Pages:
Author

Topic: Why the fuck did Satoshi implement the 1 MB blocksize limit? (Read 2188 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
This thread has devolved into a lot of trolling, mudslinging, and flaming. Thus it shall be locked.
newbie
Activity: 9
Merit: 0
That isn't what he said, and you know it.

dinofelis, your only discernible input on this forum is misrepresenting facts in a (kind of) subtle way. Well, you're also good at avoiding direct debunking of the things you say which aren't true.

You ought really to be banned, as it's too obvious that you're not interested in any kind of constructive debate, and never have been (unfortunately, dinofelis is likely the owner of many accounts that have been created with a suspiciously similar style of debate, only adding to the perception that the owner is very intent on wasting everyone's time on Bitcointalk.org)

Are you the one they send in to abuse people and if they answer back they get banned because many of you're posts seem to be picking a fight with people not
quite seeing things your way.

Quote
That isn't going to be happening, the best strategy with your posts is to skim-read them until one finds the deliberate errors you try to promote as facts

I wonder why you have not been banned or are you in with the owners ?



Definitely agreeing with you here RNC, these guys are the aggressive ones... I feel like we're all reading a different conversation, or there is some joke I'm just not getting?

I read this entire discussion, followed the links and sources cited by everyone, did more research on my own to understand the conversation a little better as it's quite meaningful.

All I see is these guys bashing on dinofelis when he/she is the only one keeping their cool, while engaging in discussion, rebuking their points, and them occasionally rebuking his, but after they do, and he replies to their point with more validation, they seem to disappear or get defensive/aggressive and bark about something different.

So, yeah, you all raised different points of which I can't comprehend all of it, but, for the most part, I learned a lot from this discussion, and seeing the negativity towards dinofelis seems pretty unfounded and unfair and completely pointless to the discussion.

As an outsider, learning about this more technical stuff, he/she is the only one that doesn't seem like an asshole. If he/she is wrong, just cite your sources and outsiders like me will side with you, not  your shitty aggressiveness.

Can any other experts please weigh in, as dino has been carrying this thread with good and meaningful discussion, not only on the technology front but the whole different perspectives/philosophies surrounding BTC.

Spurred by a good question from Anyonmous_kid that just sent me down the rabbit hole for 2 hours of reading/researching.

Now please, thank each other for allowing less technically inclined people like me to view/understand a more nuanced technology, still in it's infancy, so that we plebs can better conceptualize/visualize the whole eco-system surrounding block-chain technology/btc. 

Anyway, I literally created this account to say this because I feel that this forum is very useful and much better than reddit, and then I see assholes on here that have "legendary" status that just get away with shit-talking others but not getting modded or actually providing empirical evidence, or any research/sources other than hearsay to refute, what feels like a good discussion.

Bah, whatever, thank you, stop being mean, I really enjoy the discussion and the debate is good for us plebs, make us feel better knowing even you smarter folk have varying perspectives on this whole crypto-movement thing, just drop the attitude, it's quite pathetic and makes things confusing for us less-technically inclined people trying to decipher fact from anecdotal points of view.

sr. member
Activity: 257
Merit: 343
Gentlemen!  Angry

This is not a forum to through with mud. This behavior shows a certain level of infancy. Please respect each other. There are enough trolls in the Reddit’s, but we shouldn‘t come down to the same level here.

I fully understand that this is tough times for bitcoin and I see, that some people are really disappointed.
This doesn‘t give anyone the right to start insulting others...

There are those here in the forum, who have a high level of reputation AND KNOWLEDGE, and those who are challenging the actual view. Yes, why not? It now became a religious fight about who is wrong, and who is right. Does this make sense?

Those who got it, have left, those who are touched by the provocation are reacting angry, and only support the continuation of the nonsense.

I want to reply with Aretha:
Think !
(Before you reply)

RNC
newbie
Activity: 42
Merit: 0
That isn't what he said, and you know it.

dinofelis, your only discernible input on this forum is misrepresenting facts in a (kind of) subtle way. Well, you're also good at avoiding direct debunking of the things you say which aren't true.

You ought really to be banned, as it's too obvious that you're not interested in any kind of constructive debate, and never have been (unfortunately, dinofelis is likely the owner of many accounts that have been created with a suspiciously similar style of debate, only adding to the perception that the owner is very intent on wasting everyone's time on Bitcointalk.org)

Are you the one they send in to abuse people and if they answer back they get banned because many of you're posts seem to be picking a fight with people not
quite seeing things your way.

Quote
That isn't going to be happening, the best strategy with your posts is to skim-read them until one finds the deliberate errors you try to promote as facts

I wonder why you have not been banned or are you in with the owners ?

hero member
Activity: 770
Merit: 629
ad hominem

Ooh, you cribbed some Latin words from the Interwebs!  Fancy!  Too bad you know nothing of logic or rhetoric.

Like “appeal to authority”, argumentum ad hominem is only an informal fallacy; unlike formal fallacies, there are situations in which these are not fallacious at all.  For example, whereas you have repeatedly shown yourself to be willfully ignorant and ineducable, it is not a fallacy to point out that achow101 is an expert (he is) and you are a doofus (you are).  He is right.  You are wrong.  Quod erat demonstrandum.

That’s not the most rigorous proof I’ve ever made, but it’s more than you deserve.  So, get lost.

Appeal to authority over a cryptographic reasoning in a trustless system  Grin

Do you have any technically and cryptographically sound arguments that may contribute anything to the discussion too ?  Up to now, you sound somewhat like the cardinals telling Galileo that he could get lost (or could get burned) because the authority, Aristotle, said that the earth didn't turn and the Pope too said that he was wrong.  That's not how science, or any rational reasoning, is done.

Do you have an argument against my essentially mathematical demonstration that the SPV system can only be fooled in those circumstances where:
1) a full node would be fooled too
or
2) the currently ongoing block chain with the highest PoW contains blocks that are false, ie. contain double spendings, but a large majority of miners nevertheless continues to build upon it ?


I indicated where achow101's answer went wrong, namely that the SPV has the block header chain, just as well as a full node has it.  He somehow thought that the SPV protocol consisted in just giving one correctly mined block independent of the block header list.  But that's not correct.  Even an SPV client gets all block HEADERS.  If one would only mine one stand alone block, yes that wouldn't be cryptographically secure, and that's essentially what achow101 tells me.  But that's not SPV.

The only thing that an SPV node doesn't do, and a full node does, is to see whether the block bodies are correct.  Miners are supposed to do that. But an SPV node cannot be tricked in believing a correctly mined block is part of the chain while it isn't, because it wouldn't fit with the header list.  
So only two possibilities remain:
1) the header list I obtained is wrong to trick me
or
2) the block is wrong (contains a double spend)

Well, if it is 1), a full  node is just as vulnerable ; and this attack is hugely expensive in PoW.
If it is 2) it means that the chain with most PoW has been mining on top of a false block since quite a while.

Hence my statement is proven.  

copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
ad hominem

Ooh, you cribbed some Latin words from the Interwebs!  Fancy!  Too bad you know nothing of logic or rhetoric.

Like “appeal to authority”, argumentum ad hominem is only an informal fallacy; unlike formal fallacies, there are situations in which these are not fallacious at all.  For example, whereas you have repeatedly shown yourself to be willfully ignorant and ineducable, it is not a fallacy to point out that achow101 is an expert (he is) and you are a doofus (you are).  He is right.  You are wrong.  Quod erat demonstrandum.

That’s not the most rigorous proof I’ve ever made, but it’s more than you deserve.  So, get lost.
hero member
Activity: 770
Merit: 629
This is why I enacted a policy of not arguing with him.

That would be a good thing to do.  You do not contribute anything useful in this technical discussion, which is about the security of the SPV protocol,  which in itself is a crucial element in the scalability of block chain systems, and which is related to the subject of this thread.

Your few interactions were not of any utility in the advancement of the subject, and essentially ad hominem.

As it stands, the SPV protocol is a cryptographically secure way to know whether a transaction is part of the actual consensus block chain with a very light network overhead.  The counter arguments given by achow101 and by a few others necessitates that the current bitcoin block chain contains deep down, double spends, or necessitates an attack that would also trick a full node, and that in any case, would require a huge PoW effort on the part of the attacker.
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
dinofelis, your only discernible input on this forum is misrepresenting facts in a (kind of) subtle way. Well, you're also good at avoiding direct debunking of the things you say which aren't true.

You ought really to be banned, as it's too obvious that you're not interested in any kind of constructive debate, and never have been (unfortunately, dinofelis is likely the owner of many accounts that have been created with a suspiciously similar style of debate, only adding to the perception that the owner is very intent on wasting everyone's time on Bitcointalk.org)

This is why I enacted a policy of not arguing with him.  I directly debunk a few pieces of his worst misinformation for the benefit of others who may not know.  Then, I try to redirect the thread to its proper course—or just hurl around insults, if (as this thread) it has no proper course.


[...casting pearls before swine...]

I just realized you missed a crucial point of SPV here:

achow101 has more knowledge of Bitcoin in his toenail clippings than you do in your head.  The only thing he missed was a crucial point about that old aphorism against wrestling with pigs (you get muddy, and the pig enjoys it).  Show some respect, you blockhead.


That isn't what he said, and you know it.

Go back and read everything. 

:)

That isn't going to be happening, the best strategy with your posts is to skim-read them until one finds the deliberate errors you try to promote as facts

The best strategy is to skim for the select pieces of deliberate misinformation which are most likely to mislead newbies and learners.  That plus the anti-nodes agenda, and the parts who demonstrate craziness in the sense of severe mental defect.
hero member
Activity: 770
Merit: 629
Moreover, "tricking someone into a false block chain header list" requires you in any case to spend PoW on that block chain header list of the same order of magnitude than the prong you want your SPV victim to believe.  If you do that, you can just as well trick a full node into your prong.
SPV clients cannot validate the rules of the network and will hence be able to be tricked into a block with valid PoW but with differing rules from the reference clients. They are hence invalid as per full nodes which validates the full block.

Since SPV clients blindly follow the chain with the longest valid PoW, it isn't hard to cheat a SPV client.

No, as I outlined, that is not correct.  In order to trick me into believing that, you have to provide me with of course the fake transaction, but you also have to provide me with the leg of the Merkle tree that connects its root to the transaction.  That Merkle root is included in the block chain header list I have.

If that header list is ending on the block chain headers that mining pools are currently mining on, then I know that that transaction is a part of the very block chain miners are mining on right now.  That is exactly the same block chain that full nodes have right now also.

Again: if, of two block chains, the leading heads of the header blocks are the same, both the ENTIRE BLOCK CHAINS are identical.
No disagreements here.


OK, great.

So there's no such thing as a rogue SPV server, IF I can have access to the latest block headers being mined right now.  And even if I cannot have access to the latest blocks being mined (and then, my full node wouldn't get access either), that "rogue SPV server" still has to spend a lot of PoW to make the false prong.  He will have to spend as much PoW grossly as attacking the real chain, and for this attack to succeed, he must also ensure himself to avoid me of learning about the real chain (that may have somewhat more PoW).
Your client assumes the chain with the longest PoW as the correct chain. If this happens, isn't your SPV client vulnerable?
A full node is just as "vulnerable" to such an attack.
A full node is vulnerable to a 51% attack definitely. But isn't your point about a block which violates the protocol rules? If anything, that block isn't valid.

No, it is not a 51% attack.  It is "isolating a full node network-wise, and have him swallow a (correctly mined) side prong of the actual chain".  Then you can make believe that full node that this is the correct chain - and it is A correct chain - but it is not the current consensus "out there".

However, in order to pull that feat, you have:
1) to isolate your victim network-wise
2) still to make that side prong with all the PoW that goes into it

which makes this attack highly improbable.

If I can know the latest headers, I cannot be tricked into accepting anything in the block chain that a full node that is accepting these latest headers, wouldn't have accepted either.
And that begs the question: How do you get the latest headers, with a certainty that it is valid.

The same way a full node does.  In order to provide me, SPV user, with a "false prong of block chain headers" you have to do exactly as I previously indicated:
1) isolate me network-wise so that I cannot talk to the majority miners
2) still you'd have to MAKE that false chain of headers with all the PoW that goes into it.

The ONLY difference between me, SPV client, and a full node, is that I'm not going to download the block bodies, and check the block body validity.  I take it that if miners are willing to spend a lot of PoW building on top of such blocks, that they've verified them, or that bitcoin is, as I said, broken, because the actual consensus block chain out there contains, deep down, false blocks, and miners still continue to put MAJORITY HASH RATE on top of it.

If there's a block, 6 or more blocks deep, and with majority hash rate (in fact, with no other prong around) still mining on top of it, I take it that that block is correct, or that bitcoin is broken.  In order for me to know that, I simply have to find 6 block headers on top of the block I'm considering, and I know that that hash rate has been spent on it.  If ever that block were false, it would be utmost amazing that miners are putting full hash rate on it, and are NOT mining on the "correct" side prong.

If a rogue SPV server cannot succeed in  isolating me from the network, then in order to trick me, he has to pull a full 51% attack to convince me to take his, majority POW prong, over the "real" one.  But in as much as he can pull that, he could actually attack the real block chain just as well.  And in as much as he's pulling that on top of a false block, why wouldn't he attack the real chain ?
legendary
Activity: 3430
Merit: 3080
The problem is that you didn't even understand the logic of the arguments here.

Nope, you've misconstrued what they've said.  They're saying that SPV users rely on someone to give them a correct copy of the blockchain because SPV clients are not checking the history to validate if what they've received is correct.  The theoretical double spend wouldn't be in the actual blockchain that everyone else can see, it would be in the fraudulent copy being given to the SPV user.  Read what achow101 said again:

No, that is cryptographically impossible.  You cannot give a "fraudulent copy of the block chain headers" to an SPV user, if that user knows the currently actual block chain headers, in exactly the same way full nodes do.  


That isn't what he said, and you know it.


Go back and read everything. 

Smiley

That isn't going to be happening, the best strategy with your posts is to skim-read them until one finds the deliberate errors you try to promote as facts
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Moreover, "tricking someone into a false block chain header list" requires you in any case to spend PoW on that block chain header list of the same order of magnitude than the prong you want your SPV victim to believe.  If you do that, you can just as well trick a full node into your prong.
SPV clients cannot validate the rules of the network and will hence be able to be tricked into a block with valid PoW but with differing rules from the reference clients. They are hence invalid as per full nodes which validates the full block. (I'm not talking about the merkel root part but the part which you said that nobody cares about the validity of a transaction.)

Since SPV clients blindly follow the chain with the longest valid PoW, it isn't that hard to cheat a SPV client.

No, as I outlined, that is not correct.  In order to trick me into believing that, you have to provide me with of course the fake transaction, but you also have to provide me with the leg of the Merkle tree that connects its root to the transaction.  That Merkle root is included in the block chain header list I have.

If that header list is ending on the block chain headers that mining pools are currently mining on, then I know that that transaction is a part of the very block chain miners are mining on right now.  That is exactly the same block chain that full nodes have right now also.

Again: if, of two block chains, the leading heads of the header blocks are the same, both the ENTIRE BLOCK CHAINS are identical.
No disagreements here.
So there's no such thing as a rogue SPV server, IF I can have access to the latest block headers being mined right now.  And even if I cannot have access to the latest blocks being mined (and then, my full node wouldn't get access either), that "rogue SPV server" still has to spend a lot of PoW to make the false prong.  He will have to spend as much PoW grossly as attacking the real chain, and for this attack to succeed, he must also ensure himself to avoid me of learning about the real chain (that may have somewhat more PoW).
Your client assumes the chain with the longest PoW as the correct chain. If this happens, isn't your SPV client vulnerable?
A full node is just as "vulnerable" to such an attack.
A full node is vulnerable to a 51% attack definitely. But isn't your point about a block which violates the protocol rules? If anything, that block isn't valid.

If I can know the latest headers, I cannot be tricked into accepting anything in the block chain that a full node that is accepting these latest headers, wouldn't have accepted either.
And that begs the question: How do you get the latest headers, with a certainty that it is valid.
hero member
Activity: 770
Merit: 629
The problem is that you didn't even understand the logic of the arguments here.

Nope, you've misconstrued what they've said.  They're saying that SPV users rely on someone to give them a correct copy of the blockchain because SPV clients are not checking the history to validate if what they've received is correct.  The theoretical double spend wouldn't be in the actual blockchain that everyone else can see, it would be in the fraudulent copy being given to the SPV user.  Read what achow101 said again:

No, that is cryptographically impossible.  You cannot give a "fraudulent copy of the block chain headers" to an SPV user, if that user knows the currently actual block chain headers, in exactly the same way full nodes do.  


That isn't what he said, and you know it.


Sigh.  Go back and read everything.  

hero member
Activity: 770
Merit: 629
All that Electrum can do is know for certain that a transaction is included in a block. It must trust that the Electrum servers that it has connected to have actually verified the transaction. However if your Electrum wallet were to be connected to malicious Electrum servers, they could serve you invalid transactions which you would not know are invalid. Said transaction can be included as part of a block; the merkle root would be correct and the PoW of the block would be valid. BUT the block would contain an invalid transaction. For full nodes, this block would be entirely invalid and discarded. But we are talking about malicious Electrum servers here. So those malicious servers TELL YOU that the invalid transaction is actually valid, and so you accept it.

I just realized you missed a crucial point of SPV here: the SPV user has the full list of block headers, but not of the block bodies.  As such, for this user to believe the Electrum server, the root of the given Merkle tree needs to be in one of the elements of the full list of block headers, which means it is part of the block chain "up to now".  I explained that earlier:

Quote from: me
So, if you can obtain from the top mining pools:
- the last few block headers mined H'
- the SPV data (T, M(T), H)

in such a way that the end of H overlaps with H', you know 100% cryptographically for sure that T is part of the actual block chain.

Here, H is the full list of block headers.

Edit:
see for instance: http://docs.electrum.org/en/latest/spv.html#spv

Quote
Simple Payment Verification (SPV) is a technique described in Satoshi Nakamoto’s paper. SPV allows a lightweight client to verify that a transaction is included in the Bitcoin blockchain, without downloading the entire blockchain. The SPV client only needs download the block headers, which are much smaller than the full blocks. To verify that a transaction is in a block, a SPV client requests a proof of inclusion, in the form of a Merkle branch.


legendary
Activity: 3430
Merit: 3080
The problem is that you didn't even understand the logic of the arguments here.

Nope, you've misconstrued what they've said.  They're saying that SPV users rely on someone to give them a correct copy of the blockchain because SPV clients are not checking the history to validate if what they've received is correct.  The theoretical double spend wouldn't be in the actual blockchain that everyone else can see, it would be in the fraudulent copy being given to the SPV user.  Read what achow101 said again:

No, that is cryptographically impossible.  You cannot give a "fraudulent copy of the block chain headers" to an SPV user, if that user knows the currently actual block chain headers, in exactly the same way full nodes do.  


That isn't what he said, and you know it.


dinofelis, your only discernible input on this forum is misrepresenting facts in a (kind of) subtle way. Well, you're also good at avoiding direct debunking of the things you say which aren't true.

You ought really to be banned, as it's too obvious that you're not interested in any kind of constructive debate, and never have been (unfortunately, dinofelis is likely the owner of many accounts that have been created with a suspiciously similar style of debate, only adding to the perception that the owner is very intent on wasting everyone's time on Bitcointalk.org)
hero member
Activity: 770
Merit: 629
The problem is that you didn't even understand the logic of the arguments here.

Nope, you've misconstrued what they've said.  They're saying that SPV users rely on someone to give them a correct copy of the blockchain because SPV clients are not checking the history to validate if what they've received is correct.  The theoretical double spend wouldn't be in the actual blockchain that everyone else can see, it would be in the fraudulent copy being given to the SPV user.  Read what achow101 said again:

No, that is cryptographically impossible.  You cannot give a "fraudulent copy of the block chain headers" to an SPV user, if that user knows the currently actual block chain headers, in exactly the same way full nodes do.  In as much as full nodes can know the latest few block headers, an SPV user can know them too, and in as much as you can trick an SPV user into believing the last few block headers are different from what is actually mined on right now, you can just as well trick a full node into that.

Moreover, "tricking someone into a false block chain header list" requires you in any case to spend PoW on that block chain header list of the same order of magnitude than the prong you want your SPV victim to believe.  If you do that, you can just as well trick a full node into your prong.

Quote
You could think you had received some BTC from a transaction, but when you tried to spend it, the rest of the network wouldn't validate it because you didn't actually have the funds, despite the copy of the blockchain you received saying you do have the funds.  SPV users have to rely on honest nodes.

No, as I outlined, that is not possible.  In order to trick me into believing that, you have to provide me with of course the fake transaction, but you also have to provide me with the leg of the Merkle tree that connects its root to the transaction.  That Merkle root is included in the block chain header list I have.

If that header list is ending on the block chain headers that mining pools are currently mining on, then I know that that transaction is a part of the very block chain miners are mining on right now.  That is exactly the same block chain that full nodes have right now also.

Again: if, of two block chains, the leading heads of the header blocks are the same, both the ENTIRE BLOCK CHAINS are identical.

So there's no such thing as a rogue SPV server, IF I can have access to the latest block headers being mined right now.  And even if I cannot have access to the latest blocks being mined (and then, my full node wouldn't get access either), that "rogue SPV server" still has to spend a lot of PoW to make the false prong.  He will have to spend as much PoW grossly as attacking the real chain, and for this attack to succeed, he must also ensure himself to avoid me of learning about the real chain (that may have somewhat more PoW).   A full node is just as "vulnerable" to such an attack.

There is no more a rogue SPV server, than there can be another rogue document server of a document of which I know the hash.  If I know the hash of a given piece of software, then no server can trick me in installing another piece of software.  As the last block header mined is equivalent to a kind of hash of the entire block chain, no-one is going to be able to serve me anything else and make me believe it.  
However, the structure of the block chain makes it possible to "chop up" the document in small pieces: the transactions.  That's exactly why Satoshi did so.

If I can know the latest headers, I cannot be tricked into accepting anything in the block chain that a full node that is accepting these latest headers, wouldn't have accepted either.

The argument that achow101 put forward, was another situation, namely where in the actual chain, there were double spends included.  Indeed, as an SPV node, I can be made aware of an existing transaction in the actual chain, but I cannot know that that actual chain also includes a double spend, while a full node can.  But then, as I said, bitcoin is broken already.


Just to be absolutely clear: in the SPV system, the SPV user has the full block header chain of course, from the genesis block up to the current blocks.
He simply doesn't have the block bodies.  But he has all the headers.
legendary
Activity: 3934
Merit: 3190
Leave no FUD unchallenged
The problem is that you didn't even understand the logic of the arguments here.

Nope, you've misconstrued what they've said.  They're saying that SPV users rely on someone to give them a correct copy of the blockchain because SPV clients are not checking the history to validate if what they've received is correct.  The theoretical double spend wouldn't be in the actual blockchain that everyone else can see, it would be in the fraudulent copy being given to the SPV user.  Read what achow101 said again:

In that respect, it is working, and it is working correctly.  Wallets like electrum work that way as far as I understand.
No, it does not currently work, and it is not how Electrum works at all.

All that Electrum can do is know for certain that a transaction is included in a block. It must trust that the Electrum servers that it has connected to have actually verified the transaction. However if your Electrum wallet were to be connected to malicious Electrum servers, they could serve you invalid transactions which you would not know are invalid. Said transaction can be included as part of a block; the merkle root would be correct and the PoW of the block would be valid. BUT the block would contain an invalid transaction. For full nodes, this block would be entirely invalid and discarded. But we are talking about malicious Electrum servers here. So those malicious servers TELL YOU that the invalid transaction is actually valid, and so you accept it. There is no way for you to prove that the transaction is valid or invalid, Electrum simply does not have the data to fully verify the transaction. But we still have met all of the criteria that you wanted: the transaction is included in the merkle root and the block's PoW is valid. The big thing that you are missing is that the block includes an invalid transaction, and SPV wallets have no way of knowing whether the transaction is valid or not. Fraud proofs are required to prove that all of the transactions in a block are valid, and currently they do not exist nor is there a known way to make such proofs.

Just because a block has a valid PoW does not mean that all transactions in the block are valid. Just because they are included in the merkle root does not mean that all transactions in the block are valid. There is more to a valid block than just the merkle root and the PoW.

You could think you had received some BTC from a transaction, but when you tried to spend it, the rest of the network wouldn't validate it because you didn't actually have the funds, despite the copy of the blockchain you received saying you do have the funds.  SPV users have to rely on honest nodes.
hero member
Activity: 770
Merit: 629
Moreover, in what way would a full node be helpful here ?  A full node would have stopped for good when the first false block was mined.

Wrong.  The node will ignore the “false block” as if it had never existed.

Such is the power of nodes.

The problem is that you didn't even understand the logic of the arguments here.

Achow101 argued that a risk of using SPV is that one could be tricked in accepting a transaction that was present in the correct block chain that was at the same time a double spend.  In order for that to be a risk, you have to accept already that there HAS BEEN a double spend somewhere in a past block that is included in the current block chain on which everyone is building.  It means hence, that there was a past block (say, block number 506072) that contains a double spend, and that miners are still happily building on top of that.  Otherwise, the SPV user cannot be tricked in believing such a double spend, because it is not present in the block chain.  So one needs to reason as if that were the case.

Achow101's argument is that if such were the block chain, that my SPV client could be tricked in accepting that double spend as true.  That is correct.  My SPV client could indeed simply be convinced that, as it stands, a given transaction was indeed, in the actual block chain and I wouldn't know that it was a double spend that miners had simply accepted.  

MY argument, like yours BTW, if you could think somewhat logically, is that if ever that were the case, then bitcoin is broken.  It means that already for a week or so, there is an invalid block in the chain, and miners don't mind, exchanges don't mind, nobody minds.

Now, if ever that were true, that is, if miners did include a double spend in block 506072 and continued to mine on top of that, then every full node would come to a full stop at block 506071, because they would reject block 506072 as invalid (containing a double spend).  However, as miners have been mining on top of that invalid block 506072 by hypothesis, and are now at block 507762 or so, there is, nowhere in this world, a successor prong to block 506071 that full nodes would accept.  The only blocks that have been made are 506072,506073.... 507762 and are ALL INVALID according to the full node, and no other blocks have ever been made.  So it comes to a full stop, for good.  Because no "good blocks" 506072, 506073,... have ever been mined.

The difficulty with  this kind of argument for a limited mind is that it contains too difficult a form of argument which is called "reductio ad absurdum".  So it is quite normal for some not to be able to follow.   Grin  https://en.wikipedia.org/wiki/Reductio_ad_absurdum

I claim that SPV is secure.
Achow101 argues that there is a case where it is insecure.

My argument is: if ever your argument were true, then.... (absurdities) ; which you confirm (!).

Hence, Achow101's argument cannot be valid, and hence my claim that SPV is secure, stands.
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
Anonymous Kid wrote:  “Why the fuck did Satoshi implement the 1 MB blocksize limit?”

To mess with your head, you vulgar retard, because he hates you personally.  To let us know who the quality posters aren’t, by inciting the creation of trashy megathreads such as this one; he trolled you!  Most of all, to divide the wheat from the tares in the realm of Bitcoin engineering:  People’s blocksize opinions rapidly expose their true (mis)understanding of scaling issues.  Scaling is always a hard engineering problem; and he wanted for it to be easy to spot those who are innately incapable of ever grasping it.

But mostly just to mess with your head, personally, and laugh at you.

(Giving the answer which the question is worth.  I did not need to read more than the subject line to know that this was a stupid thread, which I studiously ignored until it refused to die.  @#$@)


What is amazing in this, however, is how elementary and fundamentally wrong it is.  It denies the very design of bitcoin !

The design of Bitcoin is a subject about which you demonstrate worse than zero understanding, insofar as misconceptions must be unlearned.  You really ought to go study up on how Bitcoin actually works before you spout off.  You don’t even grasp the basics.  You talk as if you learned all you know by reading /r/btc.



Edit: It's not worth my time to argue this with you. You clearly don't understand how Bitcoin or SPV wallets work. To my ignore list you go.

Nobody cares whether the transaction is valid, if it is included in the block chain of course !

WRONG.  Invalid transactions do not exist in the blockchain, because they cause the containing block to be rejected as invalid.

Thus highlighting the flaw in premise underlying this ramble of a disorganized thinker:

Nobody cares whether the transaction is valid, if it is included in the block chain of course !  The hypothesis of having to check whether transactions that are part of the SOLE current collective consensus might be "wrong" somehow, is making the hypothesis that bitcoin is entirely broken and that nobody gives a shit.

It would mean that miners have made a false block, that all other miners agreed to mine on top of that false block and then on top of that other block and so on.  If a false transaction is deeply burried within the block chain, and miners are still mining on it, and no "clean prong" exists that doesn't include that block, then bitcoin is entirely broken.  Because if that can happen, miners can just include ANYTHING.  They can include erroneously signed transactions, they can include transactions of which the sum of the outputs is 500 times the sum of the inputs, they can include a coin base transaction that gives them 2000 BTC, they can include headers that don't correspond to the Merkle tree, they could include a porn movie, anything.

Moreover, there's not even another block chain in this world that is made correctly, because the massive amount of PoW that goes in this butched-up block chain cannot be re-done elsewhere.  If the massive PoW voting power of the bitcoin miners collectively decide to make a butched-up block chain with false transactions in it, that's all there is to bitcoin, there is no clean version any more.

Yes, miner could fill a block with the output of /dev/random, if he wanted.  However, he would only waste electricity on his own bill; for “Joes [] running nodes in their basement” (as you like to deride nodes) would treat the block as if it were /dev/null.

There is no voting on the Bitcoin network, not “PoW voting” and not otherwise.  Nodes do not blindly follow the chain with highest POW; rather, they follow the chain which is fully valid and independently validated by each of them and has the highest total POW.

Moreover, in what way would a full node be helpful here ?  A full node would have stopped for good when the first false block was mined.

Wrong.  The node will ignore the “false block” as if it had never existed.

Such is the power of nodes.

(Now, how’s that for conciseness?)
hero member
Activity: 770
Merit: 629
However if your Electrum wallet were to be connected to malicious Electrum servers, they could serve you invalid transactions which you would not know are invalid. Said transaction can be included as part of a block; the merkle root would be correct and the PoW of the block would be valid. BUT the block would contain an invalid transaction.

No, that block header would not be included in the block header list that ends in the last currently published block.  There's no way a malicious electrum server can tell me that a given transaction is in the block chain that ends in the known recent block on which miners are working now.

As I said before, there's no way to make me another block header list than the correct one, that ends in the recent block headers.  I only need to know ONE SINGLE number from the miners: the recent block header hash.  That single hash proves to me that any block header list that ends in that hash, is the actual, right one.  And nobody can lie to me as to any included transaction.  Not even with 90% of all hash rate.  Because there's only ONE SINGLE BLOCK CHAIN that can end in this hash, if the hash function is not broken.

This doesn't even have anything to do with proof of work.  You give me the last header hash, and nobody can lie to me as to anything included in the block chain. Because you cannot lie in a linked list of hashes, you cannot lie in a Merkle tree, and you cannot lie about the hash of a transaction.

Mathematically: even without PoW: if you have two block chains, B and B', build of a chain of headers which contain each the top of a Merkle tree of "data segments", and the top hash of the header list of B is equal to the top hash of the header list of B', then B is identical to B'.

If two tops of header lists are identical, the two lists are identical (up to same length, you could append BEFORE the genesis block, true...).  If the header lists are identical, the roots of the Merkle trees are identical.  And if two Merkle trees are identical, the data segments they hash are identical..
hero member
Activity: 770
Merit: 629
The SPV system is not something that "keeps miners in check". The SPV system is a cryptographically secure way to know that a given transaction is part of a given block chain.
I never said that SPV was to "keep miners in check". You are completely misunderstanding me.

Fraud proofs are necessary to have a cryptogrpahically secure way to know that a transaction is part of a given blockchain AND that the transaction is valid. Yes, merkle trees ensure that a transaction is part of the blockchain. But nothing currently exist to prove that a transaction is valid without having to have the full transaction history. The only way that a transaction can be fully validated is to know the transactions that it spends from, and then the transactions those spend from, etc.

Nobody cares whether the transaction is valid, if it is included in the block chain of course !  The hypothesis of having to check whether transactions that are part of the SOLE current collective consensus might be "wrong" somehow, is making the hypothesis that bitcoin is entirely broken and that nobody gives a shit.

It would mean that miners have made a false block, that all other miners agreed to mine on top of that false block and then on top of that other block and so on.  If a false transaction is deeply burried within the block chain, and miners are still mining on it, and no "clean prong" exists that doesn't include that block, then bitcoin is entirely broken.  Because if that can happen, miners can just include ANYTHING.  They can include erroneously signed transactions, they can include transactions of which the sum of the outputs is 500 times the sum of the inputs, they can include a coin base transaction that gives them 2000 BTC, they can include headers that don't correspond to the Merkle tree, they could include a porn movie, anything.

Moreover, there's not even another block chain in this world that is made correctly, because the massive amount of PoW that goes in this butched-up block chain cannot be re-done elsewhere.  If the massive PoW voting power of the bitcoin miners collectively decide to make a butched-up block chain with false transactions in it, that's all there is to bitcoin, there is no clean version any more.

But even then, SPV is still working, in the following way: it is up to the payer to give you (by e-mail/ftp or other form of communication) the full history of his payment: that is, he has to give you the backward tree of all coinbase transactions and all successive transactions up to his payment to you.  That's quite some data, but unless all coins are mixed up with all other coins, still much, much less than the block chain.  For each transaction in this "pedigree", he needs to specify the block and Merkle tree leg.

With simply the block header list, you can verify the exactitude of his e-mail.  You don't even need an SPV server for that.  You can check the mini-block chain of the pedigree, from the coinbase of each origin at the leaves, all the way up to his last transaction to you.  You don't depend on any form of bitcoin network for that, except that you need to know the head of the current header list.  One single hash you need to know from bitcoin's system, and you can verify all the rest by yourself.

Of course, the payer needs to have all his previous transactions that way.  In other words, if you pay someone, you make a new transaction, you have to watch the bitcoin network in one way or another, and catch your transaction once it is included in a block.  From that, you can extract its SPV data (block header, Merkle leg, transaction).  And you don't care any more about the system.  No need for an extended P2P network.  Only the miner pool servers, or some derived servers from that.

It is true that this way, you cannot be sure that there are no double spends included in the block chain.  But this hassle is only necessary if we take it for granted that bitcoin is already entirely broken, and that miners collectively decide to continue to build a totally broken chain... Indeed, imagine that in the same block, the same coin is spent 500 times to different addresses.  Normally, this cannot happen, but our working hypothesis is that miners make false blocks.  So which one of the 500 transactions is the real one ?  Or is this coin dead now ?

Moreover, in what way would a full node be helpful here ?  A full node would have stopped for good when the first false block was mined.  All full nodes would have come to a grinding halt since a long time, because no miner made a correct block.  They wouldn't be able to tell you anything about recent "valid" transactions on a broken block chain.



Pages:
Jump to: