&gt; From: Fabian<br /><br />&gt; &gt; Validating the headers is inconsequential if you are not verifying tx<br />&gt; &gt; inclusion. That's what SPV is, and people should not be misled into<br />&gt; &gt; believing that this is SPV.<br />&gt; <br />&gt; I did not claim header validation alone validates the UTXO set,<br />&gt; and I have not suggested AssumeUTXO is SPV.<br /><br />I did not say that you did.<br /><br />You said in response to me (my comment first):<br /><br />&gt;&gt;&gt; Receiving payments without having validated is an exceedingly unwise scenario,<br />&gt;&gt;&gt; and not worthy of protocol support.<br />&gt;&gt;<br />&gt;&gt; I also need to add that an AssumeUTXO node is not<br />&gt;&gt; "not validated". The header chain is fully validated before the snapshot is<br />&gt;&gt; loaded, and the historical blocks are validated in the background. The work<br />&gt;&gt; is the same, only the node becomes usable earlier.<br /><br />We are clearly talking about the period between obtaining the assumption and having validated it. This is the entire purpose of the feature. Defending the security of the feature by referring to the time *after* the feature becomes irrelevant is non-responsive.<br /><br />You are referring to header validation as if it provides some aspect of security in this period. The only way it could being doing so is SPV. So I said:<br /><br />"Validating the headers is inconsequential if you are not verifying tx inclusion."<br /><br />&gt; What I wrote was that an AssumeUTXO node "is not 'not validated'".<br /><br />And this is incorrect in the relevant period, and moot once that period ends.<br /><br />&gt; Headers are validated upfront and the historical chain is validated in the background.<br /><br />The sole purpose of the feature is to use the node without validation. Validating headers is only useful for (1) SPV or (2) DoS protection while validating.<br /><br />&gt; Together, that is the same work as a normal IBD, performed in a different order.<br /><br />It just happens that the order matters. You can't have it both ways.<br /><br />&gt; An incoming payment can only be confirmed in a<br />&gt; mined block on the headers-validated chain. For an attacker to trick the user<br />&gt; into accepting a transaction that spends UTXOs which exist only in a malicious<br />&gt; snapshot, the majority of mining hashpower would have to be running nodes that<br />&gt; accepted and continued to run based only on the same malicious snapshot.<br /><br />It seems that it's not apparent to you that you are exactly describing SPV. The recipient cannot validate the tx, or the block, or even the amount of the prevout for non-segwit txs. But he can verify inclusion - by doing exactly what SPV does. The wallet follows the strong chain, verifies inclusion, and assumes validity of what's included. This is exactly the SPV security model. SPV with extra steps.<br /><br />However it has notable downsides in relation to SPV.<br /><br />(1) startup cost is much higher (big download)<br />(2) wallet complexity is pushed into nodes (e.g. dual chainstate, see thread)<br />(3) inclusion proofs are not available for any tx supposedly confirmed within the assumption window (usage gap)<br />(4) trust must be established in the assumption in order to prevent very costly DoS (wasted full chain validation - same problem as swift sync)<br />(5) degrades the formerly trustless p2p network.<br /><br />&gt; The snapshot hash itself would still have to have been<br />&gt; compromised through the source code review process.<br /><br />This has been covered and is not relevant.<br /><br />&gt; Even then, background validation would detect the inconsistency when it<br />&gt; reaches the snapshot height.<br /><br />The person is already using the node, and this could carry on for weeks or forever. As you previously pointed out, this is a long-term solution to performance. At some point it might take years to perform a sequential validation.<br /><br />&gt; &gt; Above you make the explicit claim that Bitcoin Core is the oracle for<br />&gt; &gt; this "sole trust input". If that is the case you should add it to the<br />&gt; &gt; proposal so that people are fully aware. If so the proposal<br />&gt; &gt; establishes a central authority for validity.<br />&gt;<br />&gt; The BIP intentionally leaves the source of the Merkle root to the<br />&gt; implementation.<br /><br />So the BIP punts this aspect of security, and yet you keep claiming it's secure because of Bitcoin Core and code review. You are trying to have it both ways here as well.<br /><br />This proposes a very poorly implementation of what is fundamentally the SPV security model, for the period until a node can be fully validated. I don't see any justification for putting this into a node or the P2P network. People already widely use SPV wallets and direct them to their own full nodes for better security.<br /><br />Best,<br />Eric<br />

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href="https://groups.google.com/d/msgid/bitcoindev/20050ee8-6bd6-4372-a81e-ef51ffcc376an%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/20050ee8-6bd6-4372-a81e-ef51ffcc376an%40googlegroups.com</a>.<br />