There's a few more pesewas for the laugh at the end!!

Hahahahahaha, Jasmr. Thanks for the tip

Thats actually a bag full of pesewas. 8.800*6=52,800,000 pesewas. Hmmmmm. We will be a few pesewas shy of ordering Sea Food Pizza (Shrimps, Tuna, Squid) https://hubtel.com/mall/item/sea-food-pizza-shrimps-tuna-squid/945a7f5d0634484c8c832066d3c2eb80/

Great - have a nice meal on me! This is one of the things I like about the potential of a universal cash system. No middleman - you make me laugh - I can give you a good meal! And - _unwriter gets a small amount to keep this system going.

@shadders Does spv actually benefit scaling on a technical level as in it allows for more tx to be processed by nodes, of is it non related.

Thank you Steve! So can we conclude that SPV checking is useful for reviewing past payments or on-chain data (e.g. identity) but not for new payments as it is advisable to check in such instance whether the UTXOs used as inputs are not spent (e.g. by querying a miner processing the txs) in which case an SPV-check on those UTXOs is superfluous? Thank you again! PS Also interested to hear your views on Donald's follow-on Q above.

It is incorrect that using SPV is "inadvisable" for new payments. It costs less and provides less security than a full is-spent check. So it has its place; the seller has to decide how much security he needs and is willing to pay for. To understand SPV and the mandala network and how it will all work at scale you have to think about the system economically. In the future, miners will only mine. They won't field random queries from users. That functionality will be provided by other enterprises for a fee. And this gets at Donald's question as well: the answer is yes, SPV will be an important part of a mandala network topology that will be maximized for economic efficiency.

should have writty "optimized" for economic efficiency, not maximized.

LOL. Immutable typos suck.

I would say that SPV adds some assurance in the zero-conf scenario in that requiring the relevant SPV data strongly disincentivises fraudulent behaviour. But that is really only relevant in an offline transaction situation. If online you'd send it to the miner via Merchant API straight away and get a complete answer to the question 'will this transaction confirm'. This renders all other SPV checks redundant.

@donald It does both directly and indirectly. The indirectly part is what benefits the core of the network: the SPV workflow encourages parties to transact directly with each other rather than using the network as an intermediary. This is just a silly way to it because it requires the receiver to listen to everything on the network to get the one tx they are interested in. Imagine if Telegram only had a single channel for every user and group and you had to read every message to find the ones people had sent to you. Not only that but the Telegram server has to send every single global message to every single user. That's a pretty fair analogy. The more direct benefit is to the users themselves. As above they don't have to receive everything. An SPV proof allows you know that your selected bits are part of the global thing (and prove it to others), without needing to have a copy of the global thing.

Amen

Or you just design systems that don't rely on knowledge of absence.

That’s possible for some use cases but not for others. For tokens, all you need to know is your utxo set and that they are valid but if you have a protocol with complex multi-party interactions, you often need accurate global state. For example if you have a video game that has payouts to the top players, you’re going to want to have knowledge of the results of every game and every player’s wins and losses. Wouldn’t really be acceptable to have some unknown number of unaccounted for games or even moves within a game.

Good point. Then you don't need a node to verify integrity of a data-storing tx. Could be nice if you want to share some identity data for example

Thx Kapil! SPV does indeed provide proof of existence of UTXOs being used in P2P txs but it does not provide proof that those UTXOs havent been spent yet. Only a live online node can provide that proof. And I would think the beneficiary would really need that proof immediately as otherwise malicious actors will quickly discover and take advantage. Am I missing something?

Yes. SPV node will provide an accurate and updated status of all UTXO being valid which means also the validity of a UTXO for that user. SPV is a live online node just that it only stores block headers not anything more. A SPV wallet keeps syncing with network similar to when you run a full node. Typically when you first install a SPV for ex on your phone, it takes fee mins to sync by downloading all historical block headers. My guess is your confusion is due to the fact that user can be offline when spending using SPV wallet, but you have to realise that even if user is offline that UTXO will need to gave full valid merkle proof. If the malicious actor creates a parallel transaction with same utxo then the merchant's validation will fail for the offline transaction. The beneficiary typically will be online and as soon as they recieve the transaction plus the Merkel proof of existence (validity of utxo) their wallet will immediately broadcast the transaction to mining or transaction processor node network. The malicious actor can try and spend that UTXO only theoretically since a merchant will deliver goods once they have validated by broadcasting transactions ONLY then purchases is completed and goods delivered.

I totally agree with what you are writing. I am merely raising the question why bother with an SPV check if goods are delivered only after broadcasting transactions and having confirmation at least 1 sizeable miner has let the tx pass.

Ah I think now I understand what you asked. From what I understand with the SPV validation done at the beneficiary end (merchant, peer etc) the reciever does not need to get validation done by the 1 sizable miner. He KNOWS the transaction is valid because he has performed the following validation- 1. Sender provided merkle proof (tx + merkle path hashes) 2. Performes SPV check/validation against his own block headers/ merkle root to validate the recieved merkle proof by sender 3. Broadcasts the transaction to the network. This reduces the network query to validate and recieving confirmation from network of a transaction being valid. This is what enables large scale scaling on bitcoin. If not this the network will start to get clogged with millions of validation requests before broadcasting. I hope I answered your question.

Small correction, the idea of doing validation before broadcasting is to eliminate invalid transactions reducingnetwork traffic and enable scaling. I stand corrected above

I dont see how you can safely make a tx offline. It opens up the attack vector that the customer uses a few perfectly legitimate (i.e. backed up by Merkle proof etc) but spent UTXOs. The merchant will accept it and the customer will run off. Of course the merchant had a contract and may know the identity of the customer which allows the merchant to resolve the situation. But SPV wont have saved the merchant. Only a quick (i.e. online) check with a node would have prevented this situation it seems to me.

Do you remember cheques? Most people didn't accept them without seeing a proof of ID and address. That's because it gives some assurance that the person signing is actually the person connected to the account from the Bank's point of view. If the cheque bounces you have some recourse. An SPV proof offers similar properties, in the offline scenario the transaction act much like a cheque that you can cash later when you can get to a bank (or get online and submit to a miner).

My worry is that the "legal recourse" spiel is dangerously oversold. Due amounts need to be in excess of $100 for it to be worth your while to engage a debt collector and in excess of $5,000 if you want to go to court. One has no practical recourse on smaller BSV payments even if you have his/her passport copy and a contract. However small amount payments (either a $5 coffee or a micropayment of $0.00001) will (we hope) constitute the bulk of all payments on BSV. We can be sure that payments which are not secured by on-line is-spent checks will attract malicious actors like bees to honey. That's why we should be clear that SPV should ALWAYS be combined with an is-spent check (or wait until tx has processed). PS An is-spent check makes SPV check superfluous

Note that I do see economic security in receiving payments from a trusted paymail address (e.g. HandCash or MoneyButton). A merchant can trust to a reasonable extent that these will not send a merchant spent UTXOs. The economic security offered by a customer using a trusted wallet is much greater than that by a merchant doing an SPV check (any malicious actor can come up with the correct Merkle proof to some previously spent UTXOs).

How do contactless payments work? The first time I saw that you spend money without even providing a PIN I thought this going to be a failed experiment. How wrong I was. But with a contactless fraud you might not discover it for hours or days. A double spend is in itself a proof of fraud detectable within seconds. Recourse may not be in the form of a civil action, it might be as simple as publishing the fraud proof along with any other identity I fo you have. Once people understand you'll burn a wallet by double spending it just becomes dumb to try. And it's only even feasible in the case where the merchant is offline and the customer is online. Fairly unlikely and in any case a lot of effort to go to for a can of coke. We often talk about Bitcoin using incentives to encourage good network behaviour. The other side of it is how it uses disincentives to discourage bad behaviour. This will be a non problem in the future.

In the UK contactless payments had a limit of £30 until recently. I often thought I'd like to increase this limit and perhaps by offering to give extra ID info or even put up a bond I could get the counterparty to accept that. If only there was a way to do that with Bitcoin. ;)

Much appreciate the detailed answers Steve! Reading this I realize BSV would benefit from a KYC-standard in the short term.

Great article. It says (i) "SPV can be used not only for proving the existence but also the integrity of a published tx" (e.g. with identity data embedded therein) and (ii) "One motivation for SPV on the previous tx is to have a fail-fast mechanism". To start with the latter, "fail-fast" is not relevant if only 0,001% (or so) of all txs are malicious. What you want is "fail-reliably". That's why a check at a central node is required to make sure the UTXOs were not already spent (which makes checking UTXO existence superfluous). It isn't clear to me why integrity (e.g. of identity data) is crucial as there is now a 99.9% chance the tx will go through (only double spend in same block can cause issues now). For low value txs legal claims / court cases are not viable anyway and for high value txs one should wait a few confirmations anyway before handing over the goodies. Am I missing something?

With SPV the buyer can provide proof that she controls the key to a UTXO. She cannot prove the UTXO is unspent. However, if it has already been spent she is attempting to commit fraud by double spending it. It's similar to writing a check that you know will bounce; that's fraud. So as long as the seller has the legal identity of the buyer the seller is fully protected by law. Of course, the seller always has options: wait for block confirmations, pay to confirm the UTXO has not been double-spent etc.

As exercising legal rights is significantly more expensive than performing a check with a live node that UTXOs are not spent before passing the goodies, I fail to see the use of an SPV check.

I think perhaps it has been oversold. But also, to understand any of Craig's ideas about bitcoin you have to imagine massive, widespread use. The check analogy is pretty apt and I'd encourage you to think about it further. Widespread use of SPV will tend toward most users of SPV being honest. This in turn will enable sellers to accept more SPV payments under the economic expectation that doing so carries an acceptably low level of risk. There's nothing black and white here; it's all risk/reward and for nervous sellers or big-ticket items there's always the fallback to more costly/less risky checks.