I just installed blockstack via pip, and am testing out the various functions.
One thing I don’t quite understand, though, is what blockstack lookup does. Reading the USENIX paper, it seems like Blockstack has two operation modes:
Connect to a peer-to-peer network maintaining a full virtual chain and full Bitcoin blockchain; i.e. be a full Blockstack node.
Use SNV to lookup previous names based upon a trusted consensus hash from after that name was registered, and a connection to an untrusted full node.
blockstack lookup, however, seems to neither spawn a resource-intensive full node, nor ask for a trusted consensus hash. What does it actually do? Does it just lookup the name using some trusted Blockstack node? Are there hard-coded consensus hashes embedded in the program?
blockstack lookup resolves a blockstack name to a profile via the blockstack node configured in your ~/.blockstack/client.ini.
By default this is node.blockstack.org.
It’s doing 1. in your list, but using a remote node run by the blockstack project. You can spin up your own node and then point the command line utility at it by the config file.
I agree with you that this is sort of confusing. Do you think it would help if after pip install blockstack, on first run, we prompted users if would like to spin up a full node?
Ah I see. So node.blockstack.org and the network connection to it is 100% trusted.
From a user-interface perspective it might indeed be good to prompt users to choose between spinning up a full node and trusting node.blockstack.org. Otherwise the default configuration isn’t really different from DNS, security-wise.
What is the way to use SNV to look up a name in a secure, thin, way? Reading the paper, it seems like the main advantage of using SNV is that you don’t need to trust the node, and thus you don’t need to run your own node. There seems to be lookup_snv, but it seems to send a command to node.blockstack.org for it to do an SNV lookup?
Does lookup_snv trust node.blockstack.org or not? Does it verify, locally, the information returned against the given consensus hash and blockchain headers?
Check out Jude’s brief explanation on what lookup_snv does in this forum post.
But in less detail, the SNV lookup uses a trusted consensus hash to verify a given name’s value at a particular block height. This verification process requires that the server respond with a cryptographic proof that links the historic values of a given name to the returned value at the given block height. The user’s client verifies that this proof matches the trusted consensus hash. If you want to limit your trust exposure without running a full Blockstack node, this command will provide you with an ability to perform verification (of course, you’ll need a way to get a trusted consensus hash).
I think that it’s probably a good idea to at least have a message which informs the user of the trust-relationship in the setting of node.blockstack.org and then spit out the steps to getting a Blockstack node spun up.
Ah I see. I was confused mostly since I misread the paper’s diagram, and thought that the client must download many a logarithmic number of full blocks from the Bitcoin network, and I didn’t see such large amounts of data being transferred.
I think a message would indeed be a good idea, since currently it’s not even trusting node.blockstack.org, but rather the network, since it’s a plaintext RPC connection.
Also, is there an operation mode where you run your own sorta-full node, which constantly syncs with the network and keeps track of the latest correct consensus hash, but forgets everything else? (mostly, the massive Bitcoin blockchain). That seems like something that would be very useful for people who have large amounts of bandwidth but not much hard-drive space. (Phone on wifi on charger?)