I've seen it mentioned once on this subreddit, but it didn't seem to get the attention it I think would deserve. It's something Bitcoin Cash would definitely benefit of.
Currently, SPV nodes check the validity of a block by only checking the proof-of-work done (see Section 8 of the whitepaper). Personally, I think this is secure enough, but if one would want to verify that the block actually contains no double-spends and follows the consensus rules, they'd have to run a full node and verify all transactions of the network.
I think it would be pretty cool to be able to verify the whole blockchain as a SPV node without relying solely on proof-of-work. That would at least remove the need to run a full node other than for mining, archives, blockchain archives, scanners and explorers.
A couple of researchers found a novel solution using zk-SNARKs, i.e. zero knowledge proofs. Note that they are a very new cryptographic primitive, that could turn out to be insecure. However, Bitcoin currently has some unproven cryptographic assumptions, too, like ECC or hashes, although for those, researchers have been trying to punch holes into them way longer.
The protocol is called Coda, and I've found a very nice video explaining the concept in simple terms.
The basic idea is to encode the act of verifying the blockchain into a zk-SNARK proof, which is tiny in size and can be verified very quickly, about as fast as a Bitcoin signature. They call it "compressing". However, full nodes/miners are still required to receive/verify/broadcast all the transactions, so it seems to me it would be a rather tiny change to the ecosystem as a whole.
Miners/full nodes of Bitcoin Cash could produce these proofs as part of their protocol, and SPV wallets could be able to verify them, additionally to verifying the proof-of-work, basically as an add-on for extra trustlessness. The only remaining thing miners/full nodes could do to SPV nodes would be to omit transactions by not broadcasting them to the SPV node, which is currently solved by connecting to multiple nodes.
If implemented, even SPV wallets could be sure that miners follow the consensus rules. Which is an argument for bigger blocks, as there's no need anymore to run a full-node on a Raspberry Pi or something at home.
TL;DR: if KEA1 holds => yet another small blocker argument debunked
Written by: eyeofpython
Source: http://bit.ly/2WVCSEK
No comments:
Post a Comment