RCasatta/gist:31addef5e610666953144f51ad72b227

## gistfile1.txt
The following is a proposal to expose SPV validation.

gdk-electrum has SPV validation for:

- bitcoin: headers chain is downloaded verified and saved in a flat file, tx proof is downloaded for every wallet tx, and checked against the headers.
- liquid: no need to download the chain, tx proof is downloaded, the header of the block containing the tx is downloaded, the proof is checked against the Merkle root in the header, script, and challenge of the header are verified

This functionality must be exposed (so we can SPV validate on ios and remove bitcoinj on android), for liquid is quite easy since it is not required to download the headers chain which is done in a thread in gdk-electrum (this may change with dynafed). Running a thread without a session is problematic (because you don't know if you need to close it), for this reason, I was thinking an interface like the following:

```
fn spv_verify_tx(input: SPVVerifyTx) -> SPVVerifyResult { ... }

pub struct SPVVerifyTx {
    pub txid: String,
    pub height: u32,
    pub path: String,    // directory needed for bitcoin headers chain, (one file per network is created), if more wallets coexist (eg gdk-electrum and green) they could share the same headers chain
    pub network: JSON,   // same as in network-parameters needed to discriminate network: mainnet, testnet, regtest, liquid, elementsregtest and also for the electrum server URL
    pub tor_proxy: Option<String>   // TBD
    pub headers_to_download: Option<usize>, // defaults to 2016, useful to set for testing
    pub encryption_key: String,
}

pub enum SPVVerifyResult {
    CallMeAgain,
    Verified,
    NotVerified,
}
```

the method `spv_verify_tx` is blocking, it checks local header chain height if it is higher than the tx height it asks the proof to the electrum server and replies `Verified` or `NotVerified` (~~caller must cache the reply to avoiding other requests~~ cache added at the callee side, however there are privacy concern because saved in clear). If the header chain height is lower than the tx height it asks the Electrum server 2016 blocks (max possible) and returns `CallMeAgain`.

This way threading model responsibility is at the caller side.

Note: wallet txs are exposed other than to the green server also to the electrum server
	The following is a proposal to expose SPV validation.

	gdk-electrum has SPV validation for:

	- bitcoin: headers chain is downloaded verified and saved in a flat file, tx proof is downloaded for every wallet tx, and checked against the headers.
	- liquid: no need to download the chain, tx proof is downloaded, the header of the block containing the tx is downloaded, the proof is checked against the Merkle root in the header, script, and challenge of the header are verified

	This functionality must be exposed (so we can SPV validate on ios and remove bitcoinj on android), for liquid is quite easy since it is not required to download the headers chain which is done in a thread in gdk-electrum (this may change with dynafed). Running a thread without a session is problematic (because you don't know if you need to close it), for this reason, I was thinking an interface like the following:

	```
	fn spv_verify_tx(input: SPVVerifyTx) -> SPVVerifyResult { ... }

	pub struct SPVVerifyTx {
	pub txid: String,
	pub height: u32,
	pub path: String, // directory needed for bitcoin headers chain, (one file per network is created), if more wallets coexist (eg gdk-electrum and green) they could share the same headers chain
	pub network: JSON, // same as in network-parameters needed to discriminate network: mainnet, testnet, regtest, liquid, elementsregtest and also for the electrum server URL
	pub tor_proxy: Option<String> // TBD
	pub headers_to_download: Option<usize>, // defaults to 2016, useful to set for testing
	pub encryption_key: String,
	}

	pub enum SPVVerifyResult {
	CallMeAgain,
	Verified,
	NotVerified,
	}
	```

	the method `spv_verify_tx` is blocking, it checks local header chain height if it is higher than the tx height it asks the proof to the electrum server and replies `Verified` or `NotVerified` (~~caller must cache the reply to avoiding other requests~~ cache added at the callee side, however there are privacy concern because saved in clear). If the header chain height is lower than the tx height it asks the Electrum server 2016 blocks (max possible) and returns `CallMeAgain`.

	This way threading model responsibility is at the caller side.

	Note: wallet txs are exposed other than to the green server also to the electrum server