- From: Peter Todd <pete@petertodd.org>
- Date: Sat, 24 Sep 2016 17:25:13 -0400
- To: melvincarvalho@gmail.com
- Cc: public-blockchain@w3c.org
- Message-ID: <20160924212513.GA1363@fedora-21-dvm>
> But isnt there some complexity involved? e.g. Proof of work is not simply > proof of work. There are also max difficulty changes, number or blocks to > difficulty change. Things like Kimoto Gravity Well etc. Any thoughts on > how to enumerate all these different flavours of the same concept? I don't think you can for decentralized chains. On the bitcoin-dev mailing list we discussed how to interpret block time fields for the purpose of timestamping in more detail: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-September/013120.html As you can see, that was a very in-depth discussion, and the tl;dr: answer is that exactly what a time field means depends a *lot* on the exact details of how a particular decentralized blockchain protocol achieves consensus. Get this wrong, and your interpretation could be off by hours, making it quite possible to falsely generate invalid timestamps. In any case, creating timestamps is just a small part of the problem: validating timestamps is the hard part. To validate a decentralized chain's timestamp, you need a very large dependency: an implementation of the protocol in question and a full node. In that context, the code savings involved by trying to come up with a way to generalize the way decentralized chains are validated are trivial. My plan for OpenTimestamps is to make each type of decentralized chain a completely separate notary type, with a separate codebase to validate it. Rather than focusing on client-side support for multiple chains it may be more productive - and a lot simpler - to have a community effort to ensure all the chains out there cross-timestamp each other. The best way to do this is as follows: 1) Build merkle trees of all headers in every cross-linked chain, creating a set of N per-chain commitments. 2) Take that set and create a merkle tree over every per-chain commitment, creating a final global commitment. 3) Timestamp that global commitment in every chain. With some cleverness you could even embed sufficient data in the chains themselves to recover the exact merkle trees build all of the from the chains, reducing the risk of losing the necessary data to actually use the trees after the fact. Otherwise, just save the resulting trees into an archive somewhere for later use. In OpenTimestamps, once the above has been done, regardless of what chain a given message was timestamped in, you'll always be able to find a k*log2(n) commitment operations path from that chain's header to the header of any other chain; this is possible because commitment operations are sufficiently flexible to represent any(1) cryptographically secure merkle path, even if it crosses multiple chains. That path can in turn be added to your timestamp in the event that any particular chain fails to be trustworthy - something that could easily be done by calendar servers on an as-needed basis. 1) One exception would be protocols that XOR intermediate digests with fixed constants, but fortunately other than HMAC secret keys AFAIK this idea doesn't exist in the wild! -- https://petertodd.org 'peter'[:-1]@petertodd.org
Received on Saturday, 24 September 2016 21:25:47 UTC