I'd like to get a discussion going regarding how SPV clients for Bitcoin and Bitcoin-like systems can be built into Ethereum. This is something that I've read Vitalik mention, but have never seen fleshed out.
My understanding of how this would work would to be something like:
1) A contract is created that has the hash of the relevant genesis block hard coded into it. The contract stores the genesis header into its memory.
2) Anybody who wants to can send this contract a transaction with a block header in the payload.
3) The contract looks up the prevBlockHash contained in the new header to see if it is exists in memory.
4) If the previous header exists, the contract stores the new header along with the cumulative difficulty of the chain
5) The contract maintains metadata about which chain is the "longest", difficulty-wise
Now anyone who wants to prove to a different contract that a Bitcoin transaction has confirmed will need to create an Ethereum transaction with data containing the block header hash and the Merkle branch leading to the transaction. The receiving contract can verify the bitcoin transaction by directly accessing the stored memory of the SPV contract. This means that costs for transaction verification are borne only by the person or contract who is interested in proving the transaction.
Maintaining the SPV client with the most recent blocks is more of a public service. It would be so useful that it could probably survive off of volunteers relaying block headers, but also anyone who wants to prove their transaction exists will have an incentive to keep the headers up to date.
I'm not sure under what circumstances contracts will actually want to *publish* bitcoin transactions since I don't know how private keys could be securely store online. I imagine that SPV client could accept signed bitcoin transactions and store them temporarily in a known memory location. In theory, the bitcoin fees would be an incentive for miners to monitor this memory location and include any transaction founds. Additionally the sender could provide an ether bounty for the first person to prove via SPV that the transaction was included in a block in the longest chain.