From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 19 May 2026 04:09:22 -0700 Received: from mail-oa1-f55.google.com ([209.85.160.55]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wPIK9-0006Jj-Os for bitcoindev@gnusha.org; Tue, 19 May 2026 04:09:22 -0700 Received: by mail-oa1-f55.google.com with SMTP id 586e51a60fabf-439eef93638sf7783148fac.2 for ; Tue, 19 May 2026 04:09:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1779188955; cv=pass; d=google.com; s=arc-20240605; b=Qo3T84Lmzbet2w8raZObz29/P3Q7sKQvy5xUgsS5aE3lcXqJ5KLdTxWHQVRqkggRn1 39KIuSzghXCxwFVT9yMM06wKGFpjO7DAwA6vXEUqqMiOeEWQ5MPm+/GQh8nC2QalPdtn I8s/xxGZ0dWd7PVOxaKB5UBa1jrYrhcW782M8K+E9xwZWDo8IHctSq0N/e5hWCtdpDXh jZxO1KQGc+glmAeZbJXOdkH9NPIlyBPibXViq6m7egWfPYXpaSdqPTRl8RWo8Ku6/vtV ng77T1hDUKrRQmqhxqL6I7/pOu48h9qgfHED2Kxovuvj0cpLKh2KvHAxkDDtEVleqwsW yx2A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:feedback-id :references:in-reply-to:message-id:subject:cc:from:to:date :dkim-signature; bh=ZECLonyv/S8lzEztb64xLhkTHJi2HYCVdsC30rb7xOk=; fh=5d+1USSklQilfleNa/xkcn5t5T1ObRX14TPlouZl0jM=; b=DlznBbg1GoEJJCKMdE03qycK8H2bgEBRmaVeKuTzaUtzMyRpvkLfLwaQLLSKvhoy5e h0PJqn64rv19xUrjwJXozvzmfnbXRwiIWZwxo7HOc6EPXEqBlZZaUk0L7ggG+NwrS0zq uTmKS1eLSLix35hblY+nukSjjqdOGXDp7lPNeKxY6Bl3uQQqAbRLwtg1YCK/4fTBifc2 IpHq6kdkv59uIsg7aLiHZhezrsJFb2Odn/QbeMeqdJ/t9/n2bxWBVYxyMsOw4CiEStKQ tfVkR8SWV/kkyQG/K9/XWfcLIz4Hs/pq6tHzFGP/1oDz+4G9IPMimINaa3n9pogB8UF/ znuw==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=T08JSYqF; spf=pass (google.com: domain of fjahr@protonmail.com designates 185.70.43.16 as permitted sender) smtp.mailfrom=fjahr@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1779188955; x=1779793755; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:from:to:cc:subject:date:message-id:reply-to; bh=ZECLonyv/S8lzEztb64xLhkTHJi2HYCVdsC30rb7xOk=; b=vIScHJ6k3/zFA1F7a++f9F1KjWh5M9bD0rJGvFsfR20d6MkjOCSGZag6nbx59L1jZR UYYCBECcjcG8tqEWePRWblrUUzrsPy1omsiWvFwqxTDQNW2s82cIWCWVB/c4x+1WbfQQ 5ealjfPPQPhs/eRxRoVM9LK/QFRtWTRfm76c0lTY8fM3uKXL7xRPmCUc2NYtYcdFX42Y CICH0xuuiqcXbfuAoPeq16MHIVGm25JoyDziFH+lZ+hvFuDJooGBEgoywJ+rRT6ZvKrL frJM7dw2RULghIZO1BbqNsJAOzSeB6vPfZhj6OmO7Ih0YtTwfiIx1z6HfUpo6ylDn9IN z+UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779188955; x=1779793755; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZECLonyv/S8lzEztb64xLhkTHJi2HYCVdsC30rb7xOk=; b=ek5nf7019f3gTWSRXLQ/hS4YTDnYbaFz3lZrobcCwprzBuyVlPWUPZcusWBXCa2nWz KpqndCqoVSw5rG4SYCbd1N8iIkYEZ6D0Gdr9O9nAXpWg+0n4Vb1QZr1vyrB5Lk0RAAVS Z3Snr6FYw5OaAo3uB5XsL98vm5ADUJdFV+AtRLlmykmpP3uYnafnBwaFa1tVReSt24Af aFHtCIkaz9xypiKWOz4Z6d9Xl5iKwKn8fwztDvO/wp2YcsMcZYzDx59Bl3h5vzDwm2zZ OJBVdgLQFVrefocMwWJrMBUpgt/eRO54geZVRLw5UbkjXaHnqAaiMwFcCw/oCApQR6cs rzlw== X-Forwarded-Encrypted: i=2; AFNElJ9MaWW1g9x9BNmsWw8CKtI3nhI6UZf5fKmqPhqmlzWsArfANgVOiYqAN+HrIajN/zqKjYuAyR9AklNq@gnusha.org X-Gm-Message-State: AOJu0YyddxQZRPMia2zJh9BlZin0kEhvSNM9p+Veyzjn0vWIlC77FSi1 DJmMk1uPw096wx1zO9nVMxruwKFggLieDdbGS88H4DWJcNqrHgNMKnJe X-Received: by 2002:a05:6870:8e0d:b0:439:afdf:333d with SMTP id 586e51a60fabf-43a2e115829mr11097600fac.33.1779188955398; Tue, 19 May 2026 04:09:15 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AUV6zMOvUFz2WJj+yMbugb3Af4CGcKvHVqRMt+xyAz20+/Wlvw==" Received: by 2002:a05:6870:3910:b0:439:d30a:2b97 with SMTP id 586e51a60fabf-43a01b899b3ls4857585fac.1.-pod-prod-01-us; Tue, 19 May 2026 04:09:10 -0700 (PDT) X-Received: by 2002:a05:6808:350b:b0:46a:7ab9:c339 with SMTP id 5614622812f47-482e560a878mr11855245b6e.14.1779188950099; Tue, 19 May 2026 04:09:10 -0700 (PDT) Received: by 2002:a05:6402:1c1e:b0:672:bd1b:222f with SMTP id 4fb4d7f45d1cf-68214c9dc87msa12; Tue, 19 May 2026 01:37:01 -0700 (PDT) X-Received: by 2002:aa7:de14:0:b0:676:54d5:bc70 with SMTP id 4fb4d7f45d1cf-683bd78c3d3mr7512356a12.25.1779179819307; Tue, 19 May 2026 01:36:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779179819; cv=none; d=google.com; s=arc-20240605; b=CTd6VF7aNCrmkOmN4IH8xV7VpsQeyWrxBugncFiOR9Qn92tvPqW2xnu4A9tQE8g/KS sJHaR8DZQIT0C4uWTWc4pmIeieM3CRp9BfaAiFGdCc1zMKdZsDyOjInPnuZjg6nAaHQf G4OECuKfPQKIuoQYsAEYfZ/HnmvdBxemnrR6KVaNQBVR7qzcJT+Ck1QHs9NrBbO0Vi6w SXvR3KP2hwwyOisiycmDdYC6GFO7B3V2ux+F346DSb0N5XNs/GcSS4YXbJIRmYRHtRpp hfgJ5fP8T+Fx0asNdSCTpiX3qBRRtFi4XoS0Jb03wIAblQGU+JRIqCsCdPPvlPh9XA7c npvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:feedback-id:references:in-reply-to:message-id:subject :cc:from:to:date:dkim-signature; bh=gO1ezCTKAmIcKIcG8O9TUAu1dkWPBLXtrsvBp82eoAs=; fh=VUyRMGDsLDyKXHBc8DWjokFBiSMTvXavinKdBJZhUls=; b=TJVLyIduvmwCDGWGVN4UXCb+ol9zxLc+wpWSfF+RpcfXHvLXp0Xw3J/EtJ1fLKPXJ1 E/hATavCjTPZBpHKD7B6YDdHG7MJXhY4Eyh/vsrpQl0H4BSat0gQxI3b+vkf6Qpo1vO6 J2JI4Gr7s0STg0K7EXpC8Ha0adNL6gNjBY2eu9/w8sOZ84c7VYVsUH6OpefCOCuX7Z8y w5FWdRhLPonNHk+DMCngJqDSKI+1qMGgB7hJCUSurjlTSDy1wDTkA3zOSqqCZm7HeWbS frgOnQbo4dWTGHF0maTlrBoFQhHFZQFcIVxM58jr5HW9sald+2ZULAewHd0ij71J7N5w 8bSw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=T08JSYqF; spf=pass (google.com: domain of fjahr@protonmail.com designates 185.70.43.16 as permitted sender) smtp.mailfrom=fjahr@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch. [185.70.43.16]) by gmr-mx.google.com with ESMTPS id 4fb4d7f45d1cf-683115672e4si400442a12.7.2026.05.19.01.36.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 May 2026 01:36:59 -0700 (PDT) Received-SPF: pass (google.com: domain of fjahr@protonmail.com designates 185.70.43.16 as permitted sender) client-ip=185.70.43.16; Date: Tue, 19 May 2026 08:36:54 +0000 To: Eric Voskuil From: "'Fabian' via Bitcoin Development Mailing List" Cc: Bitcoin Development Mailing List Subject: Re: [bitcoindev] Re: [BIP Draft] P2P UTXO Set Sharing Message-ID: <6F9aFh3mB9geayXC2ScrYoLxVlN-4Kc3yuLDjc0mZPK4kIehqoKobca8fADI65TNuwNslVHDMWq3YyRMFgI7HyXI-tY9spsQqbNJ42gGPsM=@protonmail.com> In-Reply-To: <062656d4-7ddd-4fa4-8db0-48bae6d73b42n@googlegroups.com> References: <002301dce4cf$27bc3040$773490c0$@voskuil.org> <26c7fd2e-d35d-4ed4-9638-18c95efc75dfn@googlegroups.com> <062656d4-7ddd-4fa4-8db0-48bae6d73b42n@googlegroups.com> Feedback-ID: 5067558:user:proton X-Pm-Message-ID: 79381ae5c93b8d5d57c04791b3ca965457877d35 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1=_AHc3733egihFTYJtTcxTOvNgDKyYp1p6SueW2ob2I" X-Original-Sender: fjahr@protonmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=T08JSYqF; spf=pass (google.com: domain of fjahr@protonmail.com designates 185.70.43.16 as permitted sender) smtp.mailfrom=fjahr@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com X-Original-From: Fabian Reply-To: Fabian Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) --b1=_AHc3733egihFTYJtTcxTOvNgDKyYp1p6SueW2ob2I Content-Type: text/plain; charset="UTF-8" Hi Eric, > Validating the headers is inconsequential if you are not verifying tx > inclusion. That's what SPV is, and people should not be misled into believing > that this is SPV. I did not claim header validation alone validates the UTXO set, and I have not suggested AssumeUTXO is SPV. What I wrote was that an AssumeUTXO node "is not 'not validated'". Headers are validated upfront and the historical chain is validated in the background. Together, that is the same work as a normal IBD, performed in a different order. The trust window during background validation is also limited, and the attack surface within it is narrow. An incoming payment can only be confirmed in a mined block on the headers-validated chain. For an attacker to trick the user into accepting a transaction that spends UTXOs which exist only in a malicious snapshot, the majority of mining hashpower would have to be running nodes that accepted and continued to run based only on the same malicious snapshot. The snapshot hash itself would still have to have been compromised through the source code review process. Even then, background validation would detect the inconsistency when it reaches the snapshot height. > Above you make the explicit claim that Bitcoin Core is the oracle for this > "sole trust input". If that is the case you should add it to the proposal so > that people are fully aware. If so the proposal establishes a central > authority for validity. The AssumeUTXO hash is a constant in Bitcoin Core source code. It is added via a normal pull request, reviewed by multiple contributors, and any user with a fully validated UTXO set can independently reproduce it. It carries the same trust as every other part of the codebase including very similar constants, such as the genesis block hash, assumevalid, the network magic, the DNS seed list. If that makes Bitcoin Core a "central authority for validity," the same has been true of every released version since 2009 and the same applies to libbitcoin and any other implementation, where users similarly trust the code they have built and run. The BIP intentionally leaves the source of the Merkle root to the implementation. The protocol's job is to enable transferring and verifying UTXO data once a root is known, not to dictate how each implementation establishes that root. Bitcoin Core's existing AssumeUTXO feature is one concrete example of how this can work; other implementations are free to choose differently. Best, Fabian On Monday, May 18th, 2026 at 3:48 AM, Eric Voskuil wrote: > Hi sadiq, > > I apologize for missing this comment: > >> Since my use case is data analysis, not receiving payments... > > If security is not essential to your use case you can simply download from a trusted source. This is not a valid use case for the P2P network. > > Best, > Eric > > -- > You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/062656d4-7ddd-4fa4-8db0-48bae6d73b42n%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/6F9aFh3mB9geayXC2ScrYoLxVlN-4Kc3yuLDjc0mZPK4kIehqoKobca8fADI65TNuwNslVHDMWq3YyRMFgI7HyXI-tY9spsQqbNJ42gGPsM%3D%40protonmail.com. --b1=_AHc3733egihFTYJtTcxTOvNgDKyYp1p6SueW2ob2I Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Er= ic,

> Validating the headers is inconseq= uential if you are not verifying tx
> inclusion. = That's what SPV is, and people should not be misled into believing
> that this is SPV.

I did not claim header validation alone validates the UTXO set, and I have= not
suggested AssumeUTXO is SPV. What I wrote was t= hat an AssumeUTXO node "is not
'not validated'". Hea= ders are validated upfront and the historical chain is
validated in the background. Together, that is the same work as a normal= IBD,
performed in a different order.

The trust window during background validation is al= so limited, and the attack
surface within it is narr= ow. An incoming payment can only be confirmed in a
m= ined block on the headers-validated chain. For an attacker to trick the use= r
into accepting a transaction that spends UTXOs whi= ch exist only in a malicious
snapshot, the majority = of mining hashpower would have to be running nodes that
accepted and continued to run based only on the same malicious snapshot= . The
snapshot hash itself would still have to have = been compromised through the
source code review proc= ess. Even then, background validation would detect the
inconsistency when it reaches the snapshot height.

=
> Above you make the explicit claim that Bitcoin Core i= s the oracle for this
> "sole trust input". If th= at is the case you should add it to the proposal so
= > that people are fully aware. If so the proposal establishes a central<= /span>
> authority for validity.

The AssumeUTXO hash is a constant in Bitcoin Core source cod= e. It is added via
a normal pull request, reviewed b= y multiple contributors, and any user with a
fully v= alidated UTXO set can independently reproduce it. It carries the same
trust as every other part of the codebase including very = similar constants,
such as the genesis block hash, a= ssumevalid, the network magic, the DNS seed
list. If= that makes Bitcoin Core a "central authority for validity," the same
has been true of every released version since 2009 and th= e same applies to
libbitcoin and any other implement= ation, where users similarly trust the code
they hav= e built and run.

The BIP intentionall= y leaves the source of the Merkle root to the
implem= entation. The protocol's job is to enable transferring and verifying UTXO
data once a root is known, not to dictate how each im= plementation establishes
that root. Bitcoin Core's e= xisting AssumeUTXO feature is one concrete example
o= f how this can work; other implementations are free to choose differently.<= /span>

Best,
Fabian
On Monday, May 18th, 2026 at 3:48 AM, Eric Voskuil <eric@voskuil= .org> wrote:
Hi sadiq,

I apolo= gize for missing this comment:

> Since my use case is data analys= is, not receiving payments...

If security is not essential to your u= se case you can simply download from a trusted source. This is not a valid = use case for the P2P network.

Best,
Eric

--
You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+u= nsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/062656d4-7ddd-4fa4-8db= 0-48bae6d73b42n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= 6F9aFh3mB9geayXC2ScrYoLxVlN-4Kc3yuLDjc0mZPK4kIehqoKobca8fADI65TNuwNslVHDMWq= 3YyRMFgI7HyXI-tY9spsQqbNJ42gGPsM%3D%40protonmail.com.
--b1=_AHc3733egihFTYJtTcxTOvNgDKyYp1p6SueW2ob2I--