How Fraud Proofs May Improve SPV Node Security in Bitcoin

0
1000

Although Satoshi Nakamoto’s Bitcoin white paper outlined the concept of simplified payment verification (SPV), not all of the suggestions in this section of the paper have been implemented by the Bitcoin development community over the years. Satoshi originally described an alert system that would notify SPV nodes when an invalid block had been detected by a full node, but the idea has been somewhat impractical to implement up to this point. According to Bitcoin Core Contributor and Ciphrex CEO Eric Lombrozo, the upcoming Segregated Witness (SegWit) soft fork will make Satoshi’s vision of improved SPV security a real possibility.

Lombrozo discussed the concept of fraud proofs, which can be used to efficiently prove the existence of invalid blocks, on a recent episode of epicenter Bitcoin

Why Does Bitcoin Need Fraud Proofs?

At one point during his interview, Eric Lombrozo was asked directly about the concept of fraud proofs by Epicenter Bitcoin Co-Host Sébastien Couture. In his response, Lombrozo explained why this new feature could be useful for SPV nodes:

“If there was a way to have fraud proofs, it would improve the security [of SPV nodes] because it would only require one whistleblower on the entire network to notice that a block is invalid and all SPV nodes could ignore that block.”

While SPV nodes are useful for operating a thin client on less powerful devices, such as a smartphone, they don’t offer the best security because transactions are not completely validated locally. Lombrozo discussed this issue during the interview:

“Right now, if you’re running an SPV client, you get a block that confirms a transaction and, unless you are able to validate the block, you just accept the transaction’s confirmation because the rest of the network seems to think it’s okay. But, of course, miners could be cheating or they could be running buggy software. That has actually happened before. Miners are not validating correctly. And then, SPV clients are going to see confirmations that are not actually real.”

An example of what can occur when miners are not validating blocks correctly took place on July 4, 2015. After a soft fork for BIP 66 was activated, a small miner mined an invalid block. Although this would have been noticed if other miners had been performing full validation on blocks, it turned out that around 50 percent of the miners were SPV mining. As a result, more blocks were built on top of that first invalid block. The invalid chain was eventually orphaned; however, the whole ordeal costed some miners roughly $50,000 in revenue, while also temporarily forcing some Bitcoin users to wait 30 confirmations before accepting a transaction as real.

Checking That a Block is Invalid

Lombrozo also noted that receiving a proof that a block is invalid would be easy for SPV nodes because the information would have low resource requirements and would only require one full node on the network to detect the issue. Lombrozo explained:

“A potential fix would be if it was possible to make it so if — even if proving the block is invalid is expensive (it requires downloading the whole blockchain and then checking it) — maybe checking that the block is invalid could be made cheap. So you could have a very short proof that demonstrates that the block is invalid, and if you could create this, that means it would only take one node on the entire network to construct this proof and propagate it. And then all the nodes would know immediately to ignore this.”

Fraud proofs would essentially allow SPV nodes to gain better security while not giving up much at all in terms of their lightweight functionality.

Fraud Proofs Don’t Make SPV Nodes Perfect

Although fraud proofs appear to be a serious breakthrough in SPV security, issues still remain with these types of clients when compared to full nodes. Eric Lombrozo explained some of the downsides and tradeoffs of fraud proofs during his interview:

“There’s a significant problem with this, which is it requires extreme censorship resistance. For instance, if you’re connected through your ISP and your ISP decides to block these messages, there could be potential attacks there. So it requires more security assumptions, but on the other hand, it does mean that the incentives model shifts more towards people actually wanting to validate correctly because it’s harder for someone to get away with it. So just the knowledge that if you try to do this it would be harder to get away with, it could make it so people are less inclined to try it.”

Although fraud proofs still have problems that need to be sorted out, Lombrozo is bullish on their usefulness in a future version of simplified payment verification on the Bitcoin network. This sort of functionality is made possible by the upcoming Segregated Witness soft fork, but Lombrozo claimed, “For the first release of SegWit, we won’t be doing fraud proofs right away. This is something that is potentially for some later release.”