[Bitcoin-development] About Compact SPV proofs via block header commitments

Mark Friedenbach mark at monetize.io
Mon Apr 28 17:29:46 UTC 2014


On 04/28/2014 07:32 AM, Sergio Lerner wrote:
> So you agree that:  you need a periodic connection to a honest node, but
> during an attack you may loose that connection. This is the assumption
> we should be working on, and my use case (described in
> http://bitslog.wordpress.com/2014/04/25/smartspv-a-better-simplified-payment-verification-for-smartphones/)
> assumes that.

No, that's sortof tangential. What you are solving is some higher level
application on top of SPV proofs, compact or otherwise. SPV proofs have
many broad applications, such as 2-way pegs where proof-of-work is used
to reach consensus over the most-work side-chain header, and a non-51%
attack is detectable from observed difficulty and interblock times. Do
you need an honest peer to learn about the best chain? Yes. Do you need
to *trust* that you have an honest peer? No, because a non-51% attack
against you is probabilistically detectable with existing tools.

Maybe SmartSPV is useful, maybe not. The application domain is not
something I've been concerned with in the past. But what you describe is
a higher-level protocol that uses block headers to determine which chain
to trust. My simple point from the start has been that you can use
back-link commitments and compact SPV proofs to accomplish what you want
fewer messages, less bandwidth, and equal security. The two proposals
are not in conflict with each other.




More information about the bitcoin-dev mailing list