Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Speculation
Re: Gold collapsing. Bitcoin UP.
by
rocks
on 11/08/2015, 21:04:06 UTC
Quote from: justusranvier on August 11, 2015, 06:29:51 PM
Quote from: rocks on August 11, 2015, 05:34:17 PM
Quote from: justusranvier on August 11, 2015, 03:13:02 PM
Quote from: cypherdoc on August 11, 2015, 03:03:41 PM
it may even have been good.  except that it is encouraging this non-verification scheme for tx's which as you say, may be gamed and has contributed to quite a perversion in analyzing this particular attack and was never visualized in Satoshi's original ideas.
That isn't the problem.

The problem is that there is no way to tell an SPV client that the chain they are following because it has the most proof of work is actually invalid and should be rejected.

If that capability existed, then nobody would have to care whether or not miners choose to burn their own electricity mining invalid blocks or not.

This seems to happen frequently in Bitcoin where bad behaviour by party A can negatively effect party B, and so everybody focuses exclusively on preventing party A's bad behaviour instead of making the system more robust by removing party A's ability to negatively impact party B to solve all current and future problems.

I don't think I agree with the highlighted part.

The structure of the blockchain's proof-of-work on minimal sized headers is itself the mechanism SPV clients use to determine if a chain is valid. Yes they do not verify the chain's contents themselves. Instead they rely on the fact that producing a false longest chain is prohibitly expensive and thus very unlikely.

To effectively pull off a longest but invalid chain attack requires an attacker to spend more mining effort than the rest of the ecosystem, in order to produce a false chain that will never be acknowledged by the p2p network and can only be used to temporarily trick SPV users.

In short, proof of work on headers is itself a form of validation.
What you are describing is not a proof. At best, its a suggestion.

If a majority of miners are building an invalid chains accidentally or intentionally, the problem will get sorted out eventually but in principle there's no upper bound on how long that process will require.

On the other hands with some relatively simple new messages and protocol requirements the time required for SPV clients to get back on the valid chain can be reduced to the time needed to propagate a message across the network regardless of the hash power supporting the invalid chain.

The odds of miners building accidentally on a false chain seem low. By definition they have to be able to download a block in less than 10 min (otherwise they couldn't keep up with the transactions themselves).

Yes they might build on a false chain for a short period of time if blocks are randomly found fast, but the statistics works out that this won't last long and waiting x blocks solves the issue. You're better than me at the math but I'd bet that 6ish confirmations works out to good enough.

If a majority of miners are intentionally doing this, then we have a 51% attack underway and lots of assumptions break down.

I question the need for new messages to help SPV clients find the right path because 1) they seem exploitable to me and 2) all they need is the header chain to find the right path and headers are already short and fast to transmit. Waiting for x blocks again seems to protect them if you assume a majority of well connected miners.