Hi Eric, > Validating the headers is inconsequential if you are not verifying tx > inclusion. That's what SPV is, and people should not be misled into believing > that this is SPV. I did not claim header validation alone validates the UTXO set, and I have not suggested AssumeUTXO is SPV. What I wrote was that an AssumeUTXO node "is not 'not validated'". Headers are validated upfront and the historical chain is validated in the background. Together, that is the same work as a normal IBD, performed in a different order. The trust window during background validation is also limited, and the attack surface within it is narrow. An incoming payment can only be confirmed in a mined block on the headers-validated chain. For an attacker to trick the user into accepting a transaction that spends UTXOs which exist only in a malicious snapshot, the majority of mining hashpower would have to be running nodes that accepted and continued to run based only on the same malicious snapshot. The snapshot hash itself would still have to have been compromised through the source code review process. Even then, background validation would detect the inconsistency when it reaches the snapshot height. > Above you make the explicit claim that Bitcoin Core is the oracle for this > "sole trust input". If that is the case you should add it to the proposal so > that people are fully aware. If so the proposal establishes a central > authority for validity. The AssumeUTXO hash is a constant in Bitcoin Core source code. It is added via a normal pull request, reviewed by multiple contributors, and any user with a fully validated UTXO set can independently reproduce it. It carries the same trust as every other part of the codebase including very similar constants, such as the genesis block hash, assumevalid, the network magic, the DNS seed list. If that makes Bitcoin Core a "central authority for validity," the same has been true of every released version since 2009 and the same applies to libbitcoin and any other implementation, where users similarly trust the code they have built and run. The BIP intentionally leaves the source of the Merkle root to the implementation. The protocol's job is to enable transferring and verifying UTXO data once a root is known, not to dictate how each implementation establishes that root. Bitcoin Core's existing AssumeUTXO feature is one concrete example of how this can work; other implementations are free to choose differently. Best, Fabian On Monday, May 18th, 2026 at 3:48 AM, Eric Voskuil wrote: > Hi sadiq, > > I apologize for missing this comment: > >> Since my use case is data analysis, not receiving payments... > > If security is not essential to your use case you can simply download from a trusted source. This is not a valid use case for the P2P network. > > Best, > Eric > > -- > You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/062656d4-7ddd-4fa4-8db0-48bae6d73b42n%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/6F9aFh3mB9geayXC2ScrYoLxVlN-4Kc3yuLDjc0mZPK4kIehqoKobca8fADI65TNuwNslVHDMWq3YyRMFgI7HyXI-tY9spsQqbNJ42gGPsM%3D%40protonmail.com.