Short answer: Even at age, there were still known attacks (low difficult header spam) with slightly protected checkpoints. As explained in recent security disclosures, mining hardware continues to get cheaper with each hash, so its protection has also been weakened. Because it is Bitcoin Core 24.0, its attack is not possible and uses a solution (header pressing) that does not require you to force a particular chain on the user (unlike checkpoints). As of early 2025, there is a positive debate about removing checkpoints entirely.
A longer answer.
Since Headers-First Sync was introduced in Bitcoin 0.10, only The reason checkpoint is to fight header spam.
I quote another answer on my topic:
Header-first sync introduced in Bitcoin Core 0.10.0 will not download blocks before making sure the header is known and there is enough work to do so (i.e. within a day of the active chain chip , preset minimum chain work). This means we don’t have to worry about already low-failure block spam. Blocks will not be downloaded unless they are part of a chain that has been proven to be sufficient.
However, there remained a weaker problem. Peers may start to give (multiple) chains of headers that are not worth it. The headers are sent forward, so there is no way to know how good the result is first.
When discussing security measures, it is always good to keep in mind the issues we are trying to prevent, so I give this as a context. The checkpoints were there to prevent attackers from filling people’s disks and memory with a large amount of low-resistance chains. While you don’t get to really get to as much work as you actually do at a very early stage (for example, right after Genesis Block), you don’t have the means to understand that software can’t.
butsomehow, if there were actually branched chains from just after Genesis, it was valid and there was more work than the chains that considered software today Should Please accept that, just as dramatically. Bitcoin’s security model relies on proof of work. This means accepting the most effective chain of work, even if it is probably not the chain we want.
People mention this because people believe that checkpoints are a security feature that protects against deep-rogues. I think that’s a mistake. If deep reorgs occur, some of the very core assumptions underlying the proof of work are broken, so you should consider fixing them. Checkpoints are not a fix for this. So far, it has been made frequently and frequently to replace computers without affecting which chains are accepted (as is the case today). A system-based consensus system with human systems.
So: all The checkpoint is to force header spam attackers to fork off the chain instead of 2009 in 2014. Many Higher (but orders of magnitude lower than today). This makes header spam attacks expensive many times, but as mining hardware continues to develop, as of 2022, the cost of the attack has dropped to about 1 BTC in mining costs (security disclosure) is explained in (explained in).
Starting with Bitcoin Core 24.0, a new approach to header synchronization has been introduced: headers are pre-recovered (see PR 25717). Splits header synchronization in two phases.
- One (Foresight) Meanwhile, headers have been downloaded and verified from the peer, but not saved (except for very small commitments).
- If the pressing phase reaches a header that beats the minimum chainwork setting and has a chance to break the chain you already have, the header is the header Re-download I compared it to what I received previously and saved it for further processing (which includes downloading the entire block).
By doing this, attackers cannot spam nodes in critical ways using low-resistance header chains. This completely fixes the issue without checkpoints and extends protection to the point before the node reaches the checkpoint. The last known weakness of checkpoints disappearing can cause them to be removed entirely.
To answer your actual questions:
Why is the list of checkpoints saved if only the last one is used?
All checkpoints only worked when they reached (and so far they did). The effect is that if the hash accepts a block that matches the checkpoint, no further rollags are allowed away from it. This means that if the checkpoint list is completely wrong, it doesn’t prevent it from syncing at all, it’s ineffective.
This also means that before introducing header pressing, the concerns of new nodes were even greater as the header spam concerns were vulnerable to the header spam chain, unless it had passed all the checkpoints. It means. Fork-off from previous checkpoints and even Genesis.
If the last checkpoints are from 2014, why are they still in use?
At this point, the only reason is because of unknown unknown: is there probably an undiscovered attack (which is probably different, such as low deficiency header spam), but not prevented by header pressing, teeth Even if it’s calm, has the checkpoint made it even more expensive? We don’t believe it, but due to this concern and inertia they have not yet been removed.
Is it better to use the Asmavalid block as a “checkpoint”?
That, or another recent checkpoint, could have been an alternative to the issue of lower costs for low-resistant spam attacks. I think the pre-header approach I used instead is more elegant as it effectively lifts spam protection into header protection in a very common way. Unlike checkpoints, they are actually considered valid.
Disclaimer: We assisted in designing the header synchronization mechanism.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
