Bitcoin: SegWit & Block size

Petr Baudiš, brm 2016-03

Bitcoin Block Size Debate

• Past: Bitcoin lightly used, low tx number, no worries
• Now: Much heavier use, many transactions, wow

​

Now: ~2.5 tx/s,

800kb/block

Blockchain Capacity is Limited

• Everyone wants to transfer money

but

• Full nodes and miners need to transfer, verify, store, and query blockchain copies

​

We need to make a tradeoff.

Bitcoin Capacity Tradeoff

• Hard-Coded Block Limit: 1MB (not #tx)
• Average tx size: ~500 bytes
• Depends on #inputs and #outputs
• Fee depends on tx size, not coin amount!

​

• Plus, some blocks end up empty
• Law: #addresses (therefore�lookup complexity) grows

Naive Bitcoin Scaling

• Naive idea: Just bump the max blockchain size

1M → 16M! Ok, 1M → 8M! Ok, at least 1M → 2M?

• Scepticism among Core (people who actually understand Bitcoin)
• Problem: What about the other side of the tradeoff?
• Most mining capacity in China, internet is slow!
• Verification done by full nodes is slow & expensive.
• Full node hardware requirements grow (e.g. RPi2 no longer suffices)
• People are encouraged to record their Club Maté transactions�(fees stay low, prospect of further block size raises)

Naive Bitcoin Scaling: Fallout

• Number of full (verifying) nodes goes down a lot
• Some attacks become easier
• More centralization (only large institutions will run full nodes)
• Hard fork necessary; hard forks are bad�“Hard forking is basically starting an altcoin.”
• Chinese mining power gets cut off, unexpected economy/hashrate ripples

​

• Fees stay low, which avoids an unknown economy fallout when fees market opens; transaction spam persists

Bitcoin Scaling Alternatives

• Idea #1: Raise block size (tx capacity), but balance it by reducing required full node load (segregated witness)

​

• Idea #2: Club Maté transactions get untenable (high fees), but they do not need blockchain, provide an alternative (lightning network)

Segregated Witness

• Many nodes want transaction info, but do not want/need to verify (every) block - option to reduce load if we drop the signatures and keep just i/o information
• Segregated Witness: “witness” info (signatures) is moved to a separate (separately signed) part of block, which can become optional
• No need to completely give up on wide-scale verification, e.g. SNARKs

Segregated Witness

• Technical tricks to make this backwards compatible (transaction now looks like “free to take” to old nodes, consensus required for switch)

Lightning Network

• Blockchain is fully filled with transactions
• Lowest-fee transactions get delayed�(or effectively dropped)
• Fee market develops
• Fees go up, low-coin transactions don’t pay off
• How do I spend my bitcoins for a bottle of Club Maté?

​

• Lightning Network: Keep silly transactions off the blockchain, replace them in Bitcoin network by channels, special party-party shared addresses

Lightning Network (simplified)

• Decentralized, verified, but not permanent
• Parties keep track of their respective balances and privately swap pre-signed transactions with up-to-date channel balances
• At any moment, either party can commit the channel tx to the blockchain
• More tricks: Transactions to parties you don’t have a dedicated channel to (Hashed Time-Locked Channels)

Thanks; questions?

​

pasky@ucw.cz