I've never fully validated the Bitcoin chainI've never fully validated the Bitcoin chain
A little while back, I tried to think through the trust assumptions in assumevalid (#1457132). What I learned is that while nodes do check things like PoW, doublespends, and blocksize, the default behavior of most nodes is that they do not validate the signatures of every single transaction.
This is generally considered safe because in order for an invalid spend to sneak in there would have to be a time when no one except the dishonest actors were actually validating new transactions, the transaction would have to be buried under a significant number of blocks (~100k?) and then the rest of us would have to be fine with the fact that there is an invalid transaction in the chain.
However, it is still the case that assumevalid as the default means many node runners have never actually validated every signature in every transaction in every block in the chain. I realized today that this is the case for me. I've never done an initial block download with -assumevalid=0 in my config file. This means I've never actually run all the numbers on my own computer.
So what?So what?
As I said above, this is generally considered safe. However, it feels odd. It feels unbitcoin-like. This last week, I saw Voskuil tweeting about assumeutreexo and it got me thinking about this:
One of the things I've noticed about assumeutreexo is that it downloads an trusted state of the utxo set and then later downloads and validates all the blocks from genesis to the current chain tip. While this is a nifty trick to get yourself a working node quickly, it raises a question: what sort of transactions are you willing to do in the window before the node validates everything?
If you are running it on mobile, it seems that the wait might be long -- I have no idea how long it takes a utreexo node to background validate the whole chain on mobile, but let's assume it's a week or two. In that time, are you willing to use your node to receive bitcoin -- even though it is a trusting node?
Anything less than validating everything is not enoughAnything less than validating everything is not enough
I appreciate Voskuil's stance on validation.
He goes on to say:
There is no substitute for validating.
These techniques are either (1) full trust, or (2) trust for some period of time over which you are presumably validating to make sure that your supposedly temporary trust was not misplaced (and if it was you have to start over). But 2 will eventually become infeasible if actual validation does not scale. This is where we have been heading - trust.
Voskuil and L0rinc continue a very interesting thread, which results in this reply:
I found the statement surprising: "everything is validated by default...but if you're really paranoid you can enable script validation as well"
I don't think the average bitcoiner would say that validating all the signatures in the chain is only for "really paranoid" people. But then again, as I said at the top, I haven't ever actually validated all the signatures in the chain.
assume*=> trust PoWEric's point => trust nothing
You should see these as peacetime vs wartime rules, given that:
assume*off.Whether right now we are in peace or war time is subjective, though I'd guess that consensus would be that right now it's peacetime. May change with all these nasty inphlooencer-forks. Preppers be prepped though.
That's a helpful way to think about it.
As always, learning about Bitcoin is humbling. I am surprised that I didn't realize I was not validating. It is certainly not something that is widely discussed.
As to wartime vs peacetime, seems best to use
assumewarI need to get a 2TB drive here soon and my plan is to redo IBD rather than transfer the chain and state. I'm excited to see how ong it will take my little laptop. (also considering doing it with libbitcoin, but then I wouldn't be able to compare it to my previous Core nodes that were all
assumevalid)You were validating, but you were not validating everything you could validate. No shame in that, especially because there is to my knowledge no known preimage attack for
sha256[d]right now, and there are no known large competing mining farms burning away at minority chaintips.assumevalidwas brought in from 0.14, so anydatadirolder than that is a fully validated copy, unless shut off between releases for an extended duration.I'd say
assumefuturewar, yes. Since the design of BIP-110 is war, depending on the level of success it will have, it may be useful to have a reference network state. A running client will not wipe block files though so you can reconstruct it from datadir.You can do it with
-reindexafter turning off all the assumptions. Saves download.you've got to trust something.
in the case of fully validating wuth bitcoin core, you're trusting they gave you the genesis hash correctly, and many other things.
that being said, utreexo and swiftsync is the future.
I've had this SwiftSync tab open for weeks. I need to read it.
Instead of perusing the pull request, you might prefer to read the freshly-baked drafts for a couple BIPs: https://github.com/bitcoin/bips/pull/2152.
oh exciting! I will definitely check it out!
Please feel free to leave review comments if you have any. :)
The whole point of Bitcoin is that trust isn't required. The chain is public, the rules are deterministic, anyone can verify everything independently. Running assume valid by default undermines that by turning trustless into trust that someone else checked. If verification is optional in practice, you've quietly reintroduced a trust layer.
https://twiiit.com/evoskuil/status/2054314962118471823
https://m.stacker.news/141515
There's a useful distinction between validation and verification. Most people don't need to validate from genesis, pruned nodes still verify the chain without storing everything. The real threshold question is: are you trusting your own node for transactions that matter to you? If yes, run one. If you're using someone else's node for anything financial, that's the gap worth closing first.