Talk:Thin Client Security

From Bitcoin Wiki
Revision as of 05:31, 27 February 2015 by Lapp0 (talk | contribs) (Undo revision 54657 by Lapp0 (talk))
Jump to: navigation, search

Lapp0, please stop deleting my content, which has been on this wiki page for over three years now. If you think it's suddenly no longer true, discuss here first. In particular, you wrote:

  Transactions don't become more valid with more block preceding it's proof.

Chains become more trustworthy as they become (difficultywise-)longer. This is the most basic principle of blockchain consensus.

I have to keep putting that "(difficultywise-)" in there so pedantic people don't pounce on me... a 100,000-block chain all at difficulty=1 is "difficultywise-shorter" than a 100-block chain at current difficulty levels (or a one-block chain for that matter). It's not the number of blocks, but their total difficulty.

You also wrote:

 The vagueness of what Full-chain is should be elaborated on probably explaining it uses SPV proofs

No, full-chain clients such as the Satoshi client do not use SPV in any way, shape, or form. A full-chain client is a client that implements the main algorithm outlined in Satoshi's whitepaper.

Eldentyrell (talk) 03:05, 26 February 2015 (UTC)

This page looks very confused/wrong in many respects. I'm not sure how it can be fixed easily, since it is unclear what exactly it intends to say.

  • Generally "thin clients" do not include pruned full nodes, which have processed every block, but afterward discarded (and no longer store) them.
  • Even thin clients generally verify block heights as well as depth.
  • Thin clients never (neither for height nor depth) check blocks are valid ("well-formed"?). This is the fundamental difference between full nodes vs thin clients.
  • Transaction validity is independent of its inclusion in any blockchain.

--Luke-jr (talk) 07:58, 26 February 2015 (UTC)

Luke, thanks for your thoughts. Regarding your points,

  • Good point, I have partitioned "full-chain" into two separate subtypes (those which do and those which don't retain blocks after validating)
  • SPV clients do not verify block height. I can take the existing 345308-block bitcoin blockchain, append a single block that re-spends coins I sent two years ago, and use that 345309-block chain to fool an SPV client. By wasting hashpower whose market value is as most one block reward I can fool an SPV client with it, since it will appear to be the difficultywise-longest chain by one block. I cannot fool the Satoshi client this way even with the hashpower of the entire network at my disposal.
  • True. I think you may have hastily misread "transaction validity" as "block validity".
  • True. I think you may have hastily misread "transaction validity" as "block validity".

Thanks again!

Eldentyrell (talk) 23:14, 26 February 2015 (UTC)

  • Since this article deals with security, I do not think the distinction between pruned vs non-pruned is relevant - both nodes have equal security implications.
  • SPV nodes are aware that your invalid 345309th block has a height higher than any other chain, and thus verify the block height before considering that chain "best". They do not, as you mention, validate the contents of any of those blocks, and can be fooled this way, but that is unrelated to the block's height.
  • I was referring to the statement that "the validity of a transaction is determined by its height", which is simply not true. A transaction is valid before and even if it is never mined.

--Luke-jr (talk) 01:42, 27 February 2015 (UTC)

Full-chain is not well defined and isn't common terminology. If you are saying the Satoshi client is full-chain, then you probably mean full node. "full network node" or "full node" is common terminology and is used in the original Bitcoin whitepaper.

Your definition of transaction validity isn't common and is even incompatible with the Bitcoin whitepaper.

You added "A full-chain client trusts the difficultywise-longest block chain it can find." which is only true for SPV clients, so you can see why I would be confused as to what this poorly defined "full-chain" client does.

I don't think the bitcoin wiki is an appropriate place to redefine terminology.

Finally, I am not deleting your content, I am deleting the wikis content because it is wrong. Please stop blindly reverting my edits, you removing spelling corrections indicates that you don't care about the accuracy of the wiki as much as maximizing the amount of text written by you on the wiki. --Lapp0 (talk)

Major Restructuring

This page was riddled with incorrect uses of words and the creation of new terminology. This leaves the reader confused or mislead. I have restructured this page and attempted to remove most of the inaccurate parts. It's not that I "think it's suddenly no longer true", I know that it hasn't been true for three years and no one has caught it until now.

--Lapp0 (talk)