Posted by Matt Whitlock
Mar 26, 2015/23:04 UTC
In March 2015, Sergio Lerner proposed a challenge-response protocol for verifying full nodes. A user on a thread expressed skepticism at the complexity of the solution and suggested an alternative. The challenge was to send SHA256(SHA256(concatenation of N pseudo-randomly selected bytes from the blockchain)), where N is chosen such that it would be infeasible for the responding node to fetch all of the needed blocks in a short amount of time. The challenge also relies on the lack of a "partial getdata" command in the Bitcoin protocol, which means a node cannot ask for only part of a block; it must ask for an entire block. Furthermore, nodes could ban other nodes for making too many random requests for blocks. Lerner proposed two protocols for proving local possession. In the first protocol, the verifier sends a seed to derive some n random indexes, and the prover must respond with the encrypted blocks within a certain time bound. The verifier decrypts those blocks to check if they are part of the blockchain. In the second protocol, the verifier asks the prover to send a Merkle tree root of hashes of encrypted blocks with N indexes selected by a pseudo-random function seeded by a challenge value. The prover sends the blocks, and the verifier validates the blocks by decrypting them and also verifies that the Merkle tree was well constructed for those block nodes. The user also questioned the effect of spinning disk versus SSD and whether a sequential read from a random index is a possible trade-off. Lerner agreed with this idea and stated that not every node needs to implement the protocol, but only nodes that want to prove full-node-ness, such as the ones which want to receive bitnodes subsidy.
TLDR
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
We'd love to hear your feedback on this project?
Give Feedback