I'm studying the paper "Bitcoin: A Peer-to-Peer Electronic Cash System" and I've gone through many questions on this site. Still I cannot fully understand the contents of the Simplified Payment Verification section.
It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he's convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it's timestamped in.
First, it sounds strange to me what is meant by querying "until being convinced of having the longest chain". But I assume that this can be checked in some way by the protocol. More importantly, I don't understand what is meant by "obtain the Merkle branch linking the transaction to the block it's timestamped in".
So let's say that I have a block chain of headers B and I find the transaction where I get my payment in block Bi (in principle it should appear only in one block). Does "obtaining the Merkle branch" means that I have to reconstruct the branch from the root of the tree? What algorithm is used to do so?
He can't check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.
Fair enough, this is the way the general scheme works. Finding the transaction in the network tell us that it has been accepted with high probability and the more blocks that are added afterwards the more certainty we have about this branch to be definitive.
As such, the verification is reliable as long as honest nodes control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network.
I understand that in general if an attacker controls 51% of the network then it can make frauds. But what is the difference between a person of the network and a person outside the network in this respect? If an attacker fabricates false transactions and achieves his branch to be dominating for several times then people will switch to their branch. So, what is the advantage of a network user against the one that is not in the network?
One strategy to protect against this would be to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to confirm the inconsistency.
Again, could you specify what kind of attack is being performed here? I don't see how people of the network will detect an invalid block...