< bitcoin-git>
[bitcoin] MarcoFalke opened pull request #19914: refactor: Do not pass chain params to CheckForStaleTipAndEvictPeers twice (master...2009-netNo2ChainParams) https://github.com/bitcoin/bitcoin/pull/19914
< bitcoin-git>
[bitcoin] hebasto closed pull request #19913: refactor: Drop unused `UniqueLock(Mutex*, ...)` constructor in sync.h (master...200907-sync) https://github.com/bitcoin/bitcoin/pull/19913
< bitcoin-git>
[bitcoin] hebasto opened pull request #19915: refactor: Use Mutex type for some mutexes in CNode class (master...200908-netmx) https://github.com/bitcoin/bitcoin/pull/19915
< bitcoin-git>
[bitcoin] Crypt-iQ opened pull request #19916: build: allow user to specify DIR_FUZZ_SEED_CORPUS when invoking cov_fuzz target (master...cov_fuzz_cleanup_0908) https://github.com/bitcoin/bitcoin/pull/19916
< meshcollider>
I propose for discussion that fanquake be made an admin on the repo so he can block people like Wladimir and Peter can (assuming he wants the ability)
< wumpus>
sgtm
< provoostenator>
No objection. I assume it's announced somewhere who is blocked?
< provoostenator>
(or I guess the blockee can complain via other channels, it's not like the Black Mirror episode)
< wumpus>
it's always mentioned here
< wumpus>
at least, that's what we should aim for
< wumpus>
apart from the really rare persistent troll it's only been used for obvious fake and scam and spam accounts, who never complain because they understand what they're doing
< yonatanbl>
Can anyone here review the Hebrew translation for Core on Transifex?
< wumpus>
hi, not sure anyone reads Hebrew here but you never know
< elichai2>
oh I thought you meant something specific, I went over it a couple of times in the past, but it's pretty exhausting honestly
< yonatanbl>
I see
< elichai2>
did anyone see this error while trying to compile the fuzzers? `crypto/sha256_sse4.cpp:44:9: error: expected relocatable expression`
< wumpus>
never saw it before
< wumpus>
apparently it cannot make the inline assembly relocatable? is that a compiler or linker error?
< elichai2>
Looks like compiler, bigger output: https://pastebin.com/raw/fnV6J9MR. I'm trying to mix some flags to pinpoint what's doing that (currently it's fuzzer+debug+asan+libfuzzer+clang)
< elichai2>
Ok, that's weird, it only happens with asan+fuzzer, but not with any of them alone (`AS=clang CC=clang CXX=clang++ ./configure --enable-debug --with-incompatible-bdb --enable-fuzz --with-sanitizers=address`)
< jonasschnelli>
Especially the point to retrieve further packets up to MAX_PACKET_LENGTH on an invalid MAC
< jonasschnelli>
^ ariard
< real_or_random>
jonasschnelli: oh I think I missed that one, I need to read up on this first
< jonasschnelli>
would be great! thanks
< jonasschnelli>
Unifying the error case for invalid MAC and MAX_PACKET_SIZE overflow makes much sense to me
< elichai2>
jonasschnelli: hmm I think it would still be obvious that it is an invalid MAC error, but at least it hides the size. what happens if the sender doesn't try to send that many packets? the connection will halt until timeout?
< fanquake>
meshcollider: fine with me
< jonasschnelli>
elichai2: yes. It will lead to the timeout... (currently checking the code path)
< jonasschnelli>
elichai2: the pnode->nLastRecv is indifferent in V1/V2. So no traffic == timeout-disconnect (V1/V2)
< jnewbery>
sipa: not sure if you want to take a quick look. It's somewhat adjacent (though not conflicting) with your work in #19503 and I think you mentioned something about wanting to tidy up how we handle p2p versions
< jnewbery>
reminder: p2p meeting in 15 minutes. One suggested topic so far "What would a good transaction propagation framework look like? See a first draw Transactions propagation design goals" #19820 (ariard)
< jnewbery>
ok, before we get started with those topics, does anyone have any general updates on what they're working on, or what they're prioritizing? Raise your hand if you want to give an update o/
< gleb>
Over the last 10 days I opened 4 addr-related prs… I really think addr needs some attention, and my further work is blocked on this. I know addr is not the most well-known topic. I’m willing to provide any help to facilitate that review :)
< sipa>
hi
< aj>
oh, sdaftuar said something other than hi!
< aj>
holla
< gleb>
Some of them is refactoring, other have important implications and fix bugs
< jonatack>
hi
< sdaftuar>
aj: hi
< aj>
sdaftuar: nack
< jnewbery>
ok, well if no-one else has any general updates, I'll just share one of mine, then we can go onto proposed topics?
< sdaftuar>
jnewbery: ack
< ariard>
yes
< jnewbery>
I'd still encourage review of the remaining backport #19606
< jnewbery>
there was some confusion about Marco's comment a few weeks ago about merge order. Is MarcoFalke here?
< jnewbery>
Either way, I'd encourage review. It's not a totally clean backport, but it shouldn't be impossible to review
< jonatack>
quick reminder to review the bip155 and bip324 implementation PRs
< jnewbery>
#topic netgroup diversity of outbound peers (gleb)
< gleb>
#19860
< gribble>
https://github.com/bitcoin/bitcoin/issues/19860 | Improve diversification of new connections: privacy and stability by naumenkogs · Pull Request #19860 · bitcoin/bitcoin · GitHub
< sdaftuar>
i suggested that topic because some of the changes are non-obvious to me, and thought discussion would help
< gleb>
This PR has some obvious improvement: e.g. don't look at current feelers when make new persistent connection, because feelers are temporary so shold not affect I believe.
< gleb>
I guess there is one nuance that is not obvious.
< gleb>
I suggested to not look at the *existent* block-relay-only conns (2 conns we have) while making *new* full relay conns.
< gleb>
Because block-relay-conns should be more private (we rely on them for anti-eclipse).
< gleb>
And someone controlling our AddrMan (e.g. by occupying all our full relay slots) may deduce which netgroups are existent block-relay-o conns are taking.
< gleb>
The disadvantage of this change is that we will have a little less diversity as a whole
< gleb>
(new full-relay conns may be in same net group with existent block relay only conns)
< sdaftuar>
That last point is the one that I thought should be the primary consideration, as that seems like it has the greatest effect on our partition-resistance -- more diversity seems better
< gleb>
So I guess it's questionable whether this privacy benefit worth sacrificing a bit of diversity. And whether this kind of privacy threat is real, in general.
< amiti>
if someone has taken over our addrman & we're trying to open block-relay-only conns, isn't the bigger concern that we would just be opening connections to the poisoned addresses?
< gleb>
amiti: I assume that at that time we still have 2 healthy block-relay-only conns, and I want to expose them as little as possible.
< ariard>
sdaftuar: does the design goal of block-relay-only connections was to mask better block-relay topology, thus masking netgroups of such peers should be in agreement?
< gleb>
sdaftuar: I was fine with sacrificing diversity here, because it has so little effect. The only difference will be that *just two* existing block-relay-only conns may overlap with new full relay conns.
< amiti>
whats the worst attack that could be carried out if an adversary knows the netgroups of the conns?
< gleb>
And if we have more than two in the future, we can make 2 of them private, and N-2 of them overlappable.
< jnewbery>
gleb: is it fair to say the effect is that we'll have the same level of diversity as we did prior to block-relay-only peers being introduced?
< gleb>
amiti: they can further deduce what are those peers in the network, and evict us from them.
< amiti>
gleb: how?
< ariard>
amiti: I think about looking among available public peers in this netgroup and open connection to them to try to evict inbound slot of your victim
< gleb>
jnewbery: Yes, I think it's fair. sdaftuar?
< sdaftuar>
gleb: we do have keyed network groups, so i am curious what you have in mind there?
< sdaftuar>
jnewbery: yes, i think that's likely true
< amiti>
ariard: thanks!
< sdaftuar>
ariard: the goal of the connections is twofold:
< sdaftuar>
- the main goal is to increase the difficulty/cost/power of an adversary required to carry out a network partitioning attack against a target node
< sdaftuar>
and the specific motivation was that our existing full-relay connections leak topology information, and fixing that is sort of hopeless in the long run, though we certainly can and should make improvements where possible
< jnewbery>
the questions I'd ask are: was diversity a problem to block-relay-only peers being introduced? Did block-relay-only peers make it measurably better? I guess there aren't answers to those except "more is generally better"
< sdaftuar>
- the second goal is a bit more nebulous, but my thinking is that it's easier to get the anti-DoS tradeoffs right if we focus on the different aspects of network traffic separately
< sdaftuar>
so for instance i think the design goals around transaction relay may leads us to different peering strategies than the design goals around block relay
< gleb>
jnewbery: In my opinion, block-relay-only connections wasn't intended to improve diversity at all. I'd say it was a side-effect benefit we got for free.
< sdaftuar>
gleb: i think i agree, but that benefit seems so substantial that i think taking it away for the sake of privacy is hard for me to imagine, without a concrete understanding of where the privacy would be lost
< gleb>
sdaftuar: an attacker just forces us to connect to a peer from some netgroup, sees that we refuses, and deduces that our block-relay-only is in that group.
< sipa>
sdaftuar: i think you're missing one point: block-only connections increase partition resistance without the bandwidth overhead that full connections have
< sdaftuar>
sipa: yes, thank you
< ariard>
wrt to increase the difficulty/cost/power, I think you can achieve this by either more diversity and/or more non-observability of your peerings, what gleb's PR is underscoring IMO is a potential trade-off between them
< sipa>
gleb: how can they force us to connect somewhere?
< gleb>
sipa: have all our full relay slots, feed only selected addr records of their sybils, drop connections and see us connect to one of their sybils
< jnewbery>
gleb: 'just forces us to connect to a peer from some netgroup' sounds very difficult. If an attacker can already do that, I think we're in a lot of trouble already
< sipa>
gleb: that sounds like they've already succesfully pattitioned us?
< gleb>
I assume a scenario when we lost all our full relay slots, but still have 2 block-relay-only slots.
< sipa>
or are trivially able to do so as well
< ariard>
do we assume that our full-relay can be discovered through transaction relay in that way you can learn their netgroups and exclude block-relay-o to be there
< gleb>
b-r-o slots don't answer addr queries i believe, so they won't help to sanitize our addr man
< sdaftuar>
correct, or rather we ignore addr messages from our block-relay peers
< aj>
sipa: if we had (say) 10 blocks-only connectoins and 6 tx-relay connections, it might make sense to have separate netgroups for each blocks-only peer and separate netgroups for each tx-relay peer, but not worry about overlap between the two?
< ariard>
if you can learn the full-relay peers of your victim, you can try to influence peering of those full-relay by exploiting their inbound eviction logic
< sdaftuar>
aj: isn't more diversity still better?
< jonatack>
sdaftuar: separate design goals make sense to me as well given the very different characteristics of tx relay and block relay. for instance, from what i see, last tx is frequent, many/most peers, and often in seconds. last block is rare, comes from only a few peers, over minutes and hours.
< sipa>
my thinking (but i haven't thought/looked too much) is that you want to maximize diversity of (full+blockonly), and of (full) alone
< sdaftuar>
sipa: that lines up with my intuition as well
< ariard>
aj: I agree with these logic, but as of today full-relay we have an overlap between connections types, that's more how we address this while moving in this direction
< ariard>
*this
< sipa>
the former for partition resistance, the second for actual short-term efficient connectivity
< gleb>
I just thought that the impact of dropping block-relay-only from the full relay diversity set would be fine. It's just 2 peers. And they still be diverse among themselves.
< aj>
sdaftuar: i guess my gut feel is that once you have sufficient diversity, then having them be independent gets you more robustness as well since one network can't interfere with the other?
< gleb>
And block-relay-only will be diverse w.r.t existent full-relay conns. Just not vice versa :)
< aj>
sdaftuar: (2 peers not being sufficiently diverse, 6-10 maybe being sufficiently diverse)
< jnewbery>
aj: that seems like a good end-goal. Totally separating logic for the connection types allows us to reason about each individually and prevents potentially privacy/exploitability by not allowing information to leak between the two.
< sdaftuar>
gleb: that part of the logic is strange to me, because the peering logic is not symmetric depending on what order you connect in?
< sipa>
jnewbery: hmm, i see the appeal for that too
< gleb>
sdaftuar: I don't see symmetry as a good goal :)
< sdaftuar>
aj: yeah so i guess there are two goals, one is how we minimize the likelihood of being partitioned, but then maybe once we're close enough on that point, we can choose other tradeoffs e.g. for robustness/design clarity as jnewbery suggested
< gleb>
Maybe we should keep this until more block-relay-only, and then make part of them private and part of them diverse?
< amiti>
I'm still trying to wrap my head around the attack vectors in the scenario (full-relay taken over, block-relay safe). I think ofc diversity is good, but the small decrease might be worthwhile if its offering protection. but I need to understand exactly what its protecting against in order to evaluate that tradeoff.
< sdaftuar>
it does seem like we're a long way from truly separating connection types, as long as addrman is firmly in the middle here
< sipa>
sdaftuar: looking at full only when making a new full connection, and looking at both when making a blocksonly connection... isn't that how you'd implememt maximization of diversity for (blocksonly+full) and for (full) alone?
< ariard>
sdaftuar: non-observability of victim's connections likely minimizes the likelihood of being partitioned
< gleb>
sipa: this is my exact suggestion btw.
< sipa>
amiti: i'm not there is a concrete attack beyond "8 connections is easier to partition than 10"
< sdaftuar>
sipa: i was going to point out that achieving maximum diversity for blocksonly+full is sufficient to achieve maximum diversity for full alone
< sipa>
sdaftuar: hmm!
< sipa>
of course
< jnewbery>
it seems like it's ok for information about full connections to leak into our blocksonly connection logic, since blocksonly are meant to be private?
< sdaftuar>
i think this comes down to whether we think this attack -- can we observe keyed-netgroup collisions from observed outbound connections -- is practical for some kind of attacker we're concerned about?
< gleb>
jnewbery: yeah, I think so. Because there are probably better ways to learn full conns anyway
< gleb>
sdaftuar: do you accept the setting where we lost all our full conns, but 2 block-relay-only are still healthy?
< gleb>
or you think it's unrealistic
< sdaftuar>
if our addrman starts off healthy, then i think we're probably ok in that scenario
< sdaftuar>
if our addrman is already poisoned but for the two block-relay only connections, i think that's a very edge-case scenario to try to optimize for
< sdaftuar>
(i think we're ok because of feelers, maybe that's wrong)
< gleb>
i see.
< sipa>
i have a hard time imagining how that's not a problem
< ariard>
gleb: when you assume addrman poisoning, do you scope knocking-out the feeler logic by an attacker?
< jnewbery>
does anchor connections make gleb's scenario more likely?
< sdaftuar>
sipa: i guess one thing that goes wrong is that eventually nodes go offline, and so in the long run you lose all your honest peers?
< sipa>
because with all normal connections sybilled, the attacker can probably start poisoning addrman, and leave you no way to recover
< amiti>
jnewbery: was wondering that. I think so
< ariard>
jnewbery: I think it makes it easier to observe them as block-relay-o become more stable?
< jnewbery>
(#17428)
< gribble>
https://github.com/bitcoin/bitcoin/issues/17428 | p2p: Try to preserve outbound block-relay-only connections during restart by hebasto · Pull Request #17428 · bitcoin/bitcoin · GitHub
< sdaftuar>
sipa: does this problem get solved if we introduce some level of rotation of tx-relay peers?
< gleb>
Yeah I don't have big faith in feelers once we lost all our full conns
< gleb>
We don't even send GETADDR to feelers iirc?
< sdaftuar>
sorry, i don't mean feelers
< sdaftuar>
what i mean is the tried-table-collision resolution algorithm
< sipa>
that's feelers, no?
< gleb>
oh, that's interesting.
< ariard>
that's done by feelers connection
< sdaftuar>
no, feelers are for connecting to NEW table entries and trying to mive them to tried
< gleb>
Not sure how that thing is effective.
< sdaftuar>
yes, we call them feelers too
< sdaftuar>
but it's confusing
< sipa>
mive?
< sdaftuar>
move*
< jnewbery>
I do like the concept of not allowing any information at all to leak from our blocksonly connections into our other connection logic. Even if this particular scenario is unlikely, it's still nice to be able to count out any such similar attacks.
< sipa>
ah, move
< sipa>
thinking ahout this, i wonder if we need addr-only connections too
< gleb>
The worst diversity degradation here btw: 2 newly selected full peers are from the same netgroup as 2 existent block-relay-only conns
< gleb>
sipa: working on that stuff.
< sdaftuar>
sipa: yeah i was thinking about that a bit as well
< gleb>
it's blocked by my 4 addr-related prs :)
< sipa>
i'm not worried about information leakage of our selection of full/blockonly connections
< sipa>
but our partitition resistance gained (assuming blockonly is diverse wrt full) is only for block connectivity
< sipa>
not for addrmam health
< sipa>
which is valuable, but shorter term
< aj>
sipa: maybe addr-only connections should mean occassionally requery dns-seeds too (once a day or once a week, poisson'ed eg) ?
< sipa>
maybe
< ariard>
sipa: you mean an attacker can't interfere with victim's blockonly connections if it learns their netgroups?
< sdaftuar>
aj: that leaks different information that people are concerend about i think?
< gleb>
aj: this is a follow-up for #18421
< gribble>
https://github.com/bitcoin/bitcoin/issues/18421 | Periodically update DNS caches for better privacy of non-reachable nodes by naumenkogs · Pull Request #18421 · bitcoin/bitcoin · GitHub
< gleb>
I gave up on periodic DNS queries for now :)
< sipa>
ariard: i think that if all connections that convey addr informarion are sybilled, it's game over for addrman sanity
< sipa>
ariard: and blocksonly connections cannot help with that
< gleb>
sipa: but we're not eclipsed at least?
< sdaftuar>
sipa: one alternate implementation idea i had for syncing our chain tip with more peers, was to couple that with addrman updates
< sipa>
gleb: not eclipsed wrt to block propagation
< gleb>
sipa: sure.
< ariard>
sipa: you might still be okay for a while more until your current block-relay-only are stable, and this is already a gain
< sipa>
gleb: but you are eclipsed wrt addr relay, which means addrman will (if the situation persists) become attacker controlled
< sdaftuar>
sipa: so that we bump a peer's status (maybe just updating its times in the tried table) only if their tip was synced to something with as much work as ours, or something like that
< sipa>
so i think this means we want full connections, blockonly connections, addronly connections... and diversity of (full+blockonly) and of (full+addronly) ?
< sdaftuar>
i think it would be helpful to run some simulations on that point
< sipa>
or just diversity of everything, really
< ariard>
sdaftuar: if you take this info for future peers selections, you might favor even more performant peers, and tight network topology ?
< sipa>
ariard: being more or less in sync isn't a very strong preference for.performamt peers
< sipa>
just an aversion for broken ones
< sdaftuar>
right, we could put in a tolerance of being a block or two behind, that's very different from having no knowledge of their chain
< ariard>
sipa: aren't low-grades peers really likely to be late on tip view ?
< bitcoin-git>
[bitcoin] ryanofsky opened pull request #19918: sync: Replace LockAssertion with WeaklyAssertLockHeld (master...pr/lockb) https://github.com/bitcoin/bitcoin/pull/19918
< sipa>
ariard: by a few seconds maybe
< sdaftuar>
sipa: it seems a shame to not relay blocks on addronly links
< sdaftuar>
(or at least headers)
< gleb>
sdaftuar: agree.
< jnewbery>
gleb: one of your concerns was about an attackers knowing about which netgroups you're connected to. Would it make sense for each node to have their own way of dividing the address space into netgroups (eg by clustering ASs differently)
< sdaftuar>
jnewbery: we do that already, don't we?
< sipa>
jnewbery: we do!
< jnewbery>
oh! Good!
< sipa>
there is an addrman key for that
< ariard>
should we have a hierarchy of types of traffic, i.e it's okay to relay public informations like block on more private ones (tx/addr) but not the reverse ?
< sdaftuar>
that's what i said before about keyed network groups
< jnewbery>
I should have reviewed the AS PRs
< jnewbery>
sdaftuar: got it. Thanks!
< sipa>
jnewbery: this was part of the original addrman :)
< gleb>
Yeah, this part makes it a bit less realistic.
< jonatack>
question: how effective is -seednode/-addnode to trusted peers as an anti-eclipse tactic?
< jnewbery>
sipa: ah, ok. I guess I should just review more of the code in general then :)
< sipa>
jonatack: assuming no network-level attacker, addnode is great for that
< sdaftuar>
well, hopefully your trusted peer is also not eclipsed :)
< ariard>
jonatack: really depends of the capabilites of your eclipse attacker
< sipa>
i see no reason why you wouldn't also send blocks over addr links, agree
< sdaftuar>
sipa: so perhaps we should have two kinds of block-relay links then
< jonatack>
thanks. i seem to recall matt tweeting about doing that a while back
< gleb>
sdaftuar: I'm lost. Which kinds?
< sipa>
gleb: blocksonly and addrplusblocksonly
< aj>
is the idea that addr-relay nodes are long-lived or short-lived (like feelers) ?
< sipa>
long-lived, i'd say
< sdaftuar>
aj: i think they could be long lived? they would be very low bandwidth
< gleb>
I have a branch with short-lived self-announcement addr links :)
< ariard>
even if they're short-lived you want to do headers-sync on them
< gleb>
But that's different from what was discussed.
< lightlike>
hi - we probably can't rely much on our addr-links staying private, or can we?
< aj>
so blocks-only is eclipse prevention, addr+blocks is low-bw extra diversity, tx-relay is tx relay?
< sdaftuar>
i'm actually not sure if it's better to use a connection slot on a long-lived addr+block-relay peer, than it is to just rotate our full-relay peers some and get addrman updates from the getaddr message we send
< jnewbery>
We have 10 minutes left and one other topic (What would a good transaction propagation framework look like? See a first draw Transactions propagation design goals)
< jnewbery>
ariard: are you happy to punt that to the next meeting?
< ariard>
aj: being eclipsed at the tx-relay level is really bad for offchain stuff
< ariard>
jnewbery: I feel we need it better to end on this topics
< aj>
ariard: not as bad as being eclipsed from the most-work chain though
< ariard>
sipa: if a LN node can't broadcast its punishment transaction that's worthless to see a revoked commitment transaction on the most-valid PoW chain
< sipa>
ariard: you know my thinking on that
< aj>
ariard: if you see the revoked commitment tx, you can aggressively try connecting to many peers to find one that relays honestly; if you don't see the commitment tx at all, your opportunity to do a punishment can time out
< sipa>
aj: i have a branch where it's half done, but i got preempted by bip340/taproot stuff
< ariard>
sipa: I know, I know that's the reason to talk about #19820 next time :)
< gleb>
Alright, so I think i'll turn that PR into a harmless refactoring (don't diversify by current feeler or oneshot/addr_fetch), and keep the non-diverse/more-private idea for future.
< sdaftuar>
gleb: that sounds good to me. thanks for the discussion!
< sipa>
gleb: sounds good
< jnewbery>
Thanks gleb!
< ariard>
aj: you can probalistically close your channel, if you don't see block for a hour, that's likely something is wrong (but more an open question how offchain stuff should react in case of block eclipse)
< luke-jr>
aj: I think it's better to avoid special casing test code in the main codebase
< luke-jr>
(not sure if we do, but we *should* have a test that one node by itself can't mine)
< aj>
luke-jr: regtest nodes can trivially mine on their own via generate
< luke-jr>
ok?
< aj>
luke-jr: not being able to mine without being connected matters for mainnet, sure; but not for anything else
< luke-jr>
mainnet is all that matters in the end
< bitcoin-git>
[bitcoin] AkioNak opened pull request #19919: bugfix: make LoadWallet assigns status always (master...set_databasestatus) https://github.com/bitcoin/bitcoin/pull/19919
< darosior>
jnewbery: you were right regarding #18766: it's much nicer by keeping the feeEstimator as a separate component :)
< gribble>
https://github.com/bitcoin/bitcoin/issues/18766 | Disable fee estimation in blocksonly mode (by removing the fee estimates global) by darosior · Pull Request #18766 · bitcoin/bitcoin · GitHub
< jnewbery>
darosior: cool. Thanks for being open to trying it both ways. Hopefully I'll have time to review the new version this week.
< shesek>
does bitcoin core ever verify merkle inclusion proofs? (I assume not, it only verifies that the merkle root matches the set of txids. but maybe I'm missing some other ways its being used?)
< sipa>
gettxoutproof will let you construct one
< sipa>
i don't think anything verifies them
< phantomcircuit>
shesek, why?
< shesek>
just curious. I was writing about that in a comment in the context of me claiming that merkle trees aren't an essential component of Bitcoin's breakthrough, and someone saying that they are (and being wrong :p)
< pinheadmz>
sipa isnt there a verifytxoutproof rpc ?
< shesek>
I wanted to write that full nodes don't ever verify merkle inclusion proofs at all, and wanted to be sure I'm not wrong
< sipa>
pinheadmz: oh, there is!
< sipa>
shesek: no, they don't even ever receive any
< shesek>
I was thinking more in the context of the protocol and p2p interaction, not the user facing rpcs
< sipa>
though they were an essential part of BIP37
< phantomcircuit>
shesek, for a full node theres no real difference between receiving a merkle tree and a hash of a list
< phantomcircuit>
but for spvish clients its very different
< sipa>
yeah, for a full-blocks-only bitcoin like protocol, the "merkle root" stored in the block header could just be a flat hash of all txids
< shesek>
right, my claim was that the SPV model isn't all that important, and that if Satoshi released Bitcoin without considering light clients at all it would still be the incredible breakthrough that it is
< shesek>
I'm aware. :) "If light SPV clients weren't a consideration, we could just concatenate all txids together and use the hash of that in the block header instead of a merkle root, and get the same effect. ... For a full node that has the full list of txids regardless, this is basically meaningless."
< yanmaani>
is txn noninclusion proofs something bitcoin core intends to include?
< yanmaani>
'UTXO X did/did not exist in the UTXO set as of this block"
< sipa>
yanmaani: the current bitcoin protocol does not permit compact proofs for that
< yanmaani>
I know, but is there any research being done? Like on BIPs or stuff? I know about utreexo
< sipa>
in that case, you're asking about proposal bitcoin protocol changes, not bitcoin core
< sipa>
utreexo doesn't permit this, as it's insertion ordered