Mythbusting: SPV is not secure

7 1474
Avatar for TomZ
Written by
4 years ago

Also available in: -Español - Português - Deutsch - Polski - Arabic / العربية - Slovenščina -  Français
Referenced in: news.bitcoin.com

There are still a lot of misconceptions out about SPV wallets, people make it seem like they are less useful than they are, and this is a shame.

SPV wallets are wallets with “Simplified Payment Verification”. A term that actually shows up in the original Bitcoin whitepaper from Satoshi Nakamoto.

SPV wallets do validate, but they validate less. In non-technical terms the difference is simple:

  • Miners and full-node running businesses validate everything. Each and every transaction on the chain.

  • SPV wallets validate that they are actually looking at the same chain as the miners.

The myth we hear is that this deferred checking is not safe. The idea that if you don't check 100% of the transactions, somehow people can take your money.

Tl;dr It is incorrect to say that there is trust in the miners. Instead the trust is in the coin itself being secure and the entire ecosystem of the coin being healthy.

What we know is that miners validate each and every transaction. They must because if they create a block that spends money twice, or creates money out of thin air, the result is that the rest of the world will reject their block. And if nobody accepts the block, they can't cash in their payment they received for making the block.

What naturally follows is that a healthy coin, and its chain, has an ecosystem surrounding it made up of plenty of people and companies. For starters a lot of exchanges and a thousands of miners. Those exchanges will reject any bad transactions in a chain because of purely selfish reasons. They could lose money if they don't check every single transaction on the chain, like miners do.

Then the SPV wallets will validate that they are following the full chain of their coin of choice. Since they don't check every transaction they trust that there are enough people, like those exchanges I mentioned above, who do fully check the chain.

The SPV wallets don't just trust miners, they trust every company observing those miners to have enough selfish reasons to keep the chain healthy and sane. Because the moment one of those 1000s of miners starts to cheat, it is cheaper to eject that one miner from the ecosystem than to just declare all your money in that chain lost due to the value and trust drop that would follow.

The world is full of selfish people that would rather tell someone to leave than to lose money by being complicit in their cheating. I would argue that this is the normal state of people and it is what builds societies. Because selfish people together can definitely create a lot of value. Bitcoin was smartly designed to make this the norm. Where it is more socially accepted to reject cheaters than in it is in society as a whole.

An SPV wallet owner, then, trusts in a coin's ecosystem. Which, frankly, is no different than any other company or person using that coin.

The only difference is one of risk. As we shown above, the risk is not about a single payment being stolen from you, the risk is about the entire chain becoming corrupted and losing value. A situation that is very easy to avoid by running a full node and running your business on it. As exchanges and companies like bitpay do. The only risk for an SPV wallet is when there are not enough people keeping miners in check.

For a chain like Bitcoin Cash this risk is currently laughable. Nobody worries about that. Other chains may have a different risk assessment of using SPV.

But for the Bitcoin Cash chain the myth is clearly busted as the ecosystem is healthy, very wide-spread and growing in numbers.

Myth busted: it is incorrect to say that there is trust in the miners. Instead the trust is in the coin itself being secure and the entire ecosystem of the coin being healthy.

Sponsors of TomZ
empty
empty
empty

5
$ 11.47
$ 5.00 from @Read.Cash
$ 5.00 from @btcfork
$ 1.00 from Anonymous user(s)
A
+ 4
Avatar for TomZ
Written by
4 years ago

Comments

@SofiaCBCH has created a Spanish of this post. It might help to include a link to it at the top to guide readers.

https://read.cash/@SofiaCBCH/mythbusting-spv-no-es-seguro-escrito-por-tomz-8326abdd

$ 0.00
User's avatar btcfork
This user is who they claim to be.
We have manually verified this user via some other channel.
4 years ago

Portuguese translation by u/RicardaoMoura and @SofiaCBCH:

https://read.cash/@SofiaCBCH/mythbusting-o-spv-nao-e-seguro-escrito-por-tomz-2c82daa3

$ 0.00
User's avatar btcfork
This user is who they claim to be.
We have manually verified this user via some other channel.
4 years ago

Updated to link to it, thanks!

$ 0.00
4 years ago
$ 0.00
User's avatar btcfork
This user is who they claim to be.
We have manually verified this user via some other channel.
4 years ago

Great article Tom. +100 MYTHBUSTER coming your way, just let me know the SLP address to which you want them sent.

I hope this article stimulates good discussion about the improvements being made for SPV within the Bitcoin Cash ecosystem.

For example, I think the Neutrino wallet by the BCHD devs is a true SPV wallet...

https://medium.com/@bchd.cash/announcing-neutrino-wallet-for-bitcoin-cash-eb7a85a49c0e

Interestingly they point out that they will derive good benefits from CTOR for future scaling: (emphasis mine)

Neutrino holds great promise to improve privacy for SPV users but it presents unique scaling challenges for wallets as blocks start to get large. Fortunately the activation of CTOR means we can download partial blocks with strong cryptographic proof and recognize a bandwidth savings without sacrificing privacy or security.

https://medium.com/@bchd.cash/scaling-neutrino-with-ctor-903e96950d56

$ 0.00
User's avatar btcfork
This user is who they claim to be.
We have manually verified this user via some other channel.
4 years ago

Neutrino being SPV is good to know, I hadn't looked into it yet. Thanks for the links! Their solution for the privacy issues are neat, but I think there is a much simpler and cheaper way to solve it which doesn't destroy your data plan or cause your phone wallet to drain your phone so fast.

My SLP address is this; simpleledger:qz50e9ycu4u3rtqman03vzg4ea7mvw5zgu7wvau2y4

$ 0.00
4 years ago

Thanks, +100 MYTHBUSTER sent!

txid: cbcb0105e817eb5c400c1e4ace79c4e605ff47166dbc3b67c1dae10a41050848

$ 0.00
User's avatar btcfork
This user is who they claim to be.
We have manually verified this user via some other channel.
4 years ago