SPV proofs explained
A primer on Simple Payment Verification proofs, how they work and why they matter
Simple Payment Verification, usually abbreviated to SPV, is a system outlined in the original Bitcoin Whitepaper that enables light clients (wallets running on low-end systems) to verify that a transaction has been included in Bitcoin and therefore a payment has been made.
This is possible because, when Satoshi designed Bitcoin, he used a data structure called Merkle tree to store the transactions in each block. A Merkle tree is nothing fancy tho, it’s just a structure created by grouping all the transactions in pairs and hashing them together, then proceeding to hash the resulting hashes together and continuing this process till there is only one hash left, called the merkle root. This creates a tree where every node has two children, which can be used to create their parent node.
Now, the cool thing about Merkle trees is that someone that only knows the Merkle root/top hash can verify if a transaction is part of the tree, that is, if it’s been included into a Bitcoin block. This is done by taking the nodes that are in the path that connects the Merkle root with one of the bottom transactions and bundling them together to create a proof:
With that proof, our original user that only had access to the top hash can follow the path back to the roots in a verifiable way, he can check that Hash1 and Hash0 hashed together generate the top hash, meaning that Hash1 and Hash0 are its legitimate children, then apply this same check to Hash0–0 and Hash0–1, thus asserting that these two are also part of the original block, and, finally, check that L1 is the source of Hash0–0, proving that L1 is included in the block, therefore confirming it as an accepted Bitcoin transaction.
Why are SPV proofs so important?
SPV proofs might not seem to be that big of a deal, after all you can verify Bitcoin transactions by running a full node, why’d you jump through all these hoops to do just the same? Well the thing is that running a full node requires downloading the entire blockchain, but if we use SPV proofs we only need to know the merkle root of each block in order to verify the transactions, so we only have to store 80 bytes per block, instead of the much larger size per block required for full nodes. This decrement of over 99.99% makes running the verification inside a low-resource device or a smart contract feasible, a total impossibility if we were to download every single block.
In the event of there being a successful 51% attack on a cryptocurrency, the attackers would be able to fool clients relying on SPV proofs into accepting any kind of invalid transaction, like one where coins are created out of thin air. It’s possible to question how much of a threat that is, given that if a successful 51% attack is conducted double spends become possible, breaking a basic security assumption and compromising the whole system. Nevertheless, there’s some research being conducted on systems that could prevent that.