Bitcoin Forum

Say Alice wanted to prove to Bob that a particular Bitcoin TX has taken place but Bob does not have access to the network and has no information about the blockchain for the last year.

Assumptions:
* price to increase by a factor of 10 per year (should only be relevant to give a reason for the hashrate increase)
* network hashrate to increase by a factor of 10 per year
* the transaction occurred on the network 1 year ago
* Bob knows the current date
* Bob knows the blockchain up to a couple of blocks before the block with the TX (last network access 1 year ago)
* The particular block only contains this one TX besides the coinbase TX.
* Block reward: 25BTC
* Cost of mining a block today: 25BTC

Alice shows Bob the particular block and the block headers of the following nine blocks. Bob decodes the TX and verifies everything is ok.

How much would it cost Alice to fake the data?


Practical application: proof for TX in a very lite client.

If the cost of mining a block today is 25 BTC, and 1 year ago the difficulty was 10 times lower (as implied by the hashrate being 10 times lower), then the cost to mine the fake year-old blocks would be 2.5 BTC per block. Since this involves forging at least 10 blocks (you were a little fuzzy on the "a couple of blocks before" part, so let's take the worst-case scenario: the TX happened in the very next block), the cost is 10*2.5=25 BTC. As long as Alice's lie isn't worth over 25 BTC (~$15,000 today), Bob should be safe.

Unless a difficulty change happens to be within those 10 blocks, Alice can't modify the difficulty to reduce this cost, and Bob could see that such a change is suspicious. Instead, to minimize the chance of detection, Alice should try to make everything else about the blocks realistic - the block timestamps should be the same as the real chain (if you were including more than the block header, I'd say to include real transactions, too).

Note that Bob could guard against this risk by connecting to the network, even only as a lite client for a short time.

Also note that Bob has no proof that this TX is unspent, only that it occurred at some point.

Thank you very much for your analysis and important additional hints.

What I am actually pondering is if it would make sense to include this in an API server for Namecoin / .bit  -  it's not secure but better than nothing.