linux.conf.au 2014 talk:
This talk presents a pre-alpha implementation of an adjunct network where gateways ferry between the
current bitcoin network and a new "pettycoin" network, which trades bitcoin's robustness for scalability. When complete, the result should be a network suitable for genuine microtransactions at the rate of thousands per second.
9. Bitcoin Blockchain
●
If more than one chain, longest wins
–
●
Presumably represents majority view
Transactions are checked against previous:
–
Inputs must not have already been used.
–
Value of inputs must be >= outputs
12. 100,000 TPS?
●
Is there a way to create a useful network
without everyone knowing everything?
–
What if we trade robustness for scalability?
13. 100,000 TPS?
●
Is there a way to create a useful network
without everyone knowing everything?
–
What if we trade robustness for scalability?
What if we throw out the baby
and the bathwater?
14. An Adjunct, Not An Altcoin!
●
Use real bitcoins
●
Mirrors bitcoin addresses
19. An Adjunct, Not An Altcoin!
●
●
Send bitcoin to gateway, it injects onto pettycoin
network (minus support fee)
Send pettycoins to gateway, it injects onto
bitcoin network (minus transaction fee)
20. An Adjunct, Not An Altcoin!
●
●
Send bitcoin to gateway, it injects onto pettycoin
network (minus support fee)
Send pettycoins to gateway, it injects onto
bitcoin network (minus transaction fee)
A transaction network, not a store of value!
28. Reduce Transaction Size
●
Only allow one signature for all inputs
–
–
●
ie. one input address.
Limit to 4 inputs
Only allow one output (implying change)
29. Reduce Transaction Size
●
Only allow one signature for all inputs
–
–
●
ie. one input address.
Limit to 4 inputs
Only allow one output (implying change)
=> 132 + 34N bytes
33. Shard the Network
●
Use upper 12 bits of address
–
Both input(s) and output address
–
So a transaction appears on up to 5 of 4096 shards
34. Shard the Network
●
Use upper 12 bits of address
–
–
●
Both input(s) and output address
So a transaction appears on up to 5 of 4096 shards
You can monitor a single network shard to find
out what's happening for a given address
35. Shard the Network
●
Use upper 12 bits of address
–
–
●
Both input(s) and output address
So a transaction appears on up to 5 of 4096 shards
You can monitor a single network shard to find
out what's happening for a given address
–
But you actually have to be on two, so it's all
connected
37. Shard the Block
●
Order transactions by (output address) shard
within block
–
Transactions with an input address on that shard
will be scattered throughout block
50. What Clients Need To Know
●
The block chain (of headers)
–
About 1 new block every 10 minutes
–
74 bytes + ~44 per batch of 4096 transactions
–
650 kbytes for 100,000 TPS
●
Around 8kbits
54. Sending A Transaction
●
●
Send me your transaction
Also send me transactions whose outputs you
use
–
And a 12-hash merkle proof for each one
55. Sending A Transaction
●
●
Send me your transaction
Also send me transactions whose outputs you
use
–
●
And a 12-hash merkle proof for each one
And the same for each transaction they use...
57. Sending A Transaction
●
If average transaction has 2.1 inputs
–
After a coin has been spent 10 times, 1700
transactions
–
Each transaction is 200 bytes
–
Each proof is 264 bytes
●
788k to send you a transaction
58. Sending A Transaction
●
If average transaction has 2.1 inputs
–
After a coin has been spent 10 times, 1700
transactions
–
Each transaction is 200 bytes
–
Each proof is 264 bytes
●
●
788k to send you a transaction!
After 1M, you have to send back to gateway.
59. Sending A Transaction
●
If average transaction has 2.1 inputs
–
After a coin has been spent 10 times, 1700
transactions
–
Each transaction is 200 bytes
–
Each proof is 264 bytes
●
●
788k to send you a transaction!
After 1M, you have to send back to gateway.
A transaction network, not a store of value!
63. What Miners Need To Know
●
“Double spends” are illegal in the chain
–
If you can prove it, network will reject block
64. What Miners Need To Know
●
“Double spends” are illegal in the chain
–
●
If you can prove it, network will reject block
Thus, miners need to check transaction inputs
–
Or trust the network to filter them!
65. What Miners Need To Know
●
“Double spends” are illegal in the chain
–
●
If you can prove it, network will reject block
Thus, miners need to check transaction inputs
–
Or trust the network to filter them!
=> Miners need complete knowledge of chain
72. Double Spend Detection
●
Easy to prove if you spot a duplicate in a block:
–
Send complaint packet with both proofs
–
Network will reject that block
74. Double Spend Detection
●
Mostly bitcoin network doesn't wait for
transactions to enter blocks for small amounts
–
Listen for 5 seconds to see if double spend
75. Double Spend Detection
●
Mostly bitcoin network doesn't wait for
transactions to enter blocks for small amounts
–
●
Listen for 5 seconds to see if double spend
Can we do better?
–
Karame, Ghassan, Elli Androulaki, and Srdjan
Capkun. "Two Bitcoins at the Price of One? DoubleSpending Attacks on Fast Payments in Bitcoin."
IACR Cryptology ePrint Archive 2012 (2012): 248.
78. TODO: Double Spend Detection
●
Rewards for reporting double spend?
–
Can't be taken from actual double spend
●
●
Noone would ever allow that to happen.
Would penalize recipient of first spend.
79. TODO: Double Spend Detection
●
Rewards for reporting double spend?
–
Can't be taken from actual double spend
●
●
–
Noone would ever allow that to happen.
Would penalize recipient of first spend.
Hard to “prove” who found the double spend
●
●
Trust the majority to be honest?
Require a small PoW?
80. TODO: Double Spend Detection
●
Rewards for reporting double spend?
–
Can't be taken from actual double spend
●
●
–
Hard to “prove” who found the double spend
●
●
●
Noone would ever allow that to happen.
Would penalize recipient of first spend.
Trust the majority to be honest?
Require a small PoW?
Need to inject double spends to provide
incentive... (but not enough to cheat!)
83. Ensuring Honest Miners
●
Hide a batch from the network!
–
Later, miner reveals it to double spend.
–
Will invalidate a future block.
84. Ensuring Honest Miners
●
Hide a batch from the network!
–
–
●
Later, miner reveals it to double spend.
Will invalidate a future block.
Prove you know last 10 blocks' transactions...
–
Prepend your address to each previous transaction
88. TODO: Ensuring Honest Miners
●
10 blocks back insufficient?
●
Forgiveness if double spend old enough?
–
Restrict number of transactions in a block?
–
Restrict amount transferred in any one transaction.
90. Mining Rewards
●
In bitcoin, miner gets 50/25/12.5...
–
Plus leftover from transactions in block (“transaction
fees”)
91. Mining Rewards
●
In bitcoin, miner gets 50/25/12.5...
–
●
Plus leftover from transactions in block (“transaction
fees”)
We can't mint bitcoins
92. Mining Rewards
●
In bitcoin, miner gets 50/25/12.5...
–
●
●
Plus leftover from transactions in block (“transaction
fees”)
We can't mint bitcoins
Without full knowledge, can't use transaction
fees
93. Mining Rewards
●
In bitcoin, miner gets 50/25/12.5...
–
●
●
●
Plus leftover from transactions in block (“transaction
fees”)
We can't mint bitcoins
Without full knowledge, can't use transaction
fees
If we offered flat fee, why bother collecting
transactions?
96. TODO: Mining Rewards
●
Statistical rewards!
–
“claim transaction”:
●
●
●
A valid transaction which was in your block
Proof that it was
A recent gateway injection transaction (last 20 blocks?)
97. TODO: Mining Rewards
●
Statistical rewards!
–
“claim transaction”:
●
●
●
–
A valid transaction which was in your block
Proof that it was
A recent gateway injection transaction (last 20 blocks?)
Reward amount depends on difference between
hash of that transaction xor of hash of next 100
blocks
●
●
More similar the better
Encourages more transactions.
101. TODO: Mining Rewards
●
Tax the future to pay for the present?
–
eg. after 4 years, pay 50% of rewards back to first
two years blocks.
102. TODO: Mining Rewards
●
Tax the future to pay for the present?
–
eg. after 4 years, pay 50% of rewards back to first
two years blocks.
–
Needs smoothing of course, but it'll never be “fair”
105. Trusting Gateways
●
The gateway is holding your bitcoin!
–
You can monitor it, but you have to trust.
–
Will only relay small amounts.
–
A good reason for limiting history.
106. Trusting Gateways
●
The gateway is holding your bitcoin!
–
You can monitor it, but you have to trust.
–
Will only relay small amounts.
–
A good reason for limiting history.
I don't want your money!
107. Trusting Gateways
●
The gateway is holding your bitcoin!
–
You can monitor it, but you have to trust.
–
Will only relay small amounts.
–
A good reason for limiting history.
I don't want your money!
A transaction network, not a store of value!
124. Status
●
Domain name registered!
●
Block generation code works.
●
Nodes talk to each other.
●
World's worst CPU miner mostly works.
●
Gateway transactions can be injected.
125. Status
●
Domain name registered!
●
Block generation code works.
●
Nodes talk to each other.
●
World's worst CPU miner mostly works.
●
Gateway transactions can be injected.
●
Normal transactions not yet handled.
126. Status
●
Domain name registered!
●
Block generation code works.
●
Nodes talk to each other.
●
World's worst CPU miner mostly works.
●
Gateway transactions can be injected.
●
Normal transactions not yet handled.
●
Bitcoin gateway not written
127. Status
●
Domain name registered!
●
Block generation code works.
●
Nodes talk to each other.
●
World's worst CPU miner mostly works.
●
Gateway transactions can be injected.
●
Normal transactions not yet handled.
●
Bitcoin gateway not written
●
Pettycoin explorer not written
128. Status
●
Domain name registered!
●
Block generation code works.
●
Nodes talk to each other.
●
World's worst CPU miner mostly works.
●
Gateway transactions can be injected.
●
Normal transactions not yet handled.
●
Bitcoin gateway not written
●
Pettycoin explorer not written
●
HTTP transaction receive not written.
129. FAQ
●
What if the pettycoin binary has a flaw?
●
What if pettycoin protocol has a flaw?
●
What if the gateways are hacked?
●
What if lawyers/governments/MIB shut it down?
●
What if someone threatens your family?
130. FAQ
●
What if the pettycoin binary has a flaw?
YOU WILL LOSE YOUR MONEY
●
What if pettycoin protocol has a flaw?
YOU WILL LOSE YOUR MONEY
●
What if the gateways are hacked?
YOU WILL LOSE YOUR MONEY
●
What if lawyers/governments/MIB shut it down?
YOU WILL LOSE YOUR MONEY
●
What if someone threatens your family?
YOU WILL LOSE YOUR MONEY
131. Disclaimer
●
This is not a spec!
●
Almost-working incomplete code at:
–
https://github.com/rustyrussell/pettycoin