Author: Joseph Poon 2015-08-18 00:20:02
Published on: 2015-08-18T00:20:02+00:00
In a discussion on bitcoin-dev, Joseph Poon argues that SPV nodes are more vulnerable to attacks than full nodes. He explains that with SPV, it is possible to create a transaction that spends from non-existent coins and construct an SPV proof which sends 1,000 BTC to the victim. This attack is "overloadable" as the attacker is never out of money. Whereas with a full node, the attacker must be signing and spending real outputs in their control, and there is a possibility in a re-org that the victim will eventually get their money if it gets re-orged back. Furthermore, Poon explains that the SPV attack isn't on reorging real/live transactions but rather on how much money the user currently has. It is possible to attack thousands of people at once with a fraction of the hashpower by lying in wait until you get a sufficiently long chain of blocks. If one wishes to attack a full-node, they require orphaning a chain of valid blocks live, meaning they have to send real coins in a real transaction to the victim first. With SPV validation, one only needs to construct a chain of invalid blocks off the current block height whenever. This means one can attack with substantially less hashpower, and it may be economically viable to attack thousands of victims doing SPV validation in a long timeframe.Joseph Poon acknowledges that he is not arguing that SPV should be completely avoided and that some threats can definitely be mitigated in various ways. However, he believes that the current SPV security model is definitely weaker than running a full node. If one is handling a lot of money, they should be running a full node. Finally, he questions whether these issues are not well-known by all in the Bitcoin community.
Updated on: 2023-06-10T20:12:26.982431+00:00