|
Title: A "lightweight" node that still downloads the blockchain. Post by: mustyoshi on March 12, 2014, 05:25:21 PM What are some security concerns of a node which only saves transactions that involve itself?
Other than the obvious of being unable to verify transactions, and relying on them being buried a few blocks deep before "accepting" them. What other attacks would such a node be vulnerable to, and what are possible ways to defend against them? Right now the node I'm running saves headers, coinbase, and tx involving itself. What am I vulnerable to? Title: Re: A "lightweight" node that still downloads the blockchain. Post by: chriswilmer on March 12, 2014, 06:11:41 PM Are you just implementing your own version of Simplified Payment Verification?
There is a lot of discussion out there already on the vulnerabilities of this. Title: Re: A "lightweight" node that still downloads the blockchain. Post by: mustyoshi on March 12, 2014, 06:20:48 PM Are you just implementing your own version of Simplified Payment Verification? There is a lot of discussion out there already on the vulnerabilities of this. I've never looked at Simplified Payment Verification, but I'll see if that is indeed the idea I am making. EDIT: And it is. Title: Re: A "lightweight" node that still downloads the blockchain. Post by: chriswilmer on March 12, 2014, 06:22:09 PM Are you just implementing your own version of Simplified Payment Verification? There is a lot of discussion out there already on the vulnerabilities of this. I've never looked at Simplified Payment Verification, but I'll see if that is indeed the idea I am making. That's amazing. You and Satoshi Nakamoto think alike :) (he wrote about this in his white paper) Title: Re: A "lightweight" node that still downloads the blockchain. Post by: mustyoshi on March 12, 2014, 06:33:08 PM Are you just implementing your own version of Simplified Payment Verification? There is a lot of discussion out there already on the vulnerabilities of this. I've never looked at Simplified Payment Verification, but I'll see if that is indeed the idea I am making. That's amazing. You and Satoshi Nakamoto think alike :) (he wrote about this in his white paper) I've read the white paper before, so I probably just forgot what it was called and was just subconciously using the whitepaper as my source. But what would some ways to keep my node from being tricked? If downloading the entire blockchain is not an option. Title: Re: A "lightweight" node that still downloads the blockchain. Post by: chriswilmer on March 12, 2014, 06:36:22 PM If you are only connected to one "full" node, you are in trouble... but if you connect (randomly!) to many, then you are more likely to be fine.
Multibit is based on this approach, and it surpassed a million downloads recently, so it's a successful model. Read this: https://code.google.com/p/bitcoinj/wiki/SecurityModel Title: Re: A "lightweight" node that still downloads the blockchain. Post by: mustyoshi on March 12, 2014, 06:48:14 PM If you are only connected to one "full" node, you are in trouble... but if you connect (randomly!) to many, then you are more likely to be fine. Multibit is based on this approach, and it surpassed a million downloads recently, so it's a successful model. Read this: https://code.google.com/p/bitcoinj/wiki/SecurityModel Interesting stuff, I'll see if I can't ensure random node connections on a regular basis. And I'll have to time my downloading of new blocks to make sure that the time remains constant on average. |