[Felz]

I feel like proof of work blockchains don't actually solve the problem of "who to trust". Nodes just automatically assign trust to whoever mined the best hash that they know of, which turns out to be whoever holds the most mining power.

But not even that: If you're in China and the original blockchain is censored and all your node will ever see is the StateChain, you have misplaced your trust.

[phlip9]

In a proof-of-work chain, the fundamental trust assumption is that no malicious mining collusion holds more than 50% of the hash power. If you can make this assumption, your security holds as long as you manage to obtain the most recent block with some frequency (usually at least every 6 blocks ~ 1 hour). Of course, if someone manages to MITM attack you, they can mine blocks and feed them to you in order to double spend on you, for example. One way to accomplish this would be to engineer an Eclipse attack [1].

However, as long as you have any source for the most recent block that the MITM does not control, they cannot trick you into following a shorter chain. In other words, as long as any side-channel (malicious or otherwise) posts blocks, you can always follow the longest chain. The Blockstream Satellite [2] was created for this reason -- so that nodes always have a reliable side-channel separate from the bitcoin protocol to verify blocks coming from the bitcoin network. Alternatively, some nodes check Tor mirrors, which should be difficult for adversaries to control.

[1] https://eprint.iacr.org/2015/263.pdf [2] https://blockstream.com/satellite/