Peter Todd: SPV Client Majority Could Lead to Miner Malfeasance
The Simplified Payment Verification protocol was envisioned by Satoshi Nakamoto in the Bitcoin white paper. He also mentioned it later on, saying that he figured the future would involve most people using such things.
I anticipate there will never be more than 100K nodes, probably less. It will reach an equilibrium where it’s not worth it for more nodes to join in. The rest will be lightweight clients, which could be millions.
If you’re not familiar with what an SPV client is, it’s a Bitcoin wallet like Multibit, which only reads the block headers rather than downloading the entire blockchain.
Mike Hearn’s bitcoinj was the first software to implement the idea, originally coded while he was still working at Google, as a “20% time” project. Bitcoinj has been useful to Android wallet developers among others who’ve built “lightweight” clients.
But Peter Todd , a prominent Bitcoin Core developer, believes that the growing prevalence of SPV clients presents a new attack vector for Bitcoin, and his argument is quite compelling. One of the lesser-advertised facts about SPV clients is that they cannot, currently, determine the difference between a block with valid and a block with invalid transactions in it. If you don’t yet see the problem with this, you soon will.
Writing to the Metzdowd cryptography mailing list, which is incidentally where Satoshi Nakamoto originally announced the Bitcoin project, in response to a message regarding whether or not the Bitcoin block chain had finally achieved a concept known as “trustworthy computing”, Todd said :
In the Bitcoin world I think it’s fair to say that most experts are very concerned about the high, and increasing, % of users who use SPV clients rather than run full nodes. While it’s hard to predict exactly when this threshold is reached, at some point too few people will be actually verifying the blockchain to sufficiently strongly incentivise miners to follow the rules. For instance, at some point miners can great [sic] bitcoins out of thin air to increase their profits.
This writer had to query , what does he mean “create bitcoins out of thin air”? Could such a thing really happen? The block chain surely would be broken at that point. The following morning, Todd submitted his response to the mailing list (which came first to this writer, given that the list is moderated):
From the perspective of a SPV client that does no validation a valid block containing only valid transactions and an invalid block containing invalid transactions are indistinguishable. Thus a miner can create a block containing transactions that – among other things – spend inputs that don’t exist, creating coins out of thin air that will be accepted by the SPV client as just as valid as any other coins. If a majority of miners do this, the longest block chain – again from the perspective of a non-validating SPV client – will be the one where miners are creating coins out of thin air.
Thus it seems that without serious modifications to SPV wallet practices and implementations, they are simply not safe at present. While many users may consider them more “convenient,” this is money we’re talking about.
SPV nodes, at a minimum, will require a way to invalidate blocks, rather than simply accept whatever is passed to them. All kinds of mischief could creep up on us otherwise, especially as more and more users join the network and see no reason to have their own full copy (20+ gigabytes) of the block chain.
Images from Shutterstock and GitHub.
