On Tue, Jul 30, 2013 at 09:36:50PM +0200, Wendell wrote:
> Thank you Peter.
> 
> Does this advice apply equally to both full and SPV nodes? At this point I'm merely curious, since we don't have the option to run bitcoinj over Tor right now anyway.

Yes, although remember that in general SPV nodes are significantly less
safe because they depend soley on confirmations for security; it's often
not appreciated that an attacker can target multiple SPV-using entities
at once by creating a invalid block header with any number of completely
fake payments linked to it; if you can attack n targets at once, the
cost to perform the attack is n times less per target. 

Unrelated to Tor, but an interesting possibility to improve SPV security
is to ask for the history of a given txout - that is the previous
transactions that funded it. You could even do this with a
zero-knowledge proof, sampling some subset of the prior transactions to
detect fraud. Unfortunately none of the infrastructure is setup to do
this, and txid's aren't constructed in ways that make these kinds of
proofs cheap. (you really want a merkle tree over the txin and txout
sets)

Work thinking about for the future in any case - the above can be
implemented as a soft-fork.

-- 
'peter'[:-1]@petertodd.org
0000000000000077bb3b12c68ada1e2965411a973b07fc721834154df07aa5c9