Would an Armageddon and new Genesis be possible?

[d5000]

What about the following idea:

- The Armageddon block becomes a sort of "extension block". Not everybody has to store it, but nodes supporting the "Armageddon" system will have to.
- The way to attach this into the blockchain would be simple: the UTXO set at a certain block height is hashed and then added into an OP_RETURN transaction. Armageddon nodes store the full UTXO set and the hash.
- Everybody could create such a transaction at any time, but it would be best probably for the system to agree on certain block heights (e.g. every difficulty change).
- The hashes also can be verified at any time, and transactions providing fake Armageddons would be flagged.
- To increase security it would be perhaps best that every Armageddon node stores two Armageddons in a row. So if we have currently the last Armageddon block at height X * 2016, and a previous Armageddon block at (X-1) * 2016, the blockchain would be stored fully always between (X - 1) * 2016 and the current height (2016 is the interval between difficulty changes, just as an example).

We had thus a parallel system for everybody wanting a better system than Electrum but with a shorter Initial Blockchain Download than a pruned node. It could be a bit tricky however to incentive people to create these OP_RETURN transactions. But not a single soft fork would be needed for that. In fact I'd be surprised if this wasn't proposed already. I guess the incentive problem is the challenge to solve.

[FrankS]

I keep reading posts about how an Armageddon block undermines trust, although it is only supposed to be a block in the chain, verified like any other block.
It's not a replacement, but a shortcut. Everybody can still trust the blockchain.

Users are already forced to trust 3rd parties who manage their Bitcoins because it is getting too cumbersome to run a full node. That made eg Mt Gox possible.

Also (if my understanding is correct), with an Armageddon block, you could import a private key and just need to verify from the last Armageddon block.

[philipma1957]

I keep reading posts about how an Armageddon block undermines trust, although it is only supposed to be a block in the chain, verified like any other block.
It's not a replacement, but a shortcut. Everybody can still trust the blockchain.

Users are already forced to trust 3rd parties who manage their Bitcoins because it is getting too cumbersome to run a full node. That made eg Mt Gox possible.

Also (if my understanding is correct), with an Armageddon block, you could import a private key and just need to verify from the last Armageddon block.

how do you construct the block so that it is a short cut.

If I do one at the 210,000 block first 1/2ing
once at the 420,000 block second 1/2ing
one at the 630,000 block third 1/2ing
one at the 840,000 block fourth 1/2ing
one at the 1,050,000 block fifth 1/2ing

giving a person the ability to do a shorter node size.

how are these blocks going to hold all the info ?

how big would they be?

and would not they take a long time to download.

I read the thread and still do not understand what info and how it would be placed in these short cut lists.

[Mia Chloe]

~snip

It's a nice idea actually and I think I like it. It's basically a voluntary UTXO snapshot system for faster sync but I think the main issue is kinda more of trust and incentives since basically the OP_RETURN snapshots aren’t actually enforced by consensus, nodes can’t fully trust them without already trusting whoever created them.

Let's not forget there’s no strong incentive for miners or users to keep publishing honest snapshots plus relying on a subset of Armageddon nodes to store full UTXO sets some risks even if could help with faster bootstrapping among coordinated users.

[PrivacyG]

We had thus a parallel system for everybody wanting a better system than Electrum but with a shorter Initial Blockchain Download than a pruned node. It could be a bit tricky however to incentive people to create these OP_RETURN transactions. But not a single soft fork would be needed for that. In fact I'd be surprised if this wasn't proposed already. I guess the incentive problem is the challenge to solve.

Your idea is much better than what OP presented but either I am too paranoid or this still does not make things better.

Downloading from an 'Armaggedon' Node, although verifiable would in my eyes make it as bad for Security as running the Node of a Blockchain that has just had its Genesis a couple hundred Blocks ago.  You still rely on what others thought was the legitimate status of the Blockchain a few days or weeks ago.  One of the purposes of the Blockchain growing more and more is particularly that, to make things less easier to forge every time a Block is added to it.

It also adds too much comfort for users in a situation where Security should be prioritized.  When setting up a new Node, people will be tempted to pick Armaggedon over Full Node for reasons of comfort which may in time lower the number of Full Nodes.  In my opinion, it is best that we have only the 'extremes' as in SPV and Full Node.  Making an option in between, will the advantage of not having to be patient to sync the entire Blockchain be worth the disadvantages?

[d5000]

It's a nice idea actually and I think I like it. It's basically a voluntary UTXO snapshot system for faster sync but I think the main issue is kinda more of trust and incentives since basically the OP_RETURN snapshots aren’t actually enforced by consensus, nodes can’t fully trust them without already trusting whoever created them.

Indeed, the incentive issue for correct OP_RETURNs with hashes is the main problem of that approach. Thinking a bit about it, such a system could work in theory like an optimistic rollup, i.e. the fake OP_RETURNs could be "challenged" by other nodes and then invalidated by other nodes. But to really incentivize that behaviour you probably would need an altcoin (just like optimistic rollups) to be able to pay nodes for correct OP_RETURNs. That could be made without any additional blockchain, perhaps with RGB or Taproot Assets, or an old-style protocol like Counterparty or Runes. It could also be made with a sidechain. But it has to be seen if that altcoin's value can get so high that it really incentives nodes in a way that the end security for nodes trusting in that approach is "better", i.e. more secure, than a SPV approach (Electrum etc.).

Downloading from an 'Armaggedon' Node, although verifiable would in my eyes make it as bad for Security as running the Node of a Blockchain that has just had its Genesis a couple hundred Blocks ago.

That's why I would propose in this case to require always two or three Armageddon blocks on each node, at least those participating in the OP_RETURN submitting approach. One Armageddon can fail but two in a row is extremely unlikely to get undiscovered - and of course everything what can be done with the SPV approach would still be present.

One of the purposes of the Blockchain growing more and more is particularly that, to make things less easier to forge every time a Block is added to it.

I don't know if I agree with that statement. 6 confirmations are currently considered "good enough" to prevent a reorg. A couple of thousand of blocks are almost impossible to forge.

It also adds too much comfort for users in a situation where Security should be prioritized.  When setting up a new Node, people will be tempted to pick Armaggedon over Full Node for reasons of comfort which may in time lower the number of Full Nodes.  In my opinion, it is best that we have only the 'extremes' as in SPV and Full Node.  Making an option in between, will the advantage of not having to be patient to sync the entire Blockchain be worth the disadvantages?

Well we have already ZeroSync, even if it's still alpha, and we have pruned nodes, both intermediate approaches for nodes. I'm not sure if the "voluntary Armageddon approach" is better or worse than ZeroSync. On a first glance I would probably prefer ZeroSync because the incentive problem seems to have been solved more elegantly, but the Armageddon approach may be easier to understand for non-technical people and thus also could have its audience.

I believe in reality that this approach could be more of an alternative for SPV users (it should require the same amount of resources, perhaps a little bit more disk space) than for full node users. The "worth" of the "Armageddon nodes" for the network would be approximately similar to the pruned nodes (recent transactions can be requested from them) and the privacy is much higher than with SPV. In fact this model could challenge important chain analysis techniques like running Electrum servers (but ZeroSync does that too).

[Mia Chloe]

~snip

I think you’re right and I'll agree with you to be cautious because even if the Armageddon approach is technically verifiable it still kinda shifts trust to a recent snapshot rather than full history which in my opinion weakens the core security model and more importantly if it’s easier most users will defaultly make it their choice.

So unless it stays a clearly optional and less secure but faster niche the tradeoff probably isn’t worth it. I personally prefer a full node over a pruned node or a snapshot any time and day and I'll rather sacrifice a couple bucks to expand my SSD than settle for a pruned node. Not everyone has this opinion.

People will naturally want to go for the fastest option with less resource use and most of them don't weigh it's effect on general consensus.

[FrankS]

how do you construct the block so that it is a short cut.

Every eg 50,000 blocks there is a snapshot. Basically a list of all unspent inputs at that block height.

how big would they be?

and would not they take a long time to download.

An Armageddon might be around 9GB. That would be two magnitudes faster to download that the entire blockchain starting at the Genesis block.

So unless it stays a clearly optional and less secure but faster niche the tradeoff probably isn’t worth it. I personally prefer a full node over a pruned node or a snapshot any time and day and I'll rather sacrifice a couple bucks to expand my SSD than settle for a pruned node. Not everyone has this opinion.

It shoud be optional, and only offer a shortcut into the blockchain.

People will naturally want to go for the fastest option with less resource use and most of them don't weigh it's effect on general consensus.

It would bring storage/traffic down to single percent digits, compared to a full node and drastically increase initialization time.
Plus, people won't have to trust 3rd parties with their private keys and be at their mercy because it becomes easier to run it yourself.