## Is Electrum's SPV (thin-client) implementation not P2P (as opposed to Multibit's)?

7

2

As far as I know, when I use Electrum I'm just choosing servers to trust that hold the blockchain.

It uses a slightly weaker trust model than Bitcoin-Qt. In SPV mode, with clients like Multibit and Hive, it still scans the blockchain, and what it assumes is whatever blockchain has the majority of miners on it [is correct]. Instead of verifying the entire contents, it just trusts that the majority of miners are honest. It's still peer to peer.

Does this mean that Multibit's SPV implementation is more "P2P" than Electrum? Does it connect to peers (other thin-client users) instead of servers?

5

MultiBit connects to (typically) four bitcoinds at random at start up. It then picks the best peer (using ping times, advertised blockchain height and the version of the peer to decide) and uses that as the download peer to get the block headers from.

It is thus using one peer to catch up the blockchain from where it previously knew about.

It listens to all four connections to hear about all the new broadcast transactions and uses this to work out a 'transaction confidence'. If four peers tell it a transaction exists, it has more confidence that the transaction is real.

When it sends a transaction, it sends it via the single download peer and then listens on the other peers to hear that transaction 'echo' back from the network. Once it has heard the transaction it just sent come back via other peer(s) it can be confident that the transaction is 'out in the Bitcoin network'.

4

Electrum is not peer-to-peer (P2P). It only connects to electrum-specific servers to broadcast your transactions and to receive transactions. It's very similar to a web-wallet, however you're the one who holds the keys. So the Electrum client signs the transaction with your private key (that you hold), and then sends it to electrum-specific servers that take care of broadcasting it out to other peers.

MultiBit on the other hand does connect to other peers without any proxy server, so it is P2P.

Both Electrum and MultiBit clients download the blockchain headers (not the entire content) so they're considered Simplified Payment Verification (SPV) clients.

wait a sec, are you saying then that MultiBit client is P2P, therefore it's less secure? – knocte – 2013-11-13T13:46:10.093

Being P2P doesn't make it less secure. It simply means you connect to several computers instead of one. – Luca Matteis – 2013-11-13T13:47:56.437

if it connects to several computers instead of one, then it is MORE SECURE, because finding N malicious nodes is harder than finding 1 malicious node (therefore Multibit is more secure than Electrum) – knocte – 2013-11-13T14:14:22.563

What? "finding N malicious nodes is harder than finding 1 malicious node". That doesn't really make sense. You have the keys so they cannot do anything with your money. So they're both equally secure. But again, i'd rather stay with P2P clients because, if say Electrum servers go down, you can't really send transactions. But security wise, again, both secure equally. You hold the keys. – Luca Matteis – 2013-11-13T14:20:45.563

1@knocte to complete what you've said: Electrum client connects to multiple Electrum servers in order to retrieve block headers and find the longest chain. This way it can avoid malicious servers. – rdymac – 2013-11-13T15:04:18.723

@rdymac: is that a recent change? – knocte – 2013-11-13T15:04:54.130

@LucaMatteis by insecure I've never meant that the servers could take my money, but that they could give a false blockchain information, therefore I'm downvoting your answer – knocte – 2013-11-13T15:05:41.393

1

@knocte it was introduced in 1.9 and some other security improvements https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

– rdymac – 2013-11-13T15:05:51.807

@rdymac, ok thanks, I've updated my question – knocte – 2013-11-13T15:07:49.660

@knocte they can't. you have the headers (SPV) and you can check their validity by checking their hashes against the target. so they can't give you a "false" blockchain. – Luca Matteis – 2013-11-13T15:09:49.113

against what target? the mathematical proof to check that the blockchain given is correct is just to make sure it's not a random blockchain, but one could still fake one which is correct – knocte – 2013-11-13T16:50:22.787

1@knocte you obviously don't know how Bitcoin works, and you've downvoted me nonetheless. Please inform yourself before assuming something is wrong. I don't feel compelled to explain more in details, so I'll just say that: to generate a valid blockchain yourself you'd need more hashing power than the entire network. So no, nor you nor Electrum can fake it! – Luca Matteis – 2013-11-13T16:53:44.693

I didn't downvoted your comments, but your answer, which still assumes I was referring to "taking my money". You can still remove your answer. And take in account I am not saying that me or Electrum can fake a blockchain, but an electrum server (just one), could, and specifically, to an electrum client v1.8 or older (because since 1.9 the client connects to more than one server). – knocte – 2013-11-13T16:58:39.380