Hi Eric,
> Validating the headers is inconsequential if you are not verifying tx
> inclusion. That's what SPV is, and people should not be misled into believing
> that this is SPV.
I did not claim header validation alone validates the UTXO set, and I have not
suggested AssumeUTXO is SPV. What I wrote was that an AssumeUTXO node "is not
'not validated'". Headers are validated upfront and the historical chain is
validated in the background. Together, that is the same work as a normal IBD,
performed in a different order.
The trust window during background validation is also limited, and the attack
surface within it is narrow. An incoming payment can only be confirmed in a
mined block on the headers-validated chain. For an attacker to trick the user
into accepting a transaction that spends UTXOs which exist only in a malicious
snapshot, the majority of mining hashpower would have to be running nodes that
accepted and continued to run based only on the same malicious snapshot. The
snapshot hash itself would still have to have been compromised through the
source code review process. Even then, background validation would detect the
inconsistency when it reaches the snapshot height.
> Above you make the explicit claim that Bitcoin Core is the oracle for this
> "sole trust input". If that is the case you should add it to the proposal so
> that people are fully aware. If so the proposal establishes a central
> authority for validity.
The AssumeUTXO hash is a constant in Bitcoin Core source code. It is added via
a normal pull request, reviewed by multiple contributors, and any user with a
fully validated UTXO set can independently reproduce it. It carries the same
trust as every other part of the codebase including very similar constants,
such as the genesis block hash, assumevalid, the network magic, the DNS seed
list. If that makes Bitcoin Core a "central authority for validity," the same
has been true of every released version since 2009 and the same applies to
libbitcoin and any other implementation, where users similarly trust the code
they have built and run.
The BIP intentionally leaves the source of the Merkle root to the
implementation. The protocol's job is to enable transferring and verifying UTXO
data once a root is known, not to dictate how each implementation establishes
that root. Bitcoin Core's existing AssumeUTXO feature is one concrete example
of how this can work; other implementations are free to choose differently.
Best,
Fabian