[Tails-dev] (no subject)

Poista viesti

Vastaa
Lähettäjä: Minoru
Päiväys:  
Vastaanottaja: tails-dev
Uudet otsikot: Re: [Tails-dev] Electrum doc wrt. SPV security
Aihe: [Tails-dev] (no subject)
I want to contribute to the Tails documentation and I was redirected
to you.


Begin forwarded message:

Date: Sun, 15 Feb 2015 12:29:12 +0100
From: tails-bugs@???
To: minoru@???
Subject: Re:



Hi,

First, thanks for your input.

Actually, we have little time to dedicate to user
support, and we prefer to focus on issues that are specific to Tails.
We cannot afford answering too many questions related to the usage of
the software included in Tails.

I think you should better send your ideas to tails-dev@??? which
is definitely more relevant concerning such request.

Cheers.


> I would like to add an important detail that is missing from the
> Electrum bitcoin client documentation in Tails 1.3 RC.
>
> Electrum uses SPV (Simplified Payment Verification) to avoid
> downloading the entire blockchain (official public ledger of all
> transactions). Contrary to the decentralized nature of Bitcoin, an
> SPV node trusts a third-party honestly inform them about the
> transactions in the blockchain. Simply stated, an attacker could lie
> to one about how many bitcoins one has in his or her wallet. However,
> this vulnerability should not to be confused with stealing bitcoins
> which is impossible. Noting SPV is especially important since all
> traffic is routed through Tor and could be manipulated in some way.
>
> Here is a quote from my favorite book Mastering Bitcoin by Andreas M.
> Antonopoulos: “An SPV node cannot be persuaded that a transaction
> exists in a block when the transaction does not in fact exist. The
> SPV node establishes the existence of a transaction in a block by
> requesting a merkle path proof and by validating the proof of work in
> the chain of blocks. However, a transaction’s existence can be
> "hidden" from an SPV node. An SPV node can definitely prove that a
> transaction exists but cannot verify that a transaction, such as a
> double-spend of the same UTXO, doesn’t exist because it doesn’t have
> a record of all transactions. This vulnerability can be used in a
> denial-of-service attack or for a double-spending attack against SPV
> nodes.”
>
> Most of the time, one's wallet won't be effected. However, one should
> be careful with larger value transactions. To solve this problem, one
> can create a watching-only copy of their wallet (that doesn't contain
> any private keys) and copy in onto another computer or one can use a
> bitcoin block explorer such as blockchain.info to double check the
> amount of money that is in an address.