Re: [bitcoindev] A safe way to remove objectionable content from the blockchain

Bitcoin Development Mailinglist
 help / color / mirror / Atom feed

From: Peter Todd <pete@petertodd.org>
To: Boris Nagaev <bnagaev@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] A safe way to remove objectionable content from the blockchain
Date: Wed, 10 Dec 2025 13:57:55 +0000	[thread overview]
Message-ID: <aTl8Y7p4qtYAsHbP@petertodd.org> (raw)
In-Reply-To: <ec60219f-f2c7-4639-8c45-d3f3938241b7n@googlegroups.com>

[-- Attachment #1: Type: text/plain, Size: 2902 bytes --]

On Tue, Dec 09, 2025 at 11:32:48AM -0800, Boris Nagaev wrote:
> Hi waxwing/AdamISZ,
> 
> On incentives: agreed that "good" only matters if it's an equilibrium. The 
> aim is to shape early design choices so the incentive-compatible 
> equilibrium includes DA and forced publication, rather than slipping into a 
> DA-weak equilibrium where only a few parties hold full data.

Exactly.

Furthermore I want to be clear that in this context, the existence of strong ZK
math is an *exploit* on the Bitcoin protocol, in much the same way that a
mathematical advancement that could be used to break SHA256 preimage security
is also an exploit on the Bitcoin protocol.

It may be the case that the power of ZK techniques is sufficiently strong that
Bitcoin needs to be redesigned to mitigate them; there is even a small chance
that this is not possible and Lightning/HTLCs eventually become insecure due to
it. No different than how there is a small chance that quantum computing
relevant to cryptography turns out to be real and numerous protocols become
insecure due to it.

> > what if mining was done just on an accumulator over the utxo set, instead 
> of the utxo set itself?
> 
> If miners and nodes only see an UTXO accumulator, how do HTLCs survive? The 
> HTLC success spend path needs the preimage to be revealed and readable. How 
> does this fit in an accumulator-only mining model, and what forces 
> publication so the payer can claim its incoming HTLC?

More generally, if mining is just an accumulator, how do we preserve censorship
resistence? It's unlikely that the underlying math of the accumulator allows
anyone to mine a new block with exactly as much data as is required to verify
the accumulator. 

Recently I met someone who told me that his company needed a full archival node
of the Solana (IIRC) blockchain. That is, *all* Solana transactions going back
in time, sufficient to verify everything. They had a very large budget for
this, millions of dollars if necessary. Apparently after months of trying they
concluded that the task was actually impossible, because the very few people
who have that data set are unwilling to provide it under any circumstance short
of just buying a company with a copy of the data. It's just too much data for
the incentives of volunteer nodes to have held.

ZK technology certainly could do the same thing to Bitcoin in the right
circumstances, e.g. the attempts by the Knots crowd to completely remove
certain transactions from Bitcoin.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aTl8Y7p4qtYAsHbP%40petertodd.org.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

     prev parent reply	other threads:[~2025-12-10 14:02 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-20  1:57 Lazy Fair
2025-11-20 18:45 ` Greg Maxwell
2025-11-23  6:37   ` Saint Wenhao
2025-11-20 21:21 ` Ethan Heilman
2025-11-29  9:25   ` Peter Todd
2025-11-29 13:54     ` waxwing/ AdamISZ
2025-11-29 15:41       ` Erik Aronesty
2025-11-29 15:56         ` waxwing/ AdamISZ
2025-11-29 17:03           ` Erik Aronesty
2025-11-29 18:15             ` Greg Maxwell
2025-11-29 18:52               ` waxwing/ AdamISZ
2025-11-30 14:39       ` Peter Todd
2025-12-02 12:33         ` waxwing/ AdamISZ
2025-12-08 17:34           ` Nagaev Boris
2025-12-09 14:24             ` waxwing/ AdamISZ
2025-12-09 19:32               ` Boris Nagaev
2025-12-10 13:57                 ` Peter Todd [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aTl8Y7p4qtYAsHbP@petertodd.org \
    --to=pete@petertodd.org \
    --cc=bitcoindev@googlegroups.com \
    --cc=bnagaev@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox