Author: Sergio Demian Lerner 2018-06-09 12:51:55
Published on: 2018-06-09T12:51:55+00:00
It has been reported that a SPV (Simplified Payment Verification) wallet can be fooled by an attack, which requires thousands of confirmations. The attack can be performed without a Sybil attack and can impact SPV wallets. The protections that a SPV node should have to prevent such an attack are different and must be considered separately. However, it has been noted that a SPV node can avoid accepting payments if any Merkle node is at the same time a valid transaction, which almost eliminates the problem. It should be mentioned that there is a low probability of SPV Wallet rejecting valid payments. Moreover, an attacker with only 1.3M USD that can brute-force 72 bits can perform the same attack. Hence, no person should accept more than 1M USD using an SPV wallet. However, it has been pointed out that against an SPV wallet, one doesn't need that attack; with that kind of budget, one can fool it by just creating a fake block at far less cost along with a sybil attack. Sybils aren't difficult to pull off when one has the budget to create fake blocks. Additionally, it has been noted that the attack can be repeated. Once the "extension point" block is created, one can attack more and more parties without any additional computation. However, txouts can only be spent once, so one will need to do 2^40 work each time they want to repeat the attack to grind the matching part of the prevout again.
Updated on: 2023-06-13T03:15:14.493455+00:00