delvingbitcoin
Great Consensus Cleanup Revival
Posted on: August 26, 2024 15:00 UTC
The discussion raises a critical examination of a proposed rule aimed at optimizing wallet functionality specifically for Simplified Payment Verification (SPV) proofs.
The primary purpose of this rule, as initially stated, was to address and mitigate a known vulnerability that impacts the majority of SPV software currently in use. The vulnerability's significance is emphasized by its potential effect on the security and reliability of SPV clients, which forms the core of the argument for the new rule.
An interesting point of contention brought up revolves around the method proposed to counteract this vulnerability, particularly focusing on the depth checking of the coinbase transaction as a preventive measure. This approach, derived from Daftuar's paper, suggests a trustless mechanism whereby SPV clients could circumvent the highlighted attack. However, the effectiveness of this solution is questioned, noting its implications on the development side. Specifically, it necessitates additional coding efforts for verifying SPV proofs. Developers would need to implement new functionalities allowing for the retrieval of a coinbase transaction without knowing its transaction ID (txid). Additionally, there's a requirement to verify that the coinbase transaction not only appears in the correct location within the merkle tree but also conforms to the expected structure for such transactions.
A significant concern associated with the proposed solution is the impact on proof sizes. It was initially thought that proof sizes would increase by approximately 70%, but upon further reflection, it's suggested that the increase could be much more substantial. The necessity to download the entire coinbase transaction to determine its txid, for verification purposes, could lead to an inflation of proof sizes by nearly 1 MB. This enlargement of proof sizes poses potential drawbacks in terms of network efficiency and bandwidth consumption.
Despite these challenges, the proposal is seen as a step forward in addressing a widespread vulnerability, simplifying the design of future SPV software, and potentially reducing both network and consensus bandwidth usage. The emphasis remains on finding a balanced solution that secures SPV clients against vulnerabilities while managing the implications on proof sizes and the technical burden on developers.