Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A2781217D for ; Fri, 19 Apr 2019 04:48:30 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B58B3466 for ; Fri, 19 Apr 2019 04:48:29 +0000 (UTC) Date: Fri, 19 Apr 2019 04:48:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1555649307; bh=QjafvbgPXiKRuwloFmO6wp4TOZ4JIc3aLqSF3OPEhFc=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=aFU8R5ETpMkUnoZxQ2ijxd7ZncD/WOZkmwqjl3J37l4lxt/CXnpcmIj4VfUiu0kUP OVwLRbt/dHcz1zSNYdS7LotD48an+fZk4UfXr8VX80HYZDDYRX8t6LEZyOwK7vcS/x OugiAQ0tQQzBdI4QRpIpErCICskSgcQuldQlQK5Y= To: Ethan Heilman From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: References: <-tCD0qh97dAiz-VGkDQTwSbSQIm9cLF1kOzaWCnUDTI4dKdsmMgHJsGDntQhABZdE2_yBYpPAAdulm8EpdNxOB8o3lI6ZQJBJZWF1INzUrE=@protonmail.com> Feedback-ID: el4j0RWPRERue64lIQeq9Y2FP-mdB86tFqjmrJyEPR9VAtMovPEo9tvgA0CrTsSHJeeyPXqnoAu6DN-R04uJUg==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, FROM_LOCAL_NOVOWEL, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 19 Apr 2019 13:57:03 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Improving SPV security with PoW fraud proofs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 04:48:30 -0000 Good morning Ethan, > My above email contains an error. The SPV client needs to only > download S+1, not S+1 and S+2. > > I agree with you that a weakness of this approach is a miner can make > SPV clients do substantially more work. However: > > 1. Mining a block which will never be accepted is an expensive way to > make SPV clients download, validate and discard ~2-4 megabytes of > data. There are far less expensive ways of wasting the resources of > SPV clients. Its unclear why someone would want to do this instead of > just packeting full nodes or SPV servers like we saw with the recent > DDoS attacks against electrum servers. > > 2. SPV clients may not even learn about these splits because it > requires that someone relay the split to them. Honest full nodes > should not relay such splits. To their bitcoin's worth the attacker > must also connect to lots of SPV clients. > > 3. Having SPV clients slow down or become full nodes when a malicious > miner with significant mining power is attempting to disrupt the > network is probably a best case outcome. I would prefer this failure > mode to the current SPV behavior which is to just go with the > "longest" chain. I understand. It seems a reasonable point to do so. As I understand it, this requires that UTXO commitments be mandatory. In particular, if UTXO commitments were not mandatory, it would be trivial = to force chainsplits at heights where a UTXO commitment was not made, and f= orce an SPV node to download more blocks backwards until a block with a UTX= O commitment is found. More difficult is: how can an SPV node acquire the UTXO set at a particular= block? Fullnodes automatically update their UTXO set at each block they accept as = tip. Reversing the blocks to update the UTXO set at a particular past time would= require a good amount of CPU and memory. Thus any service that can provide the actual UTXO set at each block would p= otentially be attackable by simply requesting enough past blocks. Regards, ZmnSCPxj