On Thu, Jun 1, 2017, at 21:01, Olaoluwa Osuntokun via bitcoin-dev wrote:
Hi y'all, 

Alex Akselrod and I would like to propose a new light client BIP for
consideration: 
   * https://github.com/Roasbeef/bips/blob/master/gcs_light_client.mediawiki



Very interesting.

I would like to consider how this compares to another light client type with rather different security characteristics where each client would receive for each transaction in each block,

* The TXID (uncompressed)
* The spent outpoints (with TXIDs compressed)
* The pubkey hash (compressed to reasonable amount of false positives)

A rough estimate would indicate this to be about 2-2.5x as big per block as your proposal, but comes with rather different security characteristics, and would not require download since genesis.

The client could verify the TXIDs against the merkle root with a much stronger (PoW) guarantee compared to the guarantee based on the assumption of peers being distinct, which your proposal seems to make. Like your proposal this removes the privacy and processing  issues from server-side filtering, but unlike your proposal retrieval of all txids in each block can also serve for a basis of fraud proofs and (disprovable) fraud hints, without resorting to full block downloads.

I don't completely understand the benefit of making the outpoints and pubkey hashes (weakly) verifiable. These only serve as notifications and therefore do not seem to introduce an attack vector. Omitting data is always possible, so receiving data is a prerequisite for verification, not an assumption that can be made.  How could an attacker benefit from "hiding notifications"?

I think client-side filtering is definitely an important route to take, but is it worth compressing away the information to verify the merkle root?

Regards,
Tomas van der Wansem
bitcrust