Author: James O'Beirne 2019-04-23 14:17:06
Published on: 2019-04-23T14:17:06+00:00
James O'Beirne has proposed a complementary alternative to Simplified Payment Verification (SPV) modes and in the spirit of assumevalid, called assumeutxo. The idea is to allow nodes to initialize using a serialized version of the Unspent Transaction Output (UTXO) set rendered by another node at some predetermined height. The initializing node syncs the headers chain from the network, then obtains and loads one of these UTXO snapshots. Based upon the snapshot, the node is able to quickly reconstruct its chainstate, and compares a hash of the resulting UTXO set to a preordained hash hard-coded in the software a la assumevalid. The proposal intends to help modest clients transact under a security model that closely resembles full validation within minutes instead of hours or days. This model could offer a promising use-case for mobile devices functioning as fully validating nodes with access to the complete UTXO set as an alternative to SPV models. The total resource burden needed to start a node from scratch based on a snapshot is, at time of writing, a ~(3.2GB + blocks_to_tip * 4MB) download and a few minutes of processing time, which sounds manageable for many mobile devices currently in use. A mobile user could initialize an assumed-valid bitcoin node within an hour, transact immediately, and complete a pruned full validation of their assumed-valid chain over the next few days, perhaps only doing the background IBD when their device has access to suitable high-bandwidth connections.While this proposal is in the spirit of assumevalid, practical attacks may become easier. Under assumevalid, a user can be tricked into transacting under a false history if an attacker convinces them to start bitcoind with a malicious `-assumevalid` parameter, sybils their node, and then feeds them a bogus chain encompassing all of the hard-coded checkpoints. The same attack is made easier in assumeutxo because, unlike in assumevalid, the attacker need not construct a valid PoW chain to get the victim's node into a false state. For this reason, James recommends that if they implement assumeutxo, they should not allow its specification via command-line argument. Beyond this risk, there aren't many material differences in security relative to assumevalid, though he appeals to the list for help with this. A related issue has been created at their Github repository and a draft implementation of snapshot usage via RPC has been submitted. Deployments will be discussed in the Github issue, and after all that, the implementation may be reviewed as a sketch of the specific software changes necessary.
Updated on: 2023-06-13T18:03:42.614789+00:00