📅 Original date posted:2013-07-23
📝 Original message:On Tue, Jul 23, 2013 at 10:27:19AM +0200, Andreas Schildbach wrote:
> On 07/22/2013 09:42 PM, Jeff Garzik wrote:
>
> > The general goal of the HTTP REST interface is to access
> > unauthenticated, public blockchain information. There is no plan to
> > add wallet interfacing/manipulation via this API.
>
> Is it planned to expose the UXTO set of a given address? That would be
> useful for SPV wallets to be able to swipe a previously unknown private
> key (e.g. paper wallet).
Depends what you mean by expose.
Maintaining an address/script-indexed UTXO is generally useful, in
particular for things like sweeping addresses. I certainly have
less problems with 'exposing' this than exposing a fully-indexed
block chain history.
However, and I expect that's what your question is about, this isn't
really useful for SPV (or less) nodes, as there is no way to
authenticate this data. If you can fake a UTXO entry, you can make
a peer believe anything about their balance, potentially resulting
in creating a valid transaction that sends change it didn't know
was there as fee to miners. Other than for normal block chain data,
there is no way to detect this without at least partial validation.
The only way to do this safely at an SPV security assumption, is by
having an address-indexed committed merkle UTXO-set tree, like the
one proposed by Alan Reiner, and being implemented by Mark
Friedenback. I know Michael Gronager has something similar implemented,
but I don't know whether it is script-indexed. To be actually useful,
it likely needs to be enforced by miners - putting a significant
burden on validation nodes. Still, if it can be done efficiently,
I think this would be worth it, but more research is needed first in
any case.
Regarding sweeping keys in the first place - I think using those,
and relying on address-indexed UTXO sets or blockchains to import
them, is an idea that doesn't scale very well in the first place.
If it is for things like scratch card or physical coins, with a
pre-set value, the obvious solution IMHO is storing the crediting
transaction with its merkle path together with the key. If that's
not possible, just the txid:vout of the credit output can suffice.
Yes, that's more data than is necessary now, but it's so much more
trivial to use.
--
Pieter
Pieter Wuille [ARCHIVE] /
npub1tj…jtl6r
2023-06-07 15:04:56
in reply to nevent1q…kdwv
Author Public Key
npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6rSeen on
wss://relay.noswhere.comPublished at
2023-06-07 15:04:56Event JSON
{
"id": "ae20f8408ece0bf33997cccdaba631bb7ed3f7fc1e6a4d54f02bcbf70c35a77a",
"pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6",
"created_at": 1686150296,
"kind": 1,
"tags": [
[
"e",
"2548e3bbd5806f0a91f1440e5be19b1893f723d052860cba20b98f557d042316",
"",
"root"
],
[
"e",
"fe5a0669f53294de0535c6d10695f9fa8bd67d66d7352f96032e71ec06f81654",
"",
"reply"
],
[
"p",
"9e3c76fd7eb862ca37f150391debc7baa4f8423eaa3f894c476a7d4360de9a02"
]
],
"content": "📅 Original date posted:2013-07-23\n📝 Original message:On Tue, Jul 23, 2013 at 10:27:19AM +0200, Andreas Schildbach wrote:\n\u003e On 07/22/2013 09:42 PM, Jeff Garzik wrote:\n\u003e \n\u003e \u003e The general goal of the HTTP REST interface is to access\n\u003e \u003e unauthenticated, public blockchain information. There is no plan to\n\u003e \u003e add wallet interfacing/manipulation via this API.\n\u003e \n\u003e Is it planned to expose the UXTO set of a given address? That would be\n\u003e useful for SPV wallets to be able to swipe a previously unknown private\n\u003e key (e.g. paper wallet).\n\nDepends what you mean by expose.\n\nMaintaining an address/script-indexed UTXO is generally useful, in\nparticular for things like sweeping addresses. I certainly have\nless problems with 'exposing' this than exposing a fully-indexed\nblock chain history.\n\nHowever, and I expect that's what your question is about, this isn't\nreally useful for SPV (or less) nodes, as there is no way to\nauthenticate this data. If you can fake a UTXO entry, you can make\na peer believe anything about their balance, potentially resulting\nin creating a valid transaction that sends change it didn't know\nwas there as fee to miners. Other than for normal block chain data,\nthere is no way to detect this without at least partial validation.\n\nThe only way to do this safely at an SPV security assumption, is by\nhaving an address-indexed committed merkle UTXO-set tree, like the\none proposed by Alan Reiner, and being implemented by Mark\nFriedenback. I know Michael Gronager has something similar implemented,\nbut I don't know whether it is script-indexed. To be actually useful,\nit likely needs to be enforced by miners - putting a significant\nburden on validation nodes. Still, if it can be done efficiently,\nI think this would be worth it, but more research is needed first in\nany case.\n\nRegarding sweeping keys in the first place - I think using those,\nand relying on address-indexed UTXO sets or blockchains to import\nthem, is an idea that doesn't scale very well in the first place.\nIf it is for things like scratch card or physical coins, with a\npre-set value, the obvious solution IMHO is storing the crediting\ntransaction with its merkle path together with the key. If that's\nnot possible, just the txid:vout of the credit output can suffice.\nYes, that's more data than is necessary now, but it's so much more\ntrivial to use.\n\n-- \nPieter",
"sig": "403895f3b1d98dbef701873aa57956a81d4d10add5dd65f0757bb6b14113773eee6e9b95d4fbf71faa046e86a03115c621e6d8b168b569bf4aeb0291307de8aa"
}