[bitcoin-dev] summarising security assumptions (re cost metrics)

Eric Voskuil eric at voskuil.org
Thu Nov 5 23:33:26 UTC 2015


On 11/05/2015 03:03 PM, Adam Back via bitcoin-dev wrote:
> ...
> Validators: Economically dependent full nodes are an important part of
> Bitcoin's security model because they assure Bitcoin security by
> enforcing consensus rules.  While full nodes do not have orphan
> risk, we also dont want maliciously crafted blocks with pathological
> validation cost to erode security by knocking reasonable spec full
> nodes off the network on CPU (or bandwidth grounds).
> ...
> Validators vs Miner decentralisation balance:
> 
> There is a tradeoff where we can tolerate weak miner decentralisation
> if we can rely on good validator decentralisation or vice versa.  But
> both being weak is risky.  Currently given mining centralisation
> itself is weak, that makes validator decentralisation a critical
> remaining defence - ie security depends more on validator
> decentralisation than it would if mining decentralisation was in a
> better shape.

This side of the security model seems underappreciated, if not poorly
understood. Weakening is not just occurring because of the proliferation
of non-validating wallet software and centralized (web) wallets, but
also centralized Bitcoin APIs.

Over time developers tend to settle on a couple of API providers for a
given problem. Bing and Google for search and mapping, for example. All
applications and users of them, depending on an API service, reduce to a
single validator. Imagine most Bitcoin applications built on the
equivalent of Bing and Google.

e

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151105/cabe5605/attachment.sig>


More information about the bitcoin-dev mailing list