On the scalability issues of onboarding millions of LN mobile clients

In a conversation between Antoine Riard and Chris Belcher, Antoine suggests that the trust-minimization of Bitcoin security model may be shifted by Lightning Network (LN), where fast, affordable, confidential, censorship-resistant payment services may attract a lot of adoption without users running a full-node. However, Chris argues that this would compromise Bitcoin itself, as it relies on the assumption that a supermajority of the economy is verifying their incoming transactions using their own full node. Chris goes on to explain that if a large part of the ecosystem gets scammed at once, which is how such an attack would happen in practice, it could result in Bitcoin splitting into two currencies: full-node-coin and SPV-coin. This is because a miner could attack the system by printing infinite Bitcoins and spending coins without a valid signature, which would be accepted by SPV wallets, causing Bitcoin to split. The SPV-wallet community could even decide to use something like invalidateblock to make sure their SPV-coin doesn't get reorg'd out of existence. Before you know it, "Bitcoin" would become SPV-coin with inflation and arbitrary seizure. Antoine then suggests that economic weight of nodes should be considered in evaluating miner consensus-hijack success. Even if a disproportionate ratio of full-nodes-vs-SPV is expected, they may not have the same economic weight, therefore even if miners are able to lure a majority of SPV clients, they may not be able to stir economic nodes. To strengthen SPV, forks detection and fallback to some backup node(s) could be implemented, which would serve as an authoritative source to arbiter between branches. Such backup node(s) must be picked up manually at client initialization before any risk of conflict to avoid Reddit-style of hijack during contentious period or other massive social engineering. A uniform distribution of backup nodes is recommended to avoid centralization of backups, and a backup node may be private, serving no data beyond headers to preserve public node bandwidth. However, Antoine concedes that this won't work well if there is a ratio of 1000-SPV for 1-full-node, and people are not effectively able to pick up a backup among their social environment.