust a block before it has been confirmed.

[DeathAndTaxes]

How is keeping a partial blockchain worse than no blockchain? 

If you have no blockchain you are trusting a third party.  Hopefully that third party is trustworthy but at least you know where you are getting your validation form.

If you have a block chain fragment you have nothing.  Absolutely nothing.  You have no idea where it came from, you have no way to verify the transactions are valid.  You have no idea how much of the network agrees with those blocks.  You are just hoping and praying that the data you got from some anonymous nodes (who may be the attacker) is legit.    Only a matter of time before an attacker will isolate you, feed you bogus info and rob you blind.  There is no security just hope and implicit trust in anonymous entities.  A recipe for failure.

You need the ENTIRE BLOCK CHAIN (minus any pruned addresses which no longer have spendable coins) to validate any transaction.  Having a fragment is next to useless.  So if you don't want to have the full and complete block chain THEN you partner with someone who does have it.  As long as they are trustworthy you can query them for status of transactions, balances, blocks, etc.  Since they have the full block chain they can validate your queries and send you the status.

[notme]

So you say you need the entire chain minus pruned transactions?  Funny, that's what I proposed a few hours ago when you first told me I was wrong.  Pruning transactions has no effect on an attacker's ability to isolate you from the network.  Sure, perhaps there are additional vectors once they isolate you, but they can already feed you anything "valid".  So with a pruned blockchain the attacker who wants to send you fake BTC saves himself from having to actually have bitcoins at an address they can send from.  But with a full chain, as long as they have coins they can pretend to send them to you and still retain them or spend them on the real chain.  I will conceed pruning non empty addresses will extend the damage from isolation assuming the scammer isn't well funded, but once you start stealing shit you rapidly increase the damage you can cause to isolated nodes, even with the full chain.  Bitcoin is never foolproof.  Checking bitcoinmonitor, blockexplorer, or some other trusted source is the only way to be sure, and you can bet your ass I do this every time I deal with more than a couple BTC.  I believe your real confusion arises from an overconfidence in the network as it already is.

[rahl]

How about a client with it's own wallet but no block chain and I set one node only which would be my own full client. Would something like this work? Would be great for people with a bunch of laptops or whatnot...

[DeathAndTaxes]

How about a client with it's own wallet but no block chain and I set one node only which would be my own full client. Would something like this work? Would be great for people with a bunch of laptops or whatnot...

Yup.  Just need to adapt this for Litecoin.

https://en.bitcoin.it/wiki/BCCAPI

Essentially a server backend which lite clients connect to.  You could have a private backend server supporting a single wallet, or a private server supporting multiple private wallets, or a public server supporting multiple clients.

[ovidiusoft]

How about a client with it's own wallet but no block chain and I set one node only which would be my own full client. Would something like this work? Would be great for people with a bunch of laptops or whatnot...

Electrum should be easy enough to change to support Litecoin. It uses Abe as its server db backend, and looking at the code I see that Abe should work with Litecoin out of the box. Bonus: deterministic wallet.

http://ecdsa.org/electrum
https://bitcointalk.org/index.php?topic=50936.0

[CAMOPEJB]

Can someone explain me how to remove keypairs from wallet.dat?
I need to remove one address . . .

[mrx]

Can someone explain me how to remove keypairs from wallet.dat?
I need to remove one address . . .

seems like pywallet will do that. (You might need the private key to delete the address( (haven't tried). You can also use pywallet to get the private keys from your wallet.)

Is your wallet spammed?

[CAMOPEJB]

Just one address with like 75k txes 

Thou, I have backup of wallet.dat before spam dusting so I think I can restore it, remove spam address (had just 1 LTC on it) and continue using wallet without a problem 

[bronan]

when i try to send small donation to coblee i get : error: {"code":-4,"message":"Error: Transaction creation failed  "}
the goal is to empty out the old wallet.dat cause its over 51 Mb in size with only small amount in it because of the nasty spamming

[coblee]

when i try to send small donation to coblee i get : error: {"code":-4,"message":"Error: Transaction creation failed  "}
the goal is to empty out the old wallet.dat cause its over 51 Mb in size with only small amount in it because of the nasty spamming

If you have less than 0.01 LTC in your wallet filled with transaction spam, I would suggest that you just throw that wallet away. Sending those coins will cost you more in fees and further bloat the chain.

[jago25_98]

Ports forwarded (i think), only 8 active connections and syncronising to the network is has been at 1% for 20 mins?

[DeathAndTaxes]

Ports forwarded (i think), only 8 active connections and syncronising to the network is has been at 1% for 20 mins?

Use this to check if the port is actually open in your router/firewall http://canyouseeme.org/

[jjiimm_64]

when i try to send small donation to coblee i get : error: {"code":-4,"message":"Error: Transaction creation failed  "}
the goal is to empty out the old wallet.dat cause its over 51 Mb in size with only small amount in it because of the nasty spamming

if you want to empty an old wallet...  just delete it

[coblee]

For those of you using the Litecoin p2pool, forrestv has released an update that will make things better. You must update before Dec. 2, or else your p2pool will not work properly. See this thread for more details: http://liteco.in/threads/130-kh-s-distributed-litecoin-pool-using-p2pool.29/

And if you have not tried p2pool yet, why not give it a try?