Pages:
Author

Topic: Bitcoin instant transactions are less secure (Read 359 times)

member
Activity: 95
Merit: 10
August 26, 2021, 04:07:14 AM
#26
Instant transaction means that both parties will trust each other.
Without a third-party guarantee, if it is cheated, the chance of getting it back is not very high.
All transactions need to be careful.
legendary
Activity: 2268
Merit: 18771
Well, 1 confirmation is more than enough for even $100k now I guess as the network is quite more mature now.
The maturity of the network is irrelevant. There still exists a possibility of an attacker being able to reverse a 1 block deficit, even without 51% of the hashrate. Even an attacker with only 10% of the hash rate has a 20% chance of reversing a single confirmation. We still get stale blocks even without any active attacks on the network (although these rarely result in successful double spends, the possibility still exists). If $100k is small change to you, then sure, accept 1 confirmation. But if $100k is a significant amount of money to you, I'd be waiting for 3-6 confirmations.

I think that is one of the biggest problems that we re are facing with bitcoin, lets say you are a shop owner who is trying to make bitcoin a payment system, how do you go about accepting transactions, for goods do you wait for confirmations before giving the goods, do you demand you customers to pay higher transaction fees in order to speed up the transaction, or do you personally cover it
Credit card transactions do not result in money reaching the merchant for 3-5 working days, and can be reversed for 90-180 days after the transaction, and yet almost everywhere accepts credit card transactions because the majority of people are honest and will not try to scam. It is entirely reasonable for merchants to accept zero confirmations for transactions which are not that valuable, pay a reasonable fee, and are not opted in to RBF. If they are uncomfortable doing that, then they can open a Lightning channel.
sr. member
Activity: 1414
Merit: 283
As you know, each Bitcoin transaction usually takes a few seconds, and confirmation of the same transaction starts ten minutes after that. During this time, interaction is permitted and may also be reversible. Deceptive users try to cheat. If you can't wait for approval, request a small transaction fee or use the Unsafe Interactions Detection System, which can enhance security. For higher amounts, e.g. US$1,000, it makes sense to wait for 6 confirmations or more. Any confirmation can reduce the risk of reverse transactions exponentially.
I think that is one of the biggest problems that we re are facing with bitcoin, lets say you are a shop owner who is trying to make bitcoin a payment system, how do you go about accepting transactions, for goods do you wait for confirmations before giving the goods, do you demand you customers to pay higher transaction fees in order to speed up the transaction, or do you personally cover it, i feel like there is more work need to make paying for day to day things more efficient.
hero member
Activity: 1358
Merit: 851
The confirmations are very important for a reason, but I have never seen a bitcoin transaction reversed before. Maybe there are big companies, that runs wallet and owns a mining farm that may be able to do that, but I have not seen or heard that it was reversed before. That aside, the transaction fees that you’re paying for the transactions you’re making with bitcoin are what determines how fast your transaction is going to be. When you’re doing this transaction you have three options and the highest option there which is priority tries to make sure that your transaction is in the next block and gets confirmed immediately.
There's no reverse actually but there's double spend in which you can use the same input for creating two transactions where the later one (likely) will be confirmed as you are going to pay a higher fee for that transaction. Thus, the prior one is invalid and you can successfully have spent the same input twice. Well, 1 confirmation is more than enough for even $100k now I guess as the network is quite more mature now.
Which fee options are you talking about? I guess you are talking about blockchain wallet which is quite misleading in terms of the actual fee model. You generally pay fee per byte.
hero member
Activity: 2688
Merit: 588
As you know, each Bitcoin transaction usually takes a few seconds, and confirmation of the same transaction starts ten minutes after that. During this time, interaction is permitted and may also be reversible. Deceptive users try to cheat. If you can't wait for approval, request a small transaction fee or use the Unsafe Interactions Detection System, which can enhance security. For higher amounts, e.g. US$1,000, it makes sense to wait for 6 confirmations or more. Any confirmation can reduce the risk of reverse transactions exponentially.
The confirmations are very important for a reason, but I have never seen a bitcoin transaction reversed before. Maybe there are big companies, that runs wallet and owns a mining farm that may be able to do that, but I have not seen or heard that it was reversed before. That aside, the transaction fees that you’re paying for the transactions you’re making with bitcoin are what determines how fast your transaction is going to be. When you’re doing this transaction you have three options and the highest option there which is priority tries to make sure that your transaction is in the next block and gets confirmed immediately.
legendary
Activity: 2268
Merit: 18771
Furthermore (if I remember my maths correctly, but correct me if I'm wrong on this one) your calculation isn't ONLY for the probability of finding a block within 2 minutes of the previous block. It's also the probability that a block will be found in the NEXT 2 MINUTES, no matter how long you've already been waiting.  So, after 10 minutes of waiting since the most recently found block, there's still an 18.1% probability that the next block will show up in the NEXT 2 MINUTES. After an hour of waiting since the most recently found block, there's still an 18.1% probability that the next block will show up in the NEXT 2 MINUTES.
Everything you have written is correct, but I wanted to expand on this last point. The probability of the next 2 minutes is always the same, but the probability of a specific 2 minutes changes.

For example. Let's say I am interested in a block being mined between minutes 10 and 12. I calculate the probability of mining a block in the next 12 minutes, and I calculate the probability of mining a block in the next 10 minutes, and I subtract the two. The probability, then, of finding a block between minutes 10 and 12 works out to 6.7%.

However, by the time we get to the 10 minute mark, that probability is now 18.1%. Obviously this makes sense when you think about it, as every 2 minute bracket can't have a probability of 18.1%, or else we would rapidly end up with >100% chance.

Bitcoin mining is a memoryless process. It doesn't matter what came before - it is always 10 minutes on average until the next block.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
While i agree that the network is more volatile (mainly due to popularity of opt-in RBF), there are still few ways to accept 0-conf transaction. For example,
1. On casino, you can't withdraw your coin before all deposit have at least 1 confirmation.
Actually, I remember I used to hear that certain gambling sites were implementing this before but eventually stopped doing this. An attack vector for this would be to deposit funds > If loss = Double spend, else confirm. The tactic was exploited through GHash.io previously, but I recall there were more instances of this happening and eventually it was stopped altogether or at least available only for non-optinRBF Txes.

0-conf TXes at low amounts would still be feasible in the case that the attacker exposes their identity in the first place and makes it easy to persecute if needed. Else, then it really doesn't make sense and even with $3 TXes, I never had the chance to get instant TXes anymore.
legendary
Activity: 3514
Merit: 4895
So, as I said above, the probability of finding a block in 2 minutes is therefore 1-e-0.2 = 18.1%.

An interesting effect of the maths involved that MANY people get wrong is:

No matter how long you've been waiting for a block, if a block isn't found yet, you will always have an average of 10 more minutes to wait.
If a block has just been found, then the average wait until the next block will be 10 minutes.
If you've been waiting 5 minutes since the last block was found, then the average wait until the next block is found will be 10 minutes.
If you've been waiting 20 minutes since the last block was found, then the average wait until the next block is found will be 10 minutes.
If you've been waiting an hour since the last block was found, then the average wait until the next block is found will be 10 minutes.

Furthermore (if I remember my maths correctly, but correct me if I'm wrong on this one) your calculation isn't ONLY for the probability of finding a block within 2 minutes of the previous block. It's also the probability that a block will be found in the NEXT 2 MINUTES, no matter how long you've already been waiting.  So, after 10 minutes of waiting since the most recently found block, there's still an 18.1% probability that the next block will show up in the NEXT 2 MINUTES. After an hour of waiting since the most recently found block, there's still an 18.1% probability that the next block will show up in the NEXT 2 MINUTES.
legendary
Activity: 2268
Merit: 18771
and it's certainly that more blocks will be found shorter than 10 minutes or at least shorter than average time before most of difficulty retargets.
The average block time over the entirety of bitcoin's existence is actually 9 minutes 32 seconds. If you replace 600 with 572 in my equations above, they come very close to the observed rates.

If every transaction has an opt-in RBF, then chances are, there would be an inherent degree of risk to every of your transactions and it isn't sufficient cushioning for most merchants.
If every transaction was opted-in to RBF, then the only situation in which it would reasonable to accept zero confirmation transactions in my opinion would be situations where you trust the other party to make good on a promise. If you wouldn't accept an "IOU" or someone verbally telling you that they'll pay you at a later date, then you shouldn't accept a zero confirmation transaction from that person.

However, given that we've gotten so many off-chain solutions, I don't really think it is necessary for merchants to still be undertaking these risks with their transactions.
Completely agree. If you want to accept payments instantly or make payments instantly, then just open a Lightning channel. There are plenty of wallets out there now which will do all the heavy lifting so to speak for you if you really can't be bothered to open a channel yourself.

and was easily broken into by hackers
Bitcoin has never been "broken into by hackers".
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
If you're talking about 0-conf transaction, you should choose how much risk you're willing to accept. DannyHamilton posted brief idea about it.
I used to think heuristics are sufficient to prevent fraud but that isn't really that applicable as time goes by. If every transaction has an opt-in RBF, then chances are, there would be an inherent degree of risk to every of your transactions and it isn't sufficient cushioning for most merchants. Bitpay used to have a pretty neat zero-conf for loads of TXes but I haven't had it in the recent years. The network has become more volatile and unpredictable so losses from these zero-conf TXes are potentially going to occupy a larger percentage.

The risk is of course, relative and that the measures taken are all valid. However, given that we've gotten so many off-chain solutions, I don't really think it is necessary for merchants to still be undertaking these risks with their transactions.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
There is a slight skew away from "greater than 10 minutes" towards blocks being a bit faster than 10 minutes. This is due to the fact that the average block time is almost always under 10 minutes due to the constantly increasing hash rate.
It is due to the fact that the Bitcoin difficulty retarget (or adjustment) is set for each 2016 block (~ 14 days). Most of retargets in history are positive that is what you implied. Hashrate increases first, blocks within 14 days will be found faster than before, and it's certainly that more blocks will be found shorter than 10 minutes or at least shorter than average time before most of difficulty retargets.


legendary
Activity: 2268
Merit: 18771
From real data, it's what I get.
Perfect. Thanks for the verification.

We can use the formula I gave above to calculate the probability with a specific time frame as you have. So, for example, if we are interested in the 11 - 20s bracket, we would calculate the probability of finding a block within 20 seconds, the probability of finding a block within 10 seconds, and then subtract the two. Given this, then for the brackets you have used then numbers look like this:

Bracket
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
Actually, more often than you might think. Mining blocks is a Poisson process, and so the probability of finding a block within the next x seconds can be given by the equation:

1-e(-x/600)

I you set x to be 2 minutes (120 seconds), then you'll find that 18.1% of blocks, almost one fifth, are found within 2 minutes of the last block. To drop below the "1% of blocks" range, you have to lower your time limit to only 6 seconds.
From real data, it's what I get.



Details
All time
Code:
Summary for variables: blocktime_diff
     by categories of: blocktime_cat

blocktime_cat |         N      mean        sd       p50       p25       p75       min       max
--------------+--------------------------------------------------------------------------------
        <= 5s |    3838.0       2.8       1.6       3.0       1.0       4.0       0.0       5.0
      6 - 10s |    4686.0       8.1       1.4       8.0       7.0       9.0       6.0      10.0
     11 - 20s |   10849.0      15.6       2.8      16.0      13.0      18.0      11.0      20.0
     21 - 30s |   11593.0      25.6       2.9      26.0      23.0      28.0      21.0      30.0
     31 - 60s |   34761.0      45.3       8.7      45.0      38.0      53.0      31.0      60.0
    61 - 120s |   64745.0      89.7      17.4      89.0      74.0     105.0      61.0     120.0
   121 - 300s |  155702.0     205.2      52.0     202.0     160.0     249.0     121.0     300.0
   301 - 600s |  169268.0     437.6      85.8     431.0     362.0     510.0     301.0     600.0
       601+ s |  241486.0    1178.8    1213.4     992.0     762.0    1380.0     601.0  463160.0
--------------+--------------------------------------------------------------------------------
        Total |  696928.0     571.9     850.8     394.0     165.0     784.0       0.0  463160.0
-----------------------------------------------------------------------------------------------

2020
Code:
Summary for variables: blocktime_diff
     by categories of: blocktime_cat

blocktime_cat |         N      mean        sd       p50       p25       p75       min       max
--------------+--------------------------------------------------------------------------------
        <= 5s |     261.0       3.1       1.7       3.0       2.0       5.0       0.0       5.0
      6 - 10s |     323.0       8.1       1.3       8.0       7.0       9.0       6.0      10.0
     11 - 20s |     755.0      15.6       2.8      16.0      13.0      18.0      11.0      20.0
     21 - 30s |     964.0      25.7       2.9      26.0      23.0      28.0      21.0      30.0
     31 - 60s |    2789.0      45.1       8.7      45.0      37.0      53.0      31.0      60.0
    61 - 120s |    4693.0      89.7      17.6      89.0      74.0     105.0      61.0     120.0
   121 - 300s |   11373.0     205.8      51.9     203.0     161.0     250.0     121.0     300.0
   301 - 600s |   12705.0     438.8      85.9     433.0     364.0     511.0     301.0     600.0
       601+ s |   19359.0    1194.3     604.8    1009.0     770.0    1421.0     601.0    6790.0
--------------+--------------------------------------------------------------------------------
        Total |   53222.0     594.2     597.5     412.0     171.0     823.0       0.0    6790.0
-----------------------------------------------------------------------------------------------

2021
Code:
blocktime_cat |         N      mean        sd       p50       p25       p75       min       max
--------------+--------------------------------------------------------------------------------
        <= 5s |     161.0       3.1       1.6       3.0       2.0       5.0       0.0       5.0
      6 - 10s |     209.0       8.0       1.4       8.0       7.0       9.0       6.0      10.0
     11 - 20s |     471.0      15.6       2.9      16.0      13.0      18.0      11.0      20.0
     21 - 30s |     529.0      25.8       2.9      26.0      23.0      28.0      21.0      30.0
     31 - 60s |    1714.0      44.8       8.6      45.0      37.0      52.0      31.0      60.0
    61 - 120s |    2913.0      89.6      17.4      90.0      74.0     104.0      61.0     120.0
   121 - 300s |    6930.0     205.8      52.1     204.0     161.0     250.0     121.0     300.0
   301 - 600s |    7859.0     439.5      85.0     434.0     365.0     511.0     301.0     600.0
       601+ s |   12230.0    1217.5     650.8    1019.0     772.0    1440.0     601.0    8354.0
--------------+--------------------------------------------------------------------------------
        Total |   33016.0     609.7     626.3     422.0     173.0     836.0       0.0    8354.0
-----------------------------------------------------------------------------------------------
member
Activity: 94
Merit: 10


 Best secure tx method with full wallet control is Grin s tx style ,even prevents rookie users to send wrong adress.

https://medium.com/@brandonarvanaghi/grin-transactions-explained-step-by-step-fdceb905a853
legendary
Activity: 3248
Merit: 1402
Join the world-leading crypto sportsbook NOW!
As you know, each Bitcoin transaction usually takes a few seconds, and confirmation of the same transaction starts ten minutes after that. During this time, interaction is permitted and may also be reversible. Deceptive users try to cheat. If you can't wait for approval, request a small transaction fee or use the Unsafe Interactions Detection System, which can enhance security. For higher amounts, e.g. US$1,000, it makes sense to wait for 6 confirmations or more. Any confirmation can reduce the risk of reverse transactions exponentially.
Do you mean zero-confirmation transactions when you say 'instant' transactions? They are indeed unsafe and can be manipulated, but I think they're also the future of true global adoption (we just need to set a reasonable max limit for a transaction like this, and prosecute the cheaters when possible). That's because you don't need to wait, and you don't have to pay crazy fees, and these two are essential if we're dreaming of a future where you can pay with BTC at a supermarket. That being said, I've never seen anyone accept such transactions so far (at least one confirmation is a requirement for local exchanges I use, for instance).
legendary
Activity: 2268
Merit: 18771
-snip-
Your numbers are wrong and also irrelevant.

It doesn't matter who controls what hash power, as long as the total hash power is roughly the same as it was at the last difficulty retarget and so the average block time is still close to 600 seconds. If this is not the case, then you can adjust the numbers in the equation I gave above. We are considering the entire network here, not individual miners.

As I stated above, bitcoin mining is a Poisson process. You can read about this here: https://en.wikipedia.org/wiki/Poisson_point_process

You can model the distribution using the equation (as given on the linked page above):

P{N = n} = Λn * e / n!

If you take n to equal 0 (i.e. you won't find a block), and take lambda (Λ) to equal the number of blocks you would expect to find in a given time frame, then you can simplify that equation to

P = Λ0 * e / 0!
P = 1 * e / 1
P = e

Therefore, the probability of not finding a block when you would expect to find Λ blocks is equal to e. For example, the probability of not finding a block in 10 minutes, when you would ordinarily expect to find 1 block in 10 minutes, is e-1 = 36.8%

Given the equation P = e, then we can take the inverse to find the probability of finding a block: 1-P = 1-e. So the probability of finding a block in 10 minutes is 1-e-1 = 63.2%.

So, as I said above, the probability of finding a block in 2 minutes is therefore 1-e-0.2 = 18.1%.
member
Activity: 294
Merit: 28
Programmers and excutives of this currency haven't made stricter securities as a matter of fact . you could only safely purchase these coins but that doesn't guarantee them being 100% secured for now
legendary
Activity: 4424
Merit: 4794
Some times, in a same 14D period, two blocks can be found within seconds or a few minutes shorter than 10 mins. However, it does not happen too often.
Actually, more often than you might think. Mining blocks is a Poisson process, and so the probability of finding a block within the next x seconds can be given by the equation:

1-e(-x/600)

I you set x to be 2 minutes (120 seconds), then you'll find that 18.1% of blocks, almost one fifth, are found within 2 minutes of the last block. To drop below the "1% of blocks" range, you have to lower your time limit to only 6 seconds.

um no..
you really are going wrong alot this month

what it is, is this
imagine there are 20 pools
one with 15exa
nine with 5exa each
ten with 3 exa each

totalling 90exa

the big pool(15exa) can go through the entire nonce sequence in 50 minutes
the nine pools(5exa) each go through the nonce range in 150minutes each
the ten pools(3exa) each go through the nonce range in 500minutes each

the odds of big pool getting a block in 10 minutes is ~20%
the odds of one of the nine (5xa) is ~6.6%
the odds of one of the ten(3exa) is 4%

and it plays out like this (using excel and rand function)
block 1
pool 15exa  37                  (rand*50)
pool 5exa   147                  (rand*150)
pool 5exa   84                  (rand*150)
pool 5exa   127                  (rand*150)
pool 5exa   13                  (rand*150)
pool 5exa   49                  (rand*150)
pool 5exa   31                  (rand*150)
pool 5exa   113                  (rand*150)
pool 5exa   61                  (rand*150)
pool 5exa   93                  (rand*150)
pool 3exa   95                  (rand*250)
pool 3exa   28                  (rand*250)
pool 3exa   123                  (rand*250)
pool 3exa   21                  (rand*250)
pool 3exa   164                  (rand*250)
pool 3exa   224                  (rand*250)
pool 3exa   51                  (rand*250)
pool 3exa   82                  (rand*250)
pool 3exa   63                  (rand*250)
pool 3exa   211                  (rand*250)

block 2

pool 15exa   6

pool 5exa   52
pool 5exa   111
pool 5exa   109
pool 5exa   74
pool 5exa   59
pool 5exa   38
pool 5exa   22
pool 5exa   54
pool 5exa   128
pool 3exa   130
pool 3exa   172
pool 3exa   11
pool 3exa   64
pool 3exa   36
pool 3exa   140
pool 3exa   152
pool 3exa   225
pool 3exa   156
pool 3exa   50

and if you run it enough times you see that its no where even close to 18% of pools getting a block nearly at the same time.
what you do work out is the 'fastest first' of each block if you add it all up and average it over 2016 times is that the average works out as a block ~ every 10 minutes.
where by the big pool(15exa) gets more blocks on average than the other pools
legendary
Activity: 2268
Merit: 18771
Some times, in a same 14D period, two blocks can be found within seconds or a few minutes shorter than 10 mins. However, it does not happen too often.
Actually, more often than you might think. Mining blocks is a Poisson process, and so the probability of finding a block within the next x seconds can be given by the equation:

1-e(-x/600)

I you set x to be 2 minutes (120 seconds), then you'll find that 18.1% of blocks, almost one fifth, are found within 2 minutes of the last block. To drop below the "1% of blocks" range, you have to lower your time limit to only 6 seconds.
legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
As you know, each Bitcoin transaction usually takes a few seconds, and confirmation of the same transaction starts ten minutes after that. During this time, interaction is permitted and may also be reversible. Deceptive users try to cheat. If you can't wait for approval, request a small transaction fee or use the Unsafe Interactions Detection System, which can enhance security. For higher amounts, e.g. US$1,000, it makes sense to wait for 6 confirmations or more. Any confirmation can reduce the risk of reverse transactions exponentially.

Double spend attacks are no longer easy to carry out, and most sites already can detect the moment the spender tries to doublespend the coins. Even with RBF flagged sites will invalidate the original transactin.

I think these days even 1 confirmation is enough but most sites require just 3, I haven't seen 6 confirmations in a very long time now:)
Pages:
Jump to:
© 2020, Bitcointalksearch.org