Difference between revisions of "Simplified Payment Verification"
David Watson (talk | contribs) |
David Watson (talk | contribs) |
||
Line 8: | Line 8: | ||
The advantages of using SPV are clear in terms of the volume of data required: | The advantages of using SPV are clear in terms of the volume of data required: | ||
− | * a wallet | + | * a wallet can store '''all necessary block headers in around 50MB - this covers the entire block chain''' (as at January 2020, with 80 bytes per block and around 620,000 blocks in the chain). The total '''grows linearly''' at around 4MB per year (i.e. it increases by 80 bytes with each block mined, regardless of the size of that block). |
− | * contrast this with the '''hundreds of gigabytes''' which would be required to store the entire chain, if SPV were not being used | + | * contrast this with the '''hundreds of gigabytes''' which would be required to store the entire chain, if SPV were not being used. |
* The size of the data required for the '''merkle paths''' is of maximum <math>64log_{2}{n}</math> bytes, where <math>n</math> is the total number of transaction in one block. | * The size of the data required for the '''merkle paths''' is of maximum <math>64log_{2}{n}</math> bytes, where <math>n</math> is the total number of transaction in one block. | ||
===Approach=== | ===Approach=== | ||
− | An article in March entitled [https://craigwright.net/blog/bitcoin-blockchain-tech/merkle-trees-and-spv Merkle Trees and SPV] (Craig Wright, 2019) clarified some previous misunderstandings around SPV and transaction verification. Previously, the custom had been for the person receiving a payment to poll the block chain repeatedly, to confirm that their transaction had reached a certain depth. Dr Wright stated that this was unnecessary | + | An article in March entitled [https://craigwright.net/blog/bitcoin-blockchain-tech/merkle-trees-and-spv Merkle Trees and SPV] (Craig Wright, 2019) clarified some previous misunderstandings around SPV and transaction verification. Previously, the custom had been for the person receiving a payment to poll the block chain repeatedly, to confirm that their transaction had reached a certain depth (say 6 blocks deep). Dr Wright stated that this was unnecessary: |
{{quote| | {{quote| |
Revision as of 17:12, 21 January 2020
Simplified Payment Verification (SPV) is described in section 8 of the Bitcoin whitepaper. It allows a user to prove or verify that a transaction is in the Block chain without downloading the full chain.
To create a Merkle proof, a user or (or their wallet) simply needs the block header for a given block (80 bytes) and the Merkle path within that block of the transaction they need to validate. Together, these two items will be sufficient to prove that a given transaction exists in the chain at a given block height.
To validate a proof, a user (or their wallet) only needs the 80 byte header for the block where the transaction appeared. They don't need all of the transactions within block (which could be very large). By computing the hash of the transaction and the Merkle root, the user can compare it with the Merkle root in the block header. If it matches, then the validation is successful.
Advantages
The advantages of using SPV are clear in terms of the volume of data required:
- a wallet can store all necessary block headers in around 50MB - this covers the entire block chain (as at January 2020, with 80 bytes per block and around 620,000 blocks in the chain). The total grows linearly at around 4MB per year (i.e. it increases by 80 bytes with each block mined, regardless of the size of that block).
- contrast this with the hundreds of gigabytes which would be required to store the entire chain, if SPV were not being used.
- The size of the data required for the merkle paths is of maximum bytes, where is the total number of transaction in one block.
Approach
An article in March entitled Merkle Trees and SPV (Craig Wright, 2019) clarified some previous misunderstandings around SPV and transaction verification. Previously, the custom had been for the person receiving a payment to poll the block chain repeatedly, to confirm that their transaction had reached a certain depth (say 6 blocks deep). Dr Wright stated that this was unnecessary:
In contrast, the present invention requires that the necessary SPV check be performed on a transaction’s inputs prior to its broadcast [emphasis added]. The shift in emphasis greatly reduces the burden and traffic on the network in dealing with invalid transactions.
A second important paradigm in the existing [i.e. the prior] SPV system is that an SPV client must query full nodes [emphasis added] on the network to obtain the Merkle path required for the SPV check ... SPV checks that remove such burden on the network [emphasis added], by stipulating the lightweight Bitcoin client where users keep, maintain, or at least have access to their own copies of Merkle paths pertinent to the unspent transaction outputs owned by them, allow Bitcoin to scale. [emphasis added]
The article referenced above included the following diagram which shows how transaction hashes can be related to the Merkle root in a block header:
Merkle Trees and Merkle Paths
A Merkle Tree is a structure used in computer science to validate data - see https://en.wikipedia.org/wiki/Merkle_tree for more information
SPV Wallet
An SPV wallet is a lightweight wallet that uses the mechanism of SPV to construct bitcoin transactions and payments.
To spend a UTXO, a user of a SPV wallet will pass on the following information to the receiver:
- - the transaction that contains the UTXO as an output,
- The Merkle path of
- The block header that contains the Merkle root derived from the Merkle path (or its identifier, e.g., block height)
- - the transaction that spends the UTXO
To validate the information, a user computes the Merkle root from the Merkle path of . The user then compares it with the Merkle root specified in the block header. If they are the same, the user accepts that is in the chain.
Offline Payment
Note that by storing locally, a user will be able to sign offline, as any signature on requires the scriptPubKey (locking script) part from .