2
I've learned that "some SPV clients simply don’t check signatures themselves at all": https://bitcoincore.org/en/2016/01/26/segwit-benefits/#efficiency-gains-when-not-verifying-signatures
I wonder if popular lightweight wallets (like Electrum) nowadays do signature checks? If not, why?
1
Some lightweight wallets do not check the signatures because checking the signature requires data from the previous transaction. However lightweight wallets generally will not have the previous transaction to fetch the data from and are thus unable to verify the signatures.
0
Most lightweight clients do not validate signatures in Bitcoin. While Simplified Payment Verification (SPV) was introduced in the bitcoin whitepaper as a method of verifying payments without the whole blockchain
re:
It is possible to verify payments without running a full network node
SPV has found most of it's usage on wallets that are unable to allocate the resources for a full validating node. The popular example belongs to the mobile wallet.
I wonder if popular lightweight wallets (like Electrum) nowadays do signature checks? If not, why?
Electrum isn't a standard lightweight wallet. Typical lightweight wallets connect via the bitcoin protocol directly to bitcoin seed servers and communicate directly with bitcoin servers.
Electrum does not do this. Electrum lightweight clients connect to Electrum servers, therefor it doesn't make sense for Electrum lightweight clients to take the burden on validation (when at best they could do a sub par job as SPV isn't perfect and results in plenty of false positives)
Incorrect, lightweight wallets most certainly have enough data to verify signatures via merkle root. How well they do it is another story, but it's is not unable. – arshbot – 2018-08-17T19:50:22.587
2Merkle roots are completely unrelated to signatures. The merkle root is about the block, not about signatures. – Andrew Chow – 2018-08-17T19:52:10.340
1Interesting, I assumed because the merkle root was reliant on the transaction hash it thus had some data of the signature in it - but according to the whitepaper: "He can't check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it." Which means it's really just relying on the network, not doing proper validation itself. I stand corrected – arshbot – 2018-08-17T19:55:19.550
Lightweight wallets know each input of a transaction, thus they should be able to fetch every previous transaction, up to the coinbase transaction. I've also learned that Satoshi once said: "The recipient just needs to verify it back to a depth that is sufficiently far back in the block chain, which will often only require a depth of 2 transactions. All transactions before that can be discarded." – Chris Chen – 2018-12-12T22:38:50.147
No, lightweight wallets can't fetch previous transactions. A full node will not relay transactions that are already in the blockchain. So a lightweight wallet would be unable to fetch previous transactions once they confirm. A lightweight wallet could fetch blocks, and from there the previous transactions. But they don't know which blocks, so they would have to fetch all of them.... and now we have described a full node. – Andrew Chow – 2018-12-12T23:24:10.177
I see Electrum, which should be a typical lightweight wallet, supports loading transaction from blockchain, by txid. – Chris Chen – 2019-01-14T05:33:28.537
Furthermore, I see Electrum can tell whether a 0-conf transaction has a confirmed parent or not. – Chris Chen – 2019-01-14T05:40:58.460
Beyond the viability of validating signatures for lightweight wallets, I think whether such validation actually makes sense might be more important. In some other word, will validating signatures improve security for them? – Chris Chen – 2019-01-14T06:02:35.593
1Yes, validating signatures does improve security. Being able to validate signatures means that you can partially check if a transaction is valid. This means that you are less likely to accept invalid transactions. However, signature validation is not the only thing for checking if a transaction is valid. You also need to check that the transaction spends coins that exist, and you can't really do that without validating the entire blockchain. – Andrew Chow – 2019-01-14T15:00:49.603