1 of 16

Scalable Payment Verification Network�

Tom Harding

Bitcoin XT Maintainer

�Satoshi’s Vision Conference, 9/25/2016

2 of 16

Scale the Things We Know How to Scale

Simplified Payment Verification

Satoshi’s scaling solution

Millions of SPV wallets in use every day

Scalable Payment Verification Network

Improved SPV security

Build confidence in unconfirmed transactions, which SPV users rely on

�New capabilities enable Light Network Nodes

Let anyone contribute meaningfully to security

Allow the blockchain to grow faster

No consensus changes

Completely supplemental

3 of 16

SPV: Satoshi’s Decentralized Scaling Solution

Wallet stores a highly pruned blockchain (headers, personal transactions, and merkle proofs)�

Security derives from confirmations
Talks to bitcoin nodes, not proprietary servers
User has full control of his keys

4 of 16

SPV: Vulnerabilities

The mining/fullnode network could hard fork without you knowing
Your network provider could omit information

SPV called “toxic light client” and compared to mercury poisoning, and playing with fire

Privacy concerns related to bloom filters

The market has accepted these risks. Millions of SPV wallets are in use every day.

But we can make it more secure and more scalable

5 of 16

SPV: Satoshi’s Fraud Proofs

Briefly described as “one strategy” in bitcoin.pdf�

Receive alerts when a remote node detects an invalid block
Suggestion is to “download the full block” but…

An SPV client can’t validate a full block
We’d like to support larger blocks

Compact block invalidity (“fraud”) proofs would let a wallet detect a hard fork

Such detection is not the subject of this talk

How do we build a Scalable Payment Verification Network?

6 of 16

Improving SPV Security

Immediately anchor received payment confidence to the blockchain

Fetch input proofs

Absence of a positive input proof can be used to distrust a payment

Fetch spentness proofs and receive spend alerts

Absence of a spentness proof can be used build confidence probabilistically

Add more complete local transaction validation rules

Improved network practices

Split filters among peers
Peer rotation
Enable (but don’t require) use of trusted peers
Explore use of tor to reach the P2P network

7 of 16

Improving SPV Security

Wallets need everything on the diagram in the next slide.

Today, they only receive...

The received payment transaction

Transactions spending M

9 of 16

Original Bitcoin Network

10 of 16

Today’s Bitcoin Network

11 of 16

New Capabilities for Light Network Nodes

SPV-serving nodes need only SPV security themselves

Capabilities (a la carte):

Prover�Provide input/spentness proofs for stem�
Prover Finder�Finds provers for stem�
Transaction Repeater�Host bloom filters and relay transactions

12 of 16

Prover

Provides input/spentness proofs for a TXID stem, like 0x828fea�
Stores and maintains a blockchain shard set by TXID stem

Size of slice is completely configurable
Also tracks unconfirmed transactions in the set�

Registers stems served with prover finders
Collectively, the network can validate anything, falling back to full nodes
Light nodes decentralize the collective validation function

13 of 16

Prover Finder

Finds provers for TXID stem�
Resolution service very similar to DNS required�
Hierarchical TXID name space partition with full nodes at root�
Actually using DNS is a likely solution

14 of 16

Transaction Repeater

Hosts bloom filters
Relays transactions

Achieve “SPV” security by checking for relay from multiple full nodes�

Scales bloom filter hosting
Decentralizes bloom filter hosting�
Is a prover finder client

15 of 16