[bitcoin-dev] 答复: Block compression

[lonsdale aseaday via bitcoin-dev]

Hi, Block compression brings some problems witch need to check and you can 
visit:
https://bitcointalk.org/index.php?topic=88208.0 and 
https://bitcointalk.org/index.php?topic=204283.0


发件人: bitcoin-dev-boun...@lists.linuxfoundation.org 
 代表 Jeff Johnson via bitcoin-dev 

发送时间: 2017年11月27日 10:11
收件人: bitcoin-dev@lists.linuxfoundation.org
主题: [bitcoin-dev] Block compression

I'm new to this mailing list and apologize if this has been suggested before. I 
was directed from the Bitcoin core github to this mailing list for suggestions.

I'd just like to post a possible solution that increases the amount of data in 
a block without actually increasing the size on disk or the size in memory or 
the size transmitted over the Internet. Simply applying various compression 
algorithms, I was able to achieve about a 50% compression ratio. Here are my 
findings on a recent Bitcoin block using max compression for all methods:

Raw block
998,198 bytes

Gzip
521,212 bytes (52% ratio)
(needs 2MB to decompress).

LZMA
415,308 bytes (41% ratio)
(1MB dictionary, needs 3MB to decompress)

- ZStandard: 469,179 bytes (47% ratio)
(1MB memory to decompress)

- LZ4: 641,063 bytes (64% ratio)
(32-64K to decompress)

The compression time on my modest laptop (2 years old) was "instant". I ran all 
from the command line and did not notice any lag as I pressed enter to do the 
compression, so easily less than a second. But compression time doesn't matter, 
decompression time is what matters as blocks will be decompressed billions of 
times more than they will be compressed. Decompression speed for LZ4 is the 
fastest of the above methods, at 3.3GB / second, slightly less than half the 
speed of memcpy, see char at (https://github.com/lz4/lz4).

If decompression speed, CPU and memory usage is a concern, LZ4 is a no brainer. 
You basically get a 33% larger block size for "free". But ZStandard, in my 
opinion, makes the most sense as it offers greater than 50% compression ratio 
with a very good decompression ratio of 900MB / second.

If this were implemented in the Bitcoin protocol, there would need to be a 
place to specify the compression type in a set of bits somewhere, so that 
future compression algorithms could potentially be added.

Miners could do nothing and keep sending blocks as is, and these blocks would 
have "no compression" as the type of compression, just as today. Or they could 
opt in to compress blocks and choose how many transactions they want to stuff 
into the block, keeping the compressed size under the limit.

The bitcoin client code would also need to be able to handle the appropriate 
compression bits, and limits of signature data, etc. modified to deal with the 
compression.

I understand schnorr signatures are on the roadmap as a 25% compression gain 
which is great, I suspect that schnorr signatures would compress even further 
when compressed with the above compression methods.

Here is a link to the block that I compressed: 
https://mega.nz/#!YPIF2KTa!4FxxLvqzjqIftrkhXwSC2h4G4Dolk8dLteNUolEtq98

Thanks for reading, best wishes to all.

-- Jeff Johnson
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Block compression

[Jeff Johnson via bitcoin-dev]

I'm new to this mailing list and apologize if this has been suggested
before. I was directed from the Bitcoin core github to this mailing list
for suggestions.

I'd just like to post a possible solution that increases the amount of data
in a block without actually increasing the size on disk or the size in
memory or the size transmitted over the Internet. Simply applying various
compression algorithms, I was able to achieve about a 50% compression
ratio. Here are my findings on a recent Bitcoin block using max compression
for all methods:

Raw block
998,198 bytes

Gzip
521,212 bytes (52% ratio)
(needs 2MB to decompress).

LZMA
415,308 bytes (41% ratio)
(1MB dictionary, needs 3MB to decompress)

- ZStandard: 469,179 bytes (47% ratio)
(1MB memory to decompress)

- LZ4: 641,063 bytes (64% ratio)
(32-64K to decompress)

The compression time on my modest laptop (2 years old) was "instant". I ran
all from the command line and did not notice any lag as I pressed enter to
do the compression, so easily less than a second. But compression time
doesn't matter, decompression time is what matters as blocks will be
decompressed billions of times more than they will be compressed.
Decompression speed for LZ4 is the fastest of the above methods, at 3.3GB /
second, slightly less than half the speed of memcpy, see char at (
https://github.com/lz4/lz4).

If decompression speed, CPU and memory usage is a concern, LZ4 is a no
brainer. You basically get a 33% larger block size for "free". But
ZStandard, in my opinion, makes the most sense as it offers greater than
50% compression ratio with a very good decompression ratio of 900MB /
second.

If this were implemented in the Bitcoin protocol, there would need to be a
place to specify the compression type in a set of bits somewhere, so that
future compression algorithms could potentially be added.

Miners could do nothing and keep sending blocks as is, and these blocks
would have "no compression" as the type of compression, just as today. Or
they could opt in to compress blocks and choose how many transactions they
want to stuff into the block, keeping the compressed size under the limit.

The bitcoin client code would also need to be able to handle the
appropriate compression bits, and limits of signature data, etc. modified
to deal with the compression.

I understand schnorr signatures are on the roadmap as a 25% compression
gain which is great, I suspect that schnorr signatures would compress even
further when compressed with the above compression methods.

Here is a link to the block that I compressed:
https://mega.nz/#!YPIF2KTa!4FxxLvqzjqIftrkhXwSC2h4G4Dolk8dLteNUolEtq98

Thanks for reading, best wishes to all.

-- Jeff Johnson
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why SegWit Anyway?

[CANNON via bitcoin-dev]

On 11/21/2017 01:16 PM, Adán Sánchez de Pedro Crespo via bitcoin-dev wrote:
> 2. SegWit signatures can be cheaper to verify (linear instead of
> quadratic). Prior to this, DoS attacks were possible by using forged
> transactions including signatures which could take several minutes to
> verify.

Where can I find more resources on this described DoS attack?
And how does SegWit prevent this if using SegWit transactions are not enforced?

Thanks
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev