@Roger_Murdock : Yes, fully agreed. Let me further emphasize one word in your quote above:
"We consider the scenario of an attacker
trying to generate an alternate chain faster than the honest chain."
The attacker is the one with the minority HP.
I have also seen Greg say (paraphrasing) "we do not have SPV yet", because according him, SPV is only in existence if all of the sections in the SPV section are fulfilled. It is actually related to what you write above, but see below. Specifically Greg argued in the past that this section:
As such, the verification is reliable as long as honest nodes control the network, but is more
vulnerable if the network is overpowered by an attacker. While network nodes can verify
transactions for themselves, the simplified method can be fooled by an attacker's fabricated
transactions for as long as the attacker can continue to overpower the network. One strategy to
protect against this would be to accept alerts from network nodes when they detect an invalid
block, prompting the user's software to download the full block and alerted transactions to
confirm the inconsistency. Businesses that receive frequent payments will probably still want to
run their own nodes for more independent security and quicker verification.
means that all mentioned parts are mandatory to implement (especially of course before any on-chain scaling takes place). Whereas I read this section as clearly
optional, an outlook towards what could be done:
One strategy [...] would be [...]
Oh and note again: Initially, and when you start with the Core brainwashed-mindset in that section it sounds like attackers are those that arbitrarily and forever overpower the network (>50%):
... but is more vulnerable if the network is overpowered by an attacker.
However, if you read on, you find this:
can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network.
Emphasis mine.
It gets even more clear with the alerts part.
And SPV
as-is works fine when you wait until everything is deep down in the chain. Which basically means it has a different risk profile to 'full nodes', but that's something we knew all along.
Basically, an attacker to Satoshi is someone who mines a bad block or two, and can temporary, due to chance, get >50% of blocks. But clearly isn't in the long-term majority, with majority of HP and electricity available.
It also simply has to be that way, because with the majority of HP being against the system, it simply won't work.
Yes, in theory there could be a 'firing of the miners' if they misbehave in unison. But as
@Zangelbert Bingledack says, this makes the whole POW-security cryptocurrency concept questionable.
Some of us have been there or close to that in the darkest moments of "bigblockism" (around the HK consensus), but in the end most of us have been persistent enough to go on and help grow the sane side of HP.
And the Core trolls with their UASF fetish aren't the majority by any meaning of the word.
