-
Notifications
You must be signed in to change notification settings - Fork 283
Research on the ENS #453
Comments
There are some positives:
But negatives as well
|
I would love to hear what Blockstack plans to do to account for these primary critiques. |
cc'ing @Arachnid for comments on the light-client friendliness of the ENS.
Yes the 7 day period is awfully long for OpenBazaar vendors to wait. Two things:
I believe the ENS only uses Ethereum, not Bitcoin.
I don't believe that subsidisation is sustainable long-term, at least not if OpenBazaar is successful (which is what we should be planning for). Subsidisation is a dangerous game as it doesn't scale. (A few stats to gauge the success of Blockstack with subsidisation. It has registered 70,000 handles (see here) while being operational since September 2015 (see here). It will be interesting to compare interest in the ENS, which I don't believe is being subsidised.)
Could @Arachnid comment on this? |
My point is that telling your average non-cryptocurrency enthusiast that they need to acquire bitcoin to use OpenBazaar is already a hard sell. Telling them that, in addition to bitcoin, they will need to get this thing called ether to buy a username is an even tougher sell. |
I don't understand this. OpenBazaar buyers are the only ones that "need to acquire bitcoin to use OpenBazaar" but they do not need a handle. Getting a handle mostly is relevant to buyers and moderators. Both buyers and moderators are on the receiving end of Bitcoin transactions. |
Not sure what you mean by this? Names are most definitely owned by public keys. Example:
The
ENS doesn't even store names; it stores the hash of a name. There is no "list all names" operation, so OpenBazaar would not have a "list all store names" operation (unless they implemented and curated a list themselves).
ENS's approach to stopping squatting differs from Blockstack in that instead of using a price curve, it uses a Vickrey auction to sell names to the highest bidder. This will not solve squatting either, since obviously a squatter can buy up names well in advance of the "legitimate" owner. In fact, the only squatting "solution" I'm hearing from the folks building ENS is to govern it with off-chain oracles to resolve name-ownership disputes. Blog post here. We do spam filtering on the Onename registrar so we do not pay for squatters' names, but we do not (and should not) stop them from buying themselves.
Unlike ENS, Blockstack is portable to any blockchain. Should OpenBazaar need to switch from Bitcoin to a separate blockchain like Zcash, Blockstack can migrate with it (so only one chain would need to be synchronized, and only one currency would need to be used).
One metric I'd like to see with ENS is how cheap names will be in practice. It would suck if a squatter could come in and quickly buy up most of the names for pennies each (since few legitimate users would be willing to buy names before they actually need them). |
Thanks for the replies @jcnelson
As designed the resolvers are trusted entities. See for example https://api.onename.com/v1/users/duosearch. OneName could easily change the identifier
What is the use case for listing all names? As far as I can tell the only operation required for OpenBazaar is, given an OpenBazaar handle, to resolve to the corresponding OpenBazaar ID. ENS can do that without listing all names. Storing hashes allows for arbitrary length handles, and an arbitrary character set, which I believe Blockstack does not support. |
Thank you for clarifying. The solution is to run a Blockstack node locally. With the new
This is meant for users like Duo Search :). You can be sure that you have indexed the entire name set, since names do not get lost. Related, does ENS let you store arbitrary data alongside the names, or is just a link to a |
This does not work for browser implementations of OpenBazaar. We can't expect users to sit and wait 15 minutes to get handles up and running. I'm assuming synching involves downloading tens of megabytes, which is not workable for mobile devices. We need the ability to trustlessly resolve an OpenBazaar handle from a resolver with very little data (say, < 1kB).
I believe you can associate arbitrary data with names simply by linking to an IPFS hash. |
That's on top of bitcoind right? |
Btw justin the ethereum light client takes about 5-7 minutes to get up and running and requires close to 350 megabytes to be downloaded and stored. |
A couple things:
Either your own |
Why is a "full" Ethereum light client required for lookups? An OpenBazaar client just needs to download a reasonable number of recent block headers (say, 1,000 headers) and verify proof of work on those. Then very short proofs can be submitted (see here):
|
I don't know what a full light client is but the client downloads headers from the last checkpoint. The headers are bigger than bitcoin headers and they come in every 12 seconds. They should probably add an option to delete headers older than two weeks as they aren't really needed. Right now they just sit on disk growing pretty rapidly. |
I'm calling a "full" light client one that downloads headers from the genesis. I'm assuming that's where you got 350MB number from. As you mentioned, we only need recent headers (this can be customisable; I expect 1,000 headers—about 3 hours and 20 minutes—is more than enough for most).
Do you know how large the headers are? |
It's not downloading from Genesis but rather from a checkpoint. Same as our spvwallet. But you can't really just ask for the last 1000 headers as you have no way to verify they are correct. You can only hardcore a trusted checkpoint header and download everything after it. You can update the checkpoint with each release but it's still the case that the node needs to download everything after that checkpoint (though it can properly delete older headers). |
Proof of work? The reward is 5 ETH per block, so 1,000 headers correspond to 5,000 ETH of economic finality. At current market price of $27.11/ETH that is $135,550. Not to mention that a fake header attack would also require a Sybil attack. Of course with Casper economic finality will converge much faster, so 100 headers would probably be sufficient. |
You need a starting point to validate PoW against though as the checkpoint correct? Last 1,000 headers would just be arbitrarily accepting the last x headers from some peer. Might as well make it 50 or 10. |
I don't think a checkpoint is required. You can use any header as a starting point that has a convincing timestamp and difficulty.
10 headers would be quite low security (~5 * 10 * $27.11 = $1,355). Someone with a GPU (e.g. you) can easily start mining and waste $1,355 to build 10 fake block headers with convincing timestamps and difficulty. 1,000 fake block headers is economically much harder to pull off. (Notice the "convincing timestamp" requirement makes your attack non-reusable in the future.) Of course, even with just 10 headers the Sybil attack remains, so in practice this may be a hard attack to pull off even with 10 headers. |
What constitutes convincing? Checkpoints are usually hardcoded into clients (i.e. satoshi client) preventing reorgs beyond those checkpoints. Picking an arbitrary header as a starting point that isn't an accepted checkpoint in the community seems risky to me. What does convincing timestamp and difficulty mean? I was being sarcastic about the 50 or 10 amount. I meant that if we're not starting from a proper checkpoint it might as well be no checking as the level of security is even worse than just normal checkpointing. |
Casper will make this problem even worse. With Casper (and PoS in general), there is no way for a client to distinguish between two conflicting chains without some external trusted source to tell it the current set of validators. This isn't "PoW maximalism;" it's a proven result from a recent paper from IC3 (more discussion here). This could take the form of hard-coding the last set of validators in the OB client (i.e. to avoid having to ask someone over the network), but then OB would have to release a new client every time the validator set changes. |
I'm confused by this. Are you talking about Ethereum headers of Bitcoin headers? SPV headers are only 80 bytes each (~36MB for the entire chain at the time of this writing). |
36MB would take only several minutes at most to download on a fairly slow connection. |
Bitcoin headers aren't as bad as ethereum but ethereum adds at least 1mb of header storage per day. Just storing headers from the last checkpoint takes 350 mb. |
@JustinDrake wrote:
Justin, can you please tell me how is the situation worse? Back then users were getting long wait times because of spam filtering at our end. We've not only actively worked on ensuring that OpenBazaar users don't get caught in spam filters but have hired dedicated support staff to prioritize any OB issues. From our support tickets, issues regarding pending profiles have almost gone down to zero. Yes, the bitcoin network is seeing higher fees but OB registrations going through the Onename registrar have never been more stable and consistent. A lot of work went into ensuring that this is the case. @JustinDrake wrote:
Can you please give more details on why you think a significant portion is squatting? Here is a research paper that actually studied squatting in decentralized namespaces and concluded that our namespace by far has the most real usage. I can give you stats on how many users are (likely) real and not spam and what are the metrics we use to calculate that. You'd be surprised by how good the ratio is. We've carefully designed our pricing schemes and spam filters to achieve this and are actively improving our system. Speaking of running your own nodes, we have support from Microsoft Azure and (recently) AWS now. You can deploy nodes, do a fastsync, and get up and running in minutes. Finally, let's keep the bigger picture in mind that ENS is not even launched yet and we have 2+ years of production experience. Naming systems are much harder to build than most people realize. It looks like a deceptively simple problem in the beginning. Let ENS roll into production, evaluate how it performs in the real world, and then let's continue this discussion. |
I'd like to also point out one other situation, which is that OpenBazaar perhaps supports multiple naming systems. They all essentially are key value mappings to IPFS nodes so as long you understand how to differentiate between two more naming systems we could provide support for them. It does bring up a good point about ENS not even being live yet. I know we're a few months out from releasing OB2.0 and we want to have a good option for our users here, so I think the conversation is a good one to be having. |
For timestamps this means requiring that the timestamps of the 1,000 blocks follow (within variance) the Poisson distribution that is consistent with your local clock. For difficulty you can combine a floor (e.g. 100 TH) with a variety of semi-trusted sources (APIs and/or random survey of the network).
How would that work with |
For anyone interested, there's an AMA for the ENS running now. https://www.reddit.com/r/ethereum/comments/5z4iiw/ama_we_are_the_ens_team_ask_us_anything/ |
@JustinDrake Thanks for starting this discussion and for providing feedback on Blockstack DNS. Super interested in chatting more about how we can improve the service for you and our users. Also we have lots of improvements on the horizon, including a new release of a name registrar with a beautiful interface that will be leaps and bounds more convenient for your users. Would love to show this to you sometime. Just to understand where your head is currently at, are you sold on ENS or are you open to being swayed in the direction of Blockstack, given certain milestones are reached? |
Totally open :) ENS is untested in production (not even live yet). I find it encouraging you guys have received a $4M injection. At the very least if OpenBazaar goes with Blockstack you should be able to subsidise the mining fees, and while my issues have been unaddressed for months I do hope Blockstack will pick up pace. Anyway I'm not a decision maker for the OpenBazaar protocol so my opinion doesn't matter so much :) |
@JustinDrake Your issues were fixed in the earlier release of v0.14.1. I just updated the status of your issues -- sorry that the status wasn't updated, we were doing a major reorganization of our Github repos and are now updating all pending issues. Also, your feature request was marked as "discussion" in Feb. We'd love to chat more if it can be implemented in v0.15. |
Great to hear that you're open and yes, it's important to us that we can bring cheap to free names for your users. Also, thanks for bringing these issues up again. @muneeb-ali and I are responding in the threads you linked.
Regardless, you're running a very important company in the OpenBazaar space and we highly respect your opinion. We absolutely want to make sure you can bring the best possible experience to your users. |
@JustinDrake Did you see the recent ENS bug? No action is needed if you weren't already bidding on names. The design choice of on-chain logic for Ethereum means that bugs in a live contract would be much harder to fix on the "heavy" blockchain. The bug would've been harder to fix if it was discovered after the ENS contract was actively used (like the DAO). |
Just to shed a little light on this, Parity will soon have a light client designed specifically for very resource-light use cases and for efficient interaction with even very complex smart contracts. |
Closing in favour of #553 |
For a year OpenBazaar 1.0 users (mostly vendors) have tested the Blockstack naming protocol, predominently through the OneName gateway. Back in September 2016 it was quite clear that the Blockstack/OneName solution was not a great fit for OpenBazaar. User experience has been for the most part bad. 6 months later the situation is worse, with an increase in confirmation times (and mining fees, currently subsidised by OneName). Other pitfalls include that the OneName resolver does not include cryptographic proofs of ownership. I also believe that @cpacia concluded that the Blockstack reference light client implemented in Python is not easily integrated into openbazaar-go.
There is good news regarding OpenBazaar 2.0's potential naming system:
In this Reddit thread, Nick Johnson talks about his Ethereum Name Service (ENS). Six months later, we have detailed specs (see here and here). We also have an implementation which has been tested on Ethereum's Ropsten testnet. The mainnet contract has been deployed (see here) with imminent activation (see here).
I have started familiarising myself with specs and code. (There are also useful videos, e.g. here and here.) My initial gut feel based on a couple hours of research is that the ENS is pretty well designed (much more comprehensively than Blockstack) and could be better suited than Blockstack for OpenBazaar. I will be updating this issue as I uncover relevant details. In the meantime, I'm creating an issue to kickstart the discussion.
The text was updated successfully, but these errors were encountered: