> A typical network attacker (e.g. someone on your lan or wifi segmet, or > someone who has compromised or operates an upstream router) can be all of > your peers. This is true, but it cannot make us accept any invalid filters unless the attacker is also creating invalid blocks w/ valid PoW. > The original propsal for using these kinds of maps was that their digests > could eventually be commited and then checked against the commitment, > matching the same general security model used otherwise in SPV. Indeed, but no such proposal for committing the filters has emerged yet. Slinging filters with new p2p messages requires much less coordination that adding a new committed structure to Bitcoin. One could imagine that if consensus exists to add new committed structures, then there may also be initiatives to start to commit sig-ops, block weight, utxo's etc. As a result one could imagine a much longer deployment cycle compared to a pure p2p roll out in the near term, and many applications are looking for a viable alternative to BIP 37. > Unfortunately, using the scripts instead of the outpoints takes us further > away from a design that is optimized for committing (or, for that matter, > use purely locally by a wallet)... I agree that using the prev input scripts would indeed be optimal from a size perspective when the filters are to be committed. The current proposal makes way for future filter types and it's likely the case that only the most optimal filters should be committed (while other more niche filters perhaps, remain only on the p2p level). -- Laolu On Thu, May 31, 2018 at 9:14 PM Gregory Maxwell wrote: > On Fri, Jun 1, 2018 at 2:52 AM, Olaoluwa Osuntokun via bitcoin-dev > wrote: > > One notable thing that I left off is the proposed change to use the > previous > > output script rather than the outpoint. Modifying the filters in this > > fashion would be a downgrade in the security model for light clients, as > it > > Only if you make a very strong assumption about the integrity of the > nodes the client is talkign to. A typical network attacker (e.g. > someone on your lan or wifi segmet, or someone who has compromised or > operates an upstream router) can be all of your peers. > > The original propsal for using these kinds of maps was that their > digests could eventually be commited and then checked against the > commitment, matching the same general security model used otherwise in > SPV. > > Unfortunately, using the scripts instead of the outpoints takes us > further away from a design that is optimized for committing (or, for > that matter, use purely locally by a wallet)... >