Justus Ranvier [ARCHIVE] on Nostr: š Original date posted:2015-07-05 š Original message:On 07/05/2015 01:50 PM, ...
š
Original date posted:2015-07-05
š Original message:On 07/05/2015 01:50 PM, Eric Lombrozo wrote:
> The only practical way for the network to function at present (and what has
> essentially ended up happening, if often tacitly) is by introducing trust,
> in validators, miners, relayers, explorer websites, online wallets,
> etc...which in and of itself wouldn't be the end of the world were it not
> for the fact that the raison d'etre of bitcoin is trustlessness - and the
> security model is very much based on this idea. Because of this, there's
> been a tendency to deny that bitcoin cannot presently scale without trust.
> This is horrible because our entire security model has gone out the
> window...and has been replaced with something that isn't specified at all!
When I read this, I get the impression that you (and possibly many
others) never actually understood the Bitcoin security model in the
first place.
Bitcoin is a digital cash system that prevents double spending without
using a trusted third party.
More specifically, successful double spending in Bitcoin requires an
attacker to pay a proof of work cost that exceeds the cumulative proof
of work paid by all non-attackers since the original spend.
The security model holds for any user who has access to the complete
blockchain, and currently does not hold for all users who do not. An
attacker can double spend without paying the full PoW cost the security
model requires if users do not have a full copy of the blockchain which
which to verify the attacker's blocks.
That's a problem, but it's not an unfixable problem.
The reason an attacker can fool SPV clients into accepting invalid
blocks is because there exists no mechanism via which honest nodes can
prove the invalidity of blocks.
Implement that mechanism, and the security of SPV clients will far more
closely resemble the security of full nodes.
--
Justus Ranvier
Open Bitcoin Privacy Project
http://www.openbitcoinprivacyproject.org/
justus at openbitcoinprivacyproject.org
E7AD 8215 8497 3673 6D9E 61C4 2A5F DA70 EAD9 E623
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xEAD9E623.asc
Type: application/pgp-keys
Size: 18381 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150705/1fe13a75/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150705/1fe13a75/attachment-0001.sig>
š Original message:On 07/05/2015 01:50 PM, Eric Lombrozo wrote:
> The only practical way for the network to function at present (and what has
> essentially ended up happening, if often tacitly) is by introducing trust,
> in validators, miners, relayers, explorer websites, online wallets,
> etc...which in and of itself wouldn't be the end of the world were it not
> for the fact that the raison d'etre of bitcoin is trustlessness - and the
> security model is very much based on this idea. Because of this, there's
> been a tendency to deny that bitcoin cannot presently scale without trust.
> This is horrible because our entire security model has gone out the
> window...and has been replaced with something that isn't specified at all!
When I read this, I get the impression that you (and possibly many
others) never actually understood the Bitcoin security model in the
first place.
Bitcoin is a digital cash system that prevents double spending without
using a trusted third party.
More specifically, successful double spending in Bitcoin requires an
attacker to pay a proof of work cost that exceeds the cumulative proof
of work paid by all non-attackers since the original spend.
The security model holds for any user who has access to the complete
blockchain, and currently does not hold for all users who do not. An
attacker can double spend without paying the full PoW cost the security
model requires if users do not have a full copy of the blockchain which
which to verify the attacker's blocks.
That's a problem, but it's not an unfixable problem.
The reason an attacker can fool SPV clients into accepting invalid
blocks is because there exists no mechanism via which honest nodes can
prove the invalidity of blocks.
Implement that mechanism, and the security of SPV clients will far more
closely resemble the security of full nodes.
--
Justus Ranvier
Open Bitcoin Privacy Project
http://www.openbitcoinprivacyproject.org/
justus at openbitcoinprivacyproject.org
E7AD 8215 8497 3673 6D9E 61C4 2A5F DA70 EAD9 E623
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xEAD9E623.asc
Type: application/pgp-keys
Size: 18381 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150705/1fe13a75/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150705/1fe13a75/attachment-0001.sig>