How much do I have in my account can you please tell me Sent from my iPhone
> On 9 Sep 2019, at 2:14 pm, ZmnSCPxj via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: > > Good morning Ruben, > > >> One might intuitively feel that the lack of a commitment is unsafe, >> but there seems to be no impact on security (only bandwidth). The only >> way you can be fooled is if all peers lie to you (Sybil), causing you >> to follow a malicious minority chain. But even full nodes (or the >> committed version of PoW fraud proofs) can be fooled in this way if >> they are denied access to the valid most PoW chain. If there are >> additional security concerns I overlooked, I’d love to hear them. > > > I think it would be better to more precisely say that: > > 1. In event of a sybil attack, a fullnode will stall and think the > blockchain has no more miners. > 2. In event of a sybil attack, an SPV, even using this style, will follow > the false blockchain. > > This has some differences when considering automated systems. > > Onchain automated payment processing systems, which use a fullnode, will > refuse to acknowledge any incoming payments. > This will lead to noisy complaints from clients of the automated payment > processor, but this is a good thing since it warns the automated payment > processor of the possibility of this attack occurring on them. > The use of a timeout wherein if the fullnode is unable to see a new block > for, say, 6 hours, could be done, to warn higher-layer management systems to > pay attention. > While it is sometimes the case that the real network will be unable to find a > new block for hours at a time, this warning can be used to confirm if such an > event is occurring, rather than a sybil attack targeting that fullnode. > > On the other hand, such a payment processing system, which uses an SPV with > PoW fraud proofs, will be able to at least see incoming payments, and > continue to release product in exchange for payment. > Yet this is precisely a point of attack, where the automated payment > processing system is sybilled and then false payments are given to the > payment processor on the attack chain, which are double-spent on the global > consensus chain. > And the automated system may very well not be able to notice this. > > Regards, > ZmnSCPxj > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
