Simplified Payment Verification

Revision as of 15:41, 22 January 2020 by David Watson (talk | contribs)

Simplified Payment Verification (SPV) is described in section 8 of the Bitcoin whitepaper. It allows a user to prove or verify a payment to them without downloading the full Block chain, by utilising the properties of Merkle proofs.

SPV allows users to securely transact with each other, peer-to-peer, while nodes act to form the settlement layer.

Advantages

The advantages of using SPV are clear in terms of the volume of data required:

  • a wallet can store all necessary block headers in around 50MB - this covers the entire block chain (as of January 2020, with 80 bytes per block and around 620,000 blocks in the chain). The total grows linearly at around 4MB per year (i.e. it increases by 80 bytes with each block mined, regardless of the size of that block).
  • contrast this with the hundreds of gigabytes which would be required to store the entire chain, if SPV were not being used.
  • The size of the data required for the merkle paths is of maximum bytes, where is the total number of transaction in one block.

As explained in Section 8 of the Bitcoin whitepaper:

" ... [An SPV client] only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he's convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it's timestamped in ...

And in Section 7:

" ... A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year ..."

Approach

There have been a lot of previous misunderstandings around SPV and peer-to-peer transacting. Previously, the custom had been for the sender of the payment to just broadcast the payment to the bitcoin network nodes. The receiver of the payment would then need to somehow filter through all of the transactions coming onto the blockchain for specific tranasactions relating to them (an extremely diffficult task in of itself). Even if the sender sent the transaction to the receiver as well as the network nodes, the custom had been for the receiver to always wait for the transaction to be burried into the blockchain at least 6 blocks deep whatever the transaction type or amount or situation.

The better approach is that transactions between SPV clients are negotiated peer-to-peer and settled on the blockchain through the network nodes. An analogy for this is a transaction done using cheque at a much faster speed. The customer hands the the signed cheque (transaction) to the merchant who then cashes the cheque (settles the transaction). When/if the merchant is satisfied according to the situtational risk of the transaction, then they can hand over the goods or services. There is no such thing as absolute security, there is always a risk against the cost of being defrauded (which increases exponentially as time goes by). If the transaction is only for a cup of coffee, then the merchant might incur more risk than if the transaction was for a car for example.

Merkle Trees, Merkle Roots, Merkle Paths and Merkle Proofs

A Merkle Tree is a structure used in computer science to validate data - see wikipedia definition for more information.

The Merkle Root in a Bitcoin block is the hash contained in the block header, which is derived from the hashes of all other transactions in the block.

A Merkle Path in SPV represents the information which the user needs to calculate the expected value for the Merkle root for a block, from their own transaction hash contained in that block. The Merkle path is used as part of of the Merkle Proof.

A Merkle Proof in SPV proves the existence of a specific transaction in a specific block (without the user needing to examine all the transactions in the Block). It includes the Merkle Root and the Merkle Path.

  • To create a Merkle proof, a user or (or their wallet) simply needs the Merkle path of the transaction as well as the block header for a given block (80 bytes).
  • To validate a proof, a user (or their wallet) only needs the chain of block headers (as opposed to the whole blockchain). I.e. they need their own copy of the block headers for all blocks, that they know to be accurate. Using their own block header chain, together with the transaction (or its hash/id) they want to verify, as well as its Merkle proof (also sometimes referred to as an inclusion proof), a user can verify the transaction appears in the block chain in a specific block, without examining every transaction in that block.

An article in March 2019 entitled Merkle Trees and SPV (Craig Wright, 2019) clarified some previous misunderstandings around SPV and transaction verification. The article included the following diagram which shows how transaction hashes can be related to the Merkle root in a block header:

Three transactions and the Merkle paths which can be used to relate them to blocks

SPV Wallet

An SPV wallet is a lightweight wallet that uses the mechanism of SPV to construct bitcoin transactions and payments.

To spend a UTXO, a user of a SPV wallet will pass on the following information to the receiver:

  1. - the transaction that contains the UTXO as an output,
  2. The Merkle path of
  3. The block header that contains the Merkle root derived from the Merkle path (or its identifier, e.g., block height)
  4. - the transaction that spends the UTXO

To validate the information, a user computes the Merkle root from the Merkle path of . The user then compares it with the Merkle root specified in the block header. If they are the same, the user accepts that is in the chain.

Offline Payment

Note that by storing locally, a user will be able to sign offline, as any signature on requires the scriptPubKey (locking script) part from .