Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id C03FEA87 for ; Thu, 23 Feb 2017 17:54:01 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1182014D for ; Thu, 23 Feb 2017 17:54:00 +0000 (UTC) Received: by mail-wm0-f42.google.com with SMTP id v77so6156067wmv.0 for ; Thu, 23 Feb 2017 09:54:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=wDX7tgAp6zWFAlTlH2YwuHSDR7Ow4xYwF7+n216n6jc=; b=CWIrKy9kRg2BsDe4ycZRvKDno8KxefwhXb+0KRIceVtfBwLg+/P69gCF1Fr05s7glX VwgX+6OYvd99uQ49ok/g/XYbccZpjqS3uIddyD7TSmrGEL1zhYMZ4VJVZknDioO65lLg cs0Tvqqqy53VOs53Jm+3UKllNuVWn0wa7oph3D1HidK2RAHBs0MkxD1TFKA4eaA+Msuh 11rUwcw445vVsGyirsZaps2mmB7g4yhxjY1QuIUG5SBVnX4DJD06U/fPwLRmW+wXPvfj sGdmqnx1plagQoq6zyShBkPUtcZTk60CDRte4RRGGouI4RQ+Mt+4sKnUeND3AHpG0WGM TRtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=wDX7tgAp6zWFAlTlH2YwuHSDR7Ow4xYwF7+n216n6jc=; b=Yk5N4AECsevOlUaHNu7gZ+7gm5/qEQIuNQAi8rvxinBfmieNsuhohivhvVwOXz32SS ArCyo/ffH8rbO24bweyzYEJMOC5+tQXpOs6KuErkVyU62H0CNrHvC1HyolRlsrBjiR2o RAho8BzrnkBqjU6oVTp0QzsDQFg5aMZT5PdPIztNyTwplBkg926R/eeFWjIbq5Q3zmjY qoxhXolxXoahcX6bjjxhR8gq2SLL2bNMFqaoDr+g996100M8I4Ol7oirD2K411ZEzToy 0AWbxp4gkiRMjZq8pXFzIc9tktxLDpBi6wEWqfwT2Mn67pedFw6NPJ5cGZ8lFlHkd3wU Owog== X-Gm-Message-State: AMke39kf2Bc+gwy3LHs3tdpluDh1POFPsYrTsd76kpMkueiebjnji0lAqELgih4rxBcI/uQ8XXQ+S+4dpRWS6A== X-Received: by 10.28.196.2 with SMTP id u2mr3621111wmf.109.1487872439621; Thu, 23 Feb 2017 09:53:59 -0800 (PST) MIME-Version: 1.0 Sender: nbvfour@gmail.com Received: by 10.223.163.202 with HTTP; Thu, 23 Feb 2017 09:53:58 -0800 (PST) In-Reply-To: <20170223011506.GC905@savin.petertodd.org> References: <20170223011506.GC905@savin.petertodd.org> From: Chris Priest Date: Thu, 23 Feb 2017 09:53:58 -0800 X-Google-Sender-Auth: TltCXWU9e5Vhu7PjDBydt3GjoeI Message-ID: To: Peter Todd , Bitcoin Protocol Discussion Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 23 Feb 2017 17:55:18 +0000 Subject: Re: [bitcoin-dev] A Better MMR Definition X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 17:54:01 -0000 On 2/22/17, Peter Todd via bitcoin-dev wrote: > Reposting something that came up recently in a private discussion with some > academics: > > Concretely, let's define a prunable MMR with the following grammar. This > definition is an improvement on whats in the python-proofmarshal by > committing > to the number of items in the tree implicitly; an obvious max-log2(n)-sized > proof-of-tree-size can be obtained by following the right-most nodes: > > Maybe(T) := UNPRUNED | PRUNED > > FullNode(0) := > FullNode(n) := > > PartialNode(0) := SOME | NONE > PartialNode(n) := > > MMR := FULL | PARTIAL > > Basically we define it in four parts. First we define Maybe(T) to represent > pruned and unpruned (hash only) data. Secondly we define full nodes within > 2^n > sized trees. Third we define partial nodes. And finally we define the MMR > itself as being either a full or partial node. > > First of all, with pruning we can define a rule that if any operation > (other > than checking commitment hashes) attempts to access pruned data, it should > immediately fail. In particular, no operation should be able to determine > if > data is or isn't pruned. Equally, note how an implementation can keep track > of > what data was accessed during any given operation, and prune the rest, > which > means a proof is just the parts of the data structure accessed during one > or > more operations. > > With that, notice how proving the soundness of the proofs becomes trivial: > if > validation is deterministic, it is obviously impossible to construct two > different proofs that prove contradictory statements, because a proof is > simply > part of the data structure itself. Contradiction would imply that the two > proofs are different, but that's easily rejected by simply checking the hash > of > the data. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > What problem does this try to solve, and what does it have to do with bitcoin?