Full vs. Simplified Payment Verification

Bitcoin's central feature is that you don't have to trust an individual, third-party, or central institution. However, Bitcoin wallet programs must be able to verify that the transactions they receive are valid. In this context, it is important to distinguish between the blockchain (the immutable public document that correctly lists every valid Bitcoin transaction) and someone's copy of the blockchain, which is what you have access to. The former is an abstract concept, whereas the latter is the practical reality. When you connect your wallet program to the Bitcoin network, it connects to several nodes that will send your program transaction data, but you cannot assume that data is valid. If you ask a stranger on the Internet to pay you 2 BTC for an expensive watch you are selling, and a node you are connected to indicates you have received 2 BTC shortly thereafter, is it safe to mail the watch? A valid transaction needs to (1) have the correct digital signature and (2) use bitcoins that originated in a mining block reward and have not yet been spent. All Bitcoin wallet programs can verify the first need with complete certainty, but the second concern is addressed with varying degrees of certainty depending on the design of the program.

Bitcoin wallet programs can verify transactions either by keeping their own complete copy of the blockchain, which is referred to as full payment verification, or by using an abridged version, which is called simplified payment verification (SPV).

Full payment verification wallets, also called thick or heavyweight wallets, require a complete copy of the blockchain. They can verify that bitcoins used in a transaction originated from a mined block by scanning backward, transaction by transaction, in the blockchain until their origin is found (and the wallets can check whether those bitcoins were ever double spent). These wallet programs are often active participants in the Bitcoin network in that they not only handle the user's transactions but they also verify and relay other people's transactions (in these cases, computers running such programs are called full nodes). All Bitcoin miners are also full nodes (i.e., they need a complete copy of the blockchain to mine).

One problem with full payment verification wallets is that they are very resource-intensive and take a long time to initialize. The blockchain, in its 5th year, was greater than 15GB in size and comprised 35 million transactions (by its 10th birthday, it may likely be 100 times larger). A fresh installation of a full payment verification Bitcoin wallet program can take several days (depending on bandwidth) to download the entire blockchain. Obtaining the blockchain requires connecting to other full nodes and checking to determine whose blockchain has the greatest proof-of-work total (by definition, this is assumed to be the consensus blockchain). For laptops and other home devices, running a full payment verification wallet may be merely inconvenient, but for some mobile phones, it is simply impossible. Fortunately, there is a way to make only a slight compromise in trust but in return achieve more computationally efficient transaction verification.

SPV wallets, also called thin or lightweight wallets, cannot check whether transactions are valid; rather, they can check whether full nodes, specifically miners, have validated them. The goal of a thin wallet is to check that a transaction has been verified by miners and included in some block in the blockchain. It's similar to having an accountant balance your checkbook instead doing it yourself. This method works reliably as long as miners, who are adding blocks to the blockchain, act honestly and allow only valid transactions to be included (which is a safe assumption as long as no individual miner is in control of more than 51 percent of the hashing power of the network). But without a copy of the blockchain, how does a thin wallet know whether or not a received transaction was included in a block? The transaction can claim it was included in block #24371 on the blockchain, for example, but how would you know whether the claim was true or false? One strategy would be for your wallet program to connect to several full nodes and ask to download block #24371 along with all of its other transactions. Then your wallet can comb through the transactions in that block and identify whether the transaction under investigation is present. However, if your SPV wallet program has to check several hundred transactions a day and each time you need to download an entire block (with all of its transactions), from an efficiency standpoint, this strategy is hardly better than just downloading the entire blockchain.

The ingenuity of SPV rests on its ability to verify, through the magic of hash functions, that a transaction was included in a block without looking at any of the block's transactions. To do so, SPV wallets need to download the headers of every block in the blockchain. Recall from Chapter 8 that each block in the blockchain contains two parts, a long list of transactions and a short summary of the block's contents (the header). Importantly, the header contains a hash of all the transactions within that block, structured in such a way that any Bitcoin wallet program can easily check whether a transaction belongs to a particular block by considering its hash value. This hash structure is called a Merkle tree[1] Using this Merkle tree design, thin wallets can safely confirm that transactions they receive have been included in the blockchain without downloading the full blockchain. Downloading just the block headers requires only a fraction of the memory that's needed for the entire blockchain; therefore, SPV wallets can easily run on your smartphone and other inexpensive mobile devices.

A Bitcoin wallet app that uses SPV can also offer many but not all of the same security guarantees as a full wallet.

Being able to run a resource-hungry Bitcoin wallet on a smartphone is an impressive feat of engineering. SPV wallets use advanced computer science technology but make a few compromises in flexibility. Table 9-1 summarizes how we'd rate SPV wallets and compare them to full wallets using a variety of factors.

Table 9-1: Rating SPV Wallets vs. Full Wallets

Rating SPV Wallets vs. Full Wallets

Let's examine each feature in this table in more depth:

  • [1] More details on Merkle trees can be found in Satoshi's original white paper.
< Prev   CONTENTS   Next >