Sorry that I haven't been active in the development. This is more for "fun" and the development which pays the bills has been taking up most of my time.
This is a "fun" project for me too. I do think we are making good progress, however.
To expand on Peter's "to merkle or not to merkle" discussion
1) Peter, a merkle branch only need one hash per level not two (the other side is computed each level from the claim txn) and a single bit to indicate if the additional hash is on the left or right). You also don't need to include the root hash for the same reason. If that doesn't make sense I can go into detail but I will wait to avoid a long explanation on what might just be a simple oversight. The size of a merkle branch (in bytes) for up to 32 levels would be: branch_size = (merkle_levels * digest_size)+4.
Yes, of course. I've never coded a Merkle tree or used a Merkle branch so I missed the obvious fact that the other side follows from the claim TX. What you just said makes perfect sense.
3) A smaller hash digest (100 to 128 bit) could be used but that only provides a minimal reduction in size. The set is fixed so it can be guaranteed to be collision free. A preimage attack against even a 100 bit reduced length hash is infeasible at the current time. It may however make sense to benchmark the speed of various hash functions as there will be a large number of branch validation in bootstrapping nodes. I know off the top of my head SHA-512 has much higher throughput than SHA-256 on most systems this is due to SHA-512 using 64 bit words. NIST does rate SHA-2 to be used in "cutdown" digests (i.e. take left 128 bits) and there are no known security implications in doing so.
Good point. There's no need to use 256-bit hashes, so we can save space this way like you said.
It is an interesting idea and probably worth the savings in the genesis block. If the merkle tree is constructed based on the full claimset then the same tree could be used for more than one spinoff even if they have different criteria (i.e. spinoff A excludes dust claims below 1 bit, spinoff B excludes P2SH claims) as the merkle tree is a super set of all valid claims. Websites could be created to show potential users what claims they have on multiple spinoffs. Obviously after some time passes a new snapshot should be taken but multiple spinoffs could use the same snapshot and gain some economies of scale.
I am leaning towards the Merkle tree approach. Let's see if anyone has any valid objections.
But will it be more difficult for the clones to verify that a particular claim hasn't already been made using this method?
The simplest method would be for full nodes to maintain an ordered list of claimed claims.
So validation becomes:
1) Is Claim improperly formatted has parsing error or is otherwise invalid (doesn't meets spinoff claim requirements)? If so then stop, invalid because not a valid claim.
2) Is Claim authenticated (will vary depending on FCV or SCV)? If not then stop, invalid claim due to invalid signature/txn.
3) Is ClaimId in the claimed list? If so then stop, invalid because already claimed (a double claim attempt).
4) Is Claim Merkle Branch invalid for the Claim Merkle Root Hash? Is so then stop, forged claim or misconstructed merkle branch.
Yes, that's what I was thinking too. It does mean that the spin-off developer needs to include code to manage the ordered list of claimed claims (an additional requirement) but I think this is still easier than managing the full snapshot.bin file.
