pull down to refresh
0 sats \ 2 replies \ @_stacktoshi 15h \ on: Serving Bitcoin – refurbished bitcoin nodes bitcoin
I think for the same reason you can't just bittorrent the blockchain, even if you somehow trusted the source. You basically need to replay all transactions in order to rebuild the spendable state, so that you can verify future transactions. By randomly getting the blocks from different network peers, you're corroborating the integrity of what's being transferred. But there are proposed optimizations: https://bitcoinops.org/en/topics/assumeutxo/
Seems like you could just spot check your chain and UTXO set though.
I agree, except that I don't understand the difference between trusting someone else to install your OS and trusting someone else to give you an up-to-date copy of the chain. I'm sure there's some version of malware that could be put on a machine that man in the middles you when you try to sign a transaction over a certain threshold. Or it does this when you generate an address to receive.
My point is that in the case where you trust someone else to install software on a device both of you know will be used for bitcoin activities, why not trust them to give you a copy of the chain as well?
reply
Code is shipped with any device that contains processing units, so unless you can verify that the code only does what it's supposed to do, there's a basic level of trust that you have to accept. So then the question goes past just startOS. If they didn't have an OS and gave you a usb drive with all the linux packages that you could independently checksum, you'd still need to trust all the authors of the code that's gonna run on that machine, including firmware. So, you're right, they might as well include a copy of the blockchain, as long as you could reliably verify it. And people generally aren't going to be putting their life savings on these devices since they're hot wallets. An attacker isn't going to strike it rich before word gets out about the supply-chain attack.
reply