Moreover, "tricking someone into a false block chain header list" requires you in any case to spend PoW on that block chain header list of the same order of magnitude than the prong you want your SPV victim to believe. If you do that, you can just as well trick a full node into your prong.
SPV clients cannot validate the rules of the network and will hence be able to be tricked into a block with valid PoW but with differing rules from the reference clients. They are hence invalid as per full nodes which validates the full block.
Since SPV clients blindly follow the chain with the longest valid PoW, it isn't hard to cheat a SPV client.
No, as I outlined, that is not correct. In order to trick me into believing that, you have to provide me with of course the fake transaction, but you also have to provide me with the leg of the Merkle tree that connects its root to the transaction. That Merkle root is included in the block chain header list I have.
If that header list is ending on the block chain headers that mining pools are currently mining on, then I know that that transaction is a part of the very block chain miners are mining on right now. That is exactly the same block chain that full nodes have right now also.
Again: if, of two block chains, the leading heads of the header blocks are the same, both the ENTIRE BLOCK CHAINS are identical.
No disagreements here.
OK, great.
So there's no such thing as a rogue SPV server, IF I can have access to the latest block headers being mined right now. And even if I cannot have access to the latest blocks being mined (and then, my full node wouldn't get access either), that "rogue SPV server" still has to spend a lot of PoW to make the false prong. He will have to spend as much PoW grossly as attacking the real chain, and for this attack to succeed, he must also ensure himself to avoid me of learning about the real chain (that may have somewhat more PoW).
Your client assumes the chain with the longest PoW as the correct chain. If this happens, isn't your SPV client vulnerable?
A full node is just as "vulnerable" to such an attack.
A full node is vulnerable to a 51% attack definitely. But isn't your point about a block which violates the protocol rules? If anything, that block isn't valid.
No, it is not a 51% attack. It is "isolating a full node network-wise, and have him swallow a (correctly mined) side prong of the actual chain". Then you can make believe that full node that this is the correct chain - and it is A correct chain - but it is not the current consensus "out there".
However, in order to pull that feat, you have:
1) to isolate your victim network-wise
2)
still to make that side prong with all the PoW that goes into itwhich makes this attack highly improbable.
If I can know the latest headers, I cannot be tricked into accepting anything in the block chain that a full node that is accepting these latest headers, wouldn't have accepted either.
And that begs the question: How do you get the latest headers, with a certainty that it is valid.
The same way a full node does. In order to provide me, SPV user, with a "false prong of block chain headers" you have to do exactly as I previously indicated:
1) isolate me network-wise so that I cannot talk to the majority miners
2) still you'd have to MAKE that false chain of headers with all the PoW that goes into it.
The ONLY difference between me, SPV client, and a full node, is that I'm not going to download the block bodies, and
check the block body validity. I take it that
if miners are willing to spend a lot of PoW building on top of such blocks, that they've verified them, or that bitcoin is, as I said, broken, because the actual consensus block chain out there contains, deep down, false blocks, and miners still continue to put MAJORITY HASH RATE on top of it.
If there's a block, 6 or more blocks deep, and with majority hash rate (in fact, with no other prong around) still mining on top of it, I take it that that block is correct, or that bitcoin is broken. In order for me to know that, I simply have to find 6 block headers on top of the block I'm considering, and I know that that hash rate has been spent on it. If ever that block were false, it would be utmost amazing that miners are putting full hash rate on it, and are NOT mining on the "correct" side prong.
If a rogue SPV server cannot succeed in isolating me from the network, then in order to trick me, he has to pull a full 51% attack to convince me to take his, majority POW prong, over the "real" one. But in as much as he can pull that, he could actually attack the real block chain just as well. And in as much as he's pulling that on top of a false block, why wouldn't he attack the real chain ?