📅 Original date posted:2015-02-20
📝 Original message:Mike Hearn wrote:
> Adam Back wrote:
> > Its seems surprising no one thought of it
> > that way before (as it seems obvious when you hear it) but that seems
> > to address the privacy issues as the user can fetch the block bloom
> > filters and then scan it in complete privacy.
>
> And then what? So you know the block matches. But with reasonable FP
> rates every block will match at least a few transactions (this is already the
> case - the FP rate is low but high enough that we get back FPs on nearly
> every block). So you end up downloading every block?
I mean because the user is scanning he can binary search which set of
addresses from his wallet are possibly in the block and then request
the specific addresses and some will be false positives and some real,
but with the bloom commitment (and UTXO trie organised commitment) he
can verify that the positive hits are correct via the merkle path, and
that the false positives are not being wrongly withheld by obtaining
merkle path proof that they are not in the trie.
Adam
On 20 February 2015 at 16:54, Mike Hearn <mike at plan99.net> wrote:
> Hey Adam,
>
>>
>> Mike had posted a detailed response on the topic on why its complex
>> and becomes bandwidth inefficient to improve it usefully.
>
>
> To clarify, we could improve privacy and still preserve usefully high
> performance, it's just a lot of complicated programming work. You need to
> find out from the OS how much bandwidth you have to play with, for example,
> and do all the very complex tracking to surf the wave and keep yourself in
> roughly the right place.
>
>> The basic summary of which I think is that its not even intended to
>> provide any practical privacy protection, its just about compacting
>> the query for a set of addresses.
>
>
> The original intent of Bloom filtering was to allow both. We want our cake
> and we want to eat it.
>
> The protocol can still do that, with sufficiently smart clients. The problem
> is that being sufficiently smart in this regard has never come to the top of
> the TODO list - users are always complaining about other things, so those
> things are what gets priority.
>
> It's not IMO a protocol issue per se. It's a code complexity and manpower
> issue.
>
>>
>> Its seems surprising no one thought of it
>> that way before (as it seems obvious when you hear it) but that seems
>> to address the privacy issues as the user can fetch the block bloom
>> filters and then scan it in complete privacy.
>
>
> And then what? So you know the block matches. But with reasonable FP rates
> every block will match at least a few transactions (this is already the case
> - the FP rate is low but high enough that we get back FPs on nearly every
> block). So you end up downloading every block? That won't work.
>
> Eventually, wallets need to stop doing linear scans of the entire block
> chain to find tx data. That worked fine when blocks were 10kb, it's still
> working OK even though we scaled through two orders of magnitude, but we can
> imagine that if we reach 10mb blocks then this whole approach will just be
> too slow.
>
> The main reason wallets are scanning the chain today (beyond lack of
> protocol support for querying the UTXO set by script), is that they want to
> show users time-ordered lists of transactions. Financial apps should show
> you payment histories, everyone knows this, and without knowing roughly when
> a tx happened and which inputs/outputs were mine, providing a useful
> rendering is hard. Even with this data the UI is pretty useless, but at
> least it's not actually missing.
>
> By combining Subspace and BIP70 we can finally replace the payments list UI
> with actual proper metadata that isn't extracted from the block chain, and
> at that point non-scanning architectures become a lot more deployable.
Adam Back [ARCHIVE] /
npub1ac…lswfj
2023-06-07 15:30:43
in reply to nevent1q…asr2
Author Public Key
npub1ac86vemj7ce5z8jyxt39rna3tvwql6xd30ha3vxcd6esysp23d9qrlswfjPublished at
2023-06-07 15:30:43Event JSON
{
"id": "8008c928ff8108e768c3427a0c5d7d262622a8239b02102f8f6597439e88628b",
"pubkey": "ee0fa66772f633411e4432e251cfb15b1c0fe8cd8befd8b0d86eb302402a8b4a",
"created_at": 1686151843,
"kind": 1,
"tags": [
[
"e",
"d00e0f44d6037fd0ba68029864e2acf1e3fe5c4c51dbcdd7d112be31766cd3e9",
"",
"root"
],
[
"e",
"1a703c72f267ea799c60c37891f4a640a3cbab4ffec9a5689c4ad6d38ccc1f2a",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "📅 Original date posted:2015-02-20\n📝 Original message:Mike Hearn wrote:\n\u003e Adam Back wrote:\n\u003e \u003e Its seems surprising no one thought of it\n\u003e \u003e that way before (as it seems obvious when you hear it) but that seems\n\u003e \u003e to address the privacy issues as the user can fetch the block bloom\n\u003e \u003e filters and then scan it in complete privacy.\n\u003e\n\u003e And then what? So you know the block matches. But with reasonable FP\n\u003e rates every block will match at least a few transactions (this is already the\n\u003e case - the FP rate is low but high enough that we get back FPs on nearly\n \u003e every block). So you end up downloading every block?\n\nI mean because the user is scanning he can binary search which set of\naddresses from his wallet are possibly in the block and then request\nthe specific addresses and some will be false positives and some real,\nbut with the bloom commitment (and UTXO trie organised commitment) he\ncan verify that the positive hits are correct via the merkle path, and\nthat the false positives are not being wrongly withheld by obtaining\nmerkle path proof that they are not in the trie.\n\nAdam\n\nOn 20 February 2015 at 16:54, Mike Hearn \u003cmike at plan99.net\u003e wrote:\n\u003e Hey Adam,\n\u003e\n\u003e\u003e\n\u003e\u003e Mike had posted a detailed response on the topic on why its complex\n\u003e\u003e and becomes bandwidth inefficient to improve it usefully.\n\u003e\n\u003e\n\u003e To clarify, we could improve privacy and still preserve usefully high\n\u003e performance, it's just a lot of complicated programming work. You need to\n\u003e find out from the OS how much bandwidth you have to play with, for example,\n\u003e and do all the very complex tracking to surf the wave and keep yourself in\n\u003e roughly the right place.\n\u003e\n\u003e\u003e The basic summary of which I think is that its not even intended to\n\u003e\u003e provide any practical privacy protection, its just about compacting\n\u003e\u003e the query for a set of addresses.\n\u003e\n\u003e\n\u003e The original intent of Bloom filtering was to allow both. We want our cake\n\u003e and we want to eat it.\n\u003e\n\u003e The protocol can still do that, with sufficiently smart clients. The problem\n\u003e is that being sufficiently smart in this regard has never come to the top of\n\u003e the TODO list - users are always complaining about other things, so those\n\u003e things are what gets priority.\n\u003e\n\u003e It's not IMO a protocol issue per se. It's a code complexity and manpower\n\u003e issue.\n\u003e\n\u003e\u003e\n\u003e\u003e Its seems surprising no one thought of it\n\u003e\u003e that way before (as it seems obvious when you hear it) but that seems\n\u003e\u003e to address the privacy issues as the user can fetch the block bloom\n\u003e\u003e filters and then scan it in complete privacy.\n\u003e\n\u003e\n\u003e And then what? So you know the block matches. But with reasonable FP rates\n\u003e every block will match at least a few transactions (this is already the case\n\u003e - the FP rate is low but high enough that we get back FPs on nearly every\n\u003e block). So you end up downloading every block? That won't work.\n\u003e\n\u003e Eventually, wallets need to stop doing linear scans of the entire block\n\u003e chain to find tx data. That worked fine when blocks were 10kb, it's still\n\u003e working OK even though we scaled through two orders of magnitude, but we can\n\u003e imagine that if we reach 10mb blocks then this whole approach will just be\n\u003e too slow.\n\u003e\n\u003e The main reason wallets are scanning the chain today (beyond lack of\n\u003e protocol support for querying the UTXO set by script), is that they want to\n\u003e show users time-ordered lists of transactions. Financial apps should show\n\u003e you payment histories, everyone knows this, and without knowing roughly when\n\u003e a tx happened and which inputs/outputs were mine, providing a useful\n\u003e rendering is hard. Even with this data the UI is pretty useless, but at\n\u003e least it's not actually missing.\n\u003e\n\u003e By combining Subspace and BIP70 we can finally replace the payments list UI\n\u003e with actual proper metadata that isn't extracted from the block chain, and\n\u003e at that point non-scanning architectures become a lot more deployable.",
"sig": "5f8b3fd429ad5b7d830141a2a0eea31a6d4c76fc3dd5438f5fbe1b6d573e73a8c51955b4bd96eb79da1e28a5bfd946d3b8148588e412b4bf816207b2536a3bb3"
}