Re: [Bitcoin-development] BIP for Proof of Payment

2015-06-17 Thread Kalle Rosenbaum 
2015-06-16 21:48 GMT+02:00 Pieter Wuille pieter.wui...@gmail.com:
 I don't see why existing software could create a 40-byte OP_RETURN but not
 larger? The limitation comes from a relay policy in full nodes, not a
 limitation is wallet software... and PoPs are not relayed on the network.

You are probably right here. The thing is that I don't know how *all*
wallet signing and validating software is written, so I figure it's
better to stick to a valid output. Since I don't *need* more data
than 40 bytes, why bother. There's another constraint to this as well:
The other BIP proposal, Proof of Payment URI scheme, includes a
nonce parameter in the URI. If the nonce is very long, the QR code
will be unnecessarily big. The server should try to detect a brute
force of the 48 bit nonce, or at least delay the pop requests by some
100 ms or so.

Do you think this is an actual problem, and why? Is your suggestion to
use a bigger nonce, given the above?


 Regarding sharing, I think you're talking about a different use case. Say
 you want to pay for 1-week valid entrance to some venue. I thought the
 purpose of the PoP was to be sure that only the person who paid for it, and
 not anyone else can use it during that week.


That's right. That's one use case. You pay for the 1-week entrance and
then you use your wallet to sign PoPs when you enter the venue.

 My argument against that is that the original payer can also hand the
 private keys in his wallet to someone else, who would then become able to
 create PoPs for the service. He does not lose anything by this, assuming the
 address is not reused.


Yes, that is possible. It's about the same as giving out a
username/password for a service that you have paid for. In the case of
a concert ticket, it's simple. Just allow one entrance per payment.
But in the example you gave, it's a bit more complicated. You could
for example give all guests a bracelet upon first entry or upon first
exit. Or you can put a stamp on people leaving the venue, and demand
that all re-entries show the stamp, possibly along with a new PoP.
Pretty much as is done already. Different use cases will need
different protection. In this example, the value added by PoP is that
the venue does not have to distribute tickets in advance. This in turn
allows for better privacy for the customer, who don't have to give out
personal information such as an email-address.

 So, using a token does not change anything, except it can be provided to the
 payer - instead of relying on creating an implicit identity based on who
 seems to have held particular private keys in the past.


Yes, that's a difference, but it comes at the cost of security. The
stolen token can be used over and over. In the case of PoP it's only
usable once, and it's only created when it's actually needed,
minimizing the window of opportunity for the thief.

Regards,
Kalle

 On Jun 16, 2015 9:41 PM, Kalle Rosenbaum ka...@rosenbaum.se wrote:

 2015-06-16 21:25 GMT+02:00 Pieter Wuille pieter.wui...@gmail.com:
  You can't avoid sharing the token, and you can't avoid sharing the
  private
  keys used for signing either. If they are single use, you don't lose
  anything by sharing them.

 Forwarding the PoP request would be a way to avoid sharing keys, as
 suggested above.

 
  Also you are not creating a real transaction. Why does the OP_RETURN
  limitation matter?

 This was discussed in the beginning of this thread: The idea is to
 simplify implementation. Existing software can be used as is to sign
 and validate PoPs

 Regards,
 Kalle

 
  On Jun 16, 2015 9:22 PM, Kalle Rosenbaum ka...@rosenbaum.se wrote:
 
  Thank you for your comments Pieter! Please find my answers below.
 
  2015-06-16 16:31 GMT+02:00 Pieter Wuille pieter.wui...@gmail.com:
   On Mon, Jun 15, 2015 at 1:59 PM, Kalle Rosenbaum ka...@rosenbaum.se
   wrote:
  
   2015-06-15 12:00 GMT+02:00 Pieter Wuille pieter.wui...@gmail.com:
   I'm not sure if we will be able to support PoP with CoinJoin. Maybe
   someone with more insight into CoinJoin have some input?
  
  
   Not really. The problem is that you assume a transaction corresponds
   to
   a
   single payment. This is true for simple wallet use cases, but not
   compatible
   with CoinJoin, or with systems that for example would want to combine
   multiple payments in a single transaction.
  
 
  Yes, you are right. It's not compatible with CoinJoin and the likes.
 
  
   48 bits seems low to me, but it does indeed solve the problem. Why
   not
   128
   or 256 bits?
 
  The nonce is limited because of the OP_RETURN output being limited to
  40 bytes of data: 2 bytes version, 32 bytes txid, 6 bytes nonce.
 
  
Why does anyone care who paid? This is like walking into a
coffeshop,
noticing I don't have money with me, let me friend pay for me, and
then
have
the shop insist that I can't drink it because I'm not the buyer.
  
   If you pay as you use the service (ie pay for coffee upfront),
   there's
   no

Re: [Bitcoin-development] soft-fork block size increase(extensionblocks)

2015-06-17 Thread Raystonn . 
Wow.  That email was delayed by the list for quite some time.  It was sent on 
6/1.
From: Raystonn . 
Sent: Monday, June 01, 2015 12:02 PM
To: Mike Hearn ; Adam Back 
Cc: Bitcoin Dev 
Subject: Re: [Bitcoin-development] soft-fork block size 
increase(extensionblocks)

I also need to argue for increasing the default block limit to the full 1MB in 
the next release.  We’re already hitting that limit in bursts of transactions, 
which puts pressure on the average displayed in the below graphs.

From: rayst...@hotmail.com 
Sent: Monday, June 01, 2015 11:39 AM
To: Mike Hearn ; Adam Back 
Cc: Bitcoin Dev 
Subject: Re: [Bitcoin-development] soft-fork block size increase 
(extensionblocks)

 And we're not going to get to VISA scale any time soon

No, not at these block size limits.  The closer we get to the maximum block 
size, the slower we grow the average block size toward it.  Number of 
transactions per day is of course highly correlated with average block size.  
Based on these graphs we can expect that hitting 1 million transactions per day 
will be impossible without raising the maximum block size.


https://blockchain.info/charts/avg-block-size?showDataPoints=falseshow_header=truedaysAverageString=7timespan=allscale=1address=



https://blockchain.info/charts/n-transactions?showDataPoints=falsetimespan=allshow_header=truedaysAverageString=7scale=1address=
 



From: Mike Hearn 
Sent: Monday, June 01, 2015 11:01 AM
To: Adam Back 
Cc: Bitcoin Dev 
Subject: Re: [Bitcoin-development] soft-fork block size increase 
(extensionblocks)

  (at reduced security if it has software that doesnt understand it) 

Well, yes. Isn't that rather key to the issue?  Whereas by simply increasing 
the block size, SPV wallets don't care (same security and protocol as before) 
and fully validating wallets can be updated with a very small code change.

  A 1MB client wont even understand the difference between a 1MB and 8MB
  out payment. 

Let's say an old client makes a payment that only gets confirmed in an 
extension block. The wallet will think the payment is unconfirmed and show that 
to the user forever, no?

Can you walk through the UX for each case?

  If I am not misremembering, I think you've sided typically
  with the huge block, big data center only end of the spectrum.  

It would be Satoshi, that argued that.

I think there must be a communication issue here somewhere. I'm not sure how 
this meme has taken hold amongst you guys, as I am the guy who wrote the 
scalability page back in 2011:

https://en.bitcoin.it/wiki/Scalability


It says:

  The core Bitcoin network can scale to much higher transaction rates than are 
seen today, assuming that nodes in the network are primarily running on high 
end servers rather than desktops. 


By much higher rates I meant VISA scale and by high end server I meant high 
end by today's standards not tomorrows. There's a big difference between a 
datacenter and a single server! By definition a single server is not a 
datacenter, although it would be conventional to place it in one. But even with 
the most wildly optimistic growth imaginable, I couldn't foresee a time when 
you needed more than a single machine to keep up with the transaction stream. 


And we're not going to get to VISA scale any time soon: I don't think I've ever 
argued we will. If it does happen it would presumably be decades away. Again, 
short of some currently unimagined killer app.


So I don't believe I've ever argued this, and honestly I kinda feel people are 
putting words in my mouth.



--




___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development




--




___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
--
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development