Pages:
Author

Topic: Bitcoin snack machine (fast transaction problem) - page 4. (Read 55331 times)

legendary
Activity: 2142
Merit: 1010
Newbie
For small transactions, you actually don't need to wait for confirmations because chances someone will do a double spend for a chocolate bar are pretty small and if they would succeed it isn't a huge loss.

What if someone does it 1000 times in a row? It's digital world, almost anything can be easily replicated, especially algorithms.
hero member
Activity: 683
Merit: 500
For small transactions, you actually don't need to wait for confirmations because chances someone will do a double spend for a chocolate bar are pretty small and if they would succeed it isn't a huge loss.
newbie
Activity: 58
Merit: 0
The whole double spending issue from what I can see is that anyone can send out the same allotment of coins multiple times by using different clients with the same private key imported.

The only problem is only one of the recipients will get the confirmed one. so I still would not risk a zero confirm transaction, instead a vendor would work best if they had a micro-bank/escrow/prepayment service. Just for depositing 0.1btc in each day, which gets confirmed by the microbank/escrow/prepayment service and then when the transaction goes through, the vendor collects the fully guaranteed funds instantly.

So this is an opportunity for someone with high trust to create a prepayment service where franky1 suggests
Quote
why doesnt someone that wants to operate vending machine have a small service where people put in pocket amount of funds in per day while taking a shower in the morning EG 0.1BTC which get pre confirmed into the service. then the funds are ready to use throughout the day

and the balance is deducted when they scan qr codes from the vending machine.

then they can expand this pocket money service to also cater to a payment gateway for starbucks, 7-11 etc..

i wouldnt call it a bank i would call it more like a prepaid service. much like how people use oyster cards in london to pay for train tickets and other things.

I can see starbucks, vending machines, train stations, etc all taking on the prepayment service as their payment gateway
member
Activity: 85
Merit: 10
Fortune favors the bold and brave
Why doesn't someone who wants to operate vending machines also operate a mining rig that specifically prioritizes confirms from transactions from it's vending machines?  This way, it could release the goods immediately from receiving the btc and then expedite the confirmations thus minimizing risk of double spends.
Because you don't know how mining works  Roll Eyes

You have a point. After your comment, I realized there are probably a lot of things regarding bitcoin that I only have a cursory knowledge of.  So, I started to do some research to try and catch up.  Any response to help verify or dispute my understanding would be greatly appreciated.

The first thing I started with was the Satoshi original white paper. Something stood out to me, in section 8:

Quote
... Businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification.

This sounds very similar to what I was describing, except exchange miner with node.

So then, I thought to myself: well, what is the difference between a miner and a node? This is something I always assumed was the same thing.

But, AFAIK, it would seem that a business would be wise to run a node for speed and security. Wouldn't businesses do this in the future and wouldn't that in turn become a lot of the power of the network, even when there are no more block rewards.

To make it more effective, you would verify your own transactions faster than others. I suppose it would be difficult to single out transactions from their business; so like, confirm the vending machine transactions before others.  Would that be possible?  Could the miner single out transactions that are a certain value, technically?


legendary
Activity: 2142
Merit: 1010
Newbie
Merchants will easily accept the double spend risk.

$20 or less - 0 confirms (similar to no signature required on VISA/MC)
$20 - $300 - 1 confirm
$300+ - 6 confirms

How many confirms for 15 purchases $20 each ($300 total)? 0 or 6?
hero member
Activity: 630
Merit: 500
Merchants will easily accept the double spend risk.

$20 or less - 0 confirms (similar to no signature required on VISA/MC)
$20 - $300 - 1 confirm
$300+ - 6 confirms
legendary
Activity: 1310
Merit: 1000
Vending machines get robbed all the time, I don't think that the 4 people in the world who know how double spending is done properly will hurt the owners of the machine.







P.S. I know more than 4 people was being sarcastic.
P.S.S its no different than when you watch a video on youtube that shows a button combination that spits out money, and free drinks.
newbie
Activity: 39
Merit: 0
Haha, nice catch phrase for chronocoin: "The original bitcoin snack machine"
Jan
legendary
Activity: 1043
Merit: 1002
Maybe, but as far as I am aware, both the race attack and finney attack are theoretical.  Are there any examples of either being employing in the wild, that does not involve a contrived lab-like setup?  Has anyone, ever, posted on the forums with a "I've been double spended against!" with a credible story?  Online websites should only accept 6 confirms for instantly deliverable goods such as online data streaming, etc; (maybe not a movie, since a double spend simply cuts off the feed halfway through the movie) but meatspace transactions below a certain value are pretty safe.  It's technically simplier to fake a coin operated snack machine using slugs than to double-spend attack it for a bag of chips.

I would love to hear the SatoshiDice developer's take on this and pick his brain.
They (if any) have the experience in the field of accepting zero conf transactions.

How about this:
SD winners/loosers are determined by value of the TX hash and some secret (to be revealed the next day).
If I am among the first to relay a SD TX I can actually alter the TX hash without invalidating the TX (by for instance altering the DER encoding and yet not invalidate signatures) before relaying it to 1000+ nodes. This gives me a high probability of getting my altered TX into the block chain.
Which of the TX hashes should get the winnings if they are determining the outcome on zero confirmations? (No, I wouldn't gain anything from this myself other than the thrill as I wouldn't be able to change the inputs/outputs without invalidating the signatures)

A similar approach would probably confuse many services around as the two TXes would not be a double spend, but just a different variety of the same TX with a different hash.   
legendary
Activity: 1708
Merit: 1010
I apologize for the bump, but this has been done Cool
There's also a good (albeit too detailed for the average consumer) explanation of how it works in the video.
http://www.youtube.com/watch?v=pDOcLros-w0

How does the protection against double-spending work?

Is not needed. If it's done right, the vending machine itself doesn't run a BTC client, but receives a paid notification from the vending machine company server that runs the node and is located elsewhere, which would be a good protection against a race attack as you can't make sure miners get the double spend transaction first (the vending company node gets the double spend transaction before the "valid" one).

Therefore leafs only the Finney attack which requires a pool or very large miner to participate to even have a slight chance of success. Which is obviously to expansive to get a bag of popcorn for free.
Unfortunately there is a long distance between a "race attack" and a Finney attack.
1. Long chain of fee less unconfirmed truansactions challenged by one fat fee transaction sent directly to big miners
2. No 1 combined with a tx in midstrean with nlocktime.


No meatspace POS system shoudl ever accept any transaction that is not immediately lockable.  This should be obvious enough.  Snack machines shouldn't take IOU's.

Quote
3. One tx sent directly to snack server, conflicting tx sent to 1000+ nodes
The list goes on.
Protecting against zero confirmation transactions is a never ending battle, like spam mail. Attackers/defenders improve, you are never 100% certain.

Maybe, but as far as I am aware, both the race attack and finney attack are theoretical.  Are there any examples of either being employing in the wild, that does not involve a contrived lab-like setup?  Has anyone, ever, posted on the forums with a "I've been double spended against!" with a credible story?  Online websites should only accept 6 confirms for instantly deliverable goods such as online data streaming, etc; (maybe not a movie, since a double spend simply cuts off the feed halfway through the movie) but meatspace transactions below a certain value are pretty safe.  It's technically simplier to fake a coin operated snack machine using slugs than to double-spend attack it for a bag of chips.
legendary
Activity: 1708
Merit: 1010
why doesnt someone that wants to operate vending machine have a small service where people put in pocket amount of funds in per day while taking a shower in the morning EG 0.1BTC which get pre confirmed into the service. then the funds are ready to use throughout the day

and the balance is deducted when they scan qr codes from the vending machine.

then they can expand this pocket money service to also cater to a payment gateway for starbucks, 7-11 etc..

i wouldnt call it a bank i would call it more like a prepaid service. much like how people use oyster cards in london to pay for train tickets and other things.

You just described green addresses.
i think it is the solution to those kind of problem.

Otherwise i'll allways be able to give my private adress to 10 friends buy a snack, send a txt to them and they all go to buy a snack with the same private adress. If i send the txt message before buying the snack i can even get poeple using that private adress in china at the very same moment i use it in london so it might be very hard to be instant AND secure without green address.

A double spending attack is much harder, even while duping snack machines, than your scenario implies.  There are techniques for detecting a double spend attack while in progress that can be employed, none of which are necessary yet, and thus have not been implimented.  Several of which don't require any outside support for the snack machine, and provide no warning for anyone that does not have a sniffer on the machine's network connection.

A double spend attack is very timing dependent, and for practical reasons requires that all spend attemps hit the bitcoin network within 10 seconds of each other.  Good luck coordinating that in meatspace.
Jan
legendary
Activity: 1043
Merit: 1002
I apologize for the bump, but this has been done Cool
There's also a good (albeit too detailed for the average consumer) explanation of how it works in the video.
http://www.youtube.com/watch?v=pDOcLros-w0

How does the protection against double-spending work?

Is not needed. If it's done right, the vending machine itself doesn't run a BTC client, but receives a paid notification from the vending machine company server that runs the node and is located elsewhere, which would be a good protection against a race attack as you can't make sure miners get the double spend transaction first (the vending company node gets the double spend transaction before the "valid" one).

Therefore leafs only the Finney attack which requires a pool or very large miner to participate to even have a slight chance of success. Which is obviously to expansive to get a bag of popcorn for free.
Unfortunately there is a long distance between a "race attack" and a Finney attack.
1. Long chain of fee less unconfirmed truansactions challenged by one fat fee transaction sent directly to big miners
2. No 1 combined with a tx in midstrean with nlocktime.
3. One tx sent directly to snack server, conflicting tx sent to 1000+ nodes
The list goes on.
Protecting against zero confirmation transactions is a never ending battle, like spam mail. Attackers/defenders improve, you are never 100% certain.
legendary
Activity: 892
Merit: 1013
why doesnt someone that wants to operate vending machine have a small service where people put in pocket amount of funds in per day while taking a shower in the morning EG 0.1BTC which get pre confirmed into the service. then the funds are ready to use throughout the day

and the balance is deducted when they scan qr codes from the vending machine.

then they can expand this pocket money service to also cater to a payment gateway for starbucks, 7-11 etc..

i wouldnt call it a bank i would call it more like a prepaid service. much like how people use oyster cards in london to pay for train tickets and other things.

You just described green addresses.
i think it is the solution to those kind of problem.

Otherwise i'll allways be able to give my private adress to 10 friends buy a snack, send a txt to them and they all go to buy a snack with the same private adress. If i send the txt message before buying the snack i can even get poeple using that private adress in china at the very same moment i use it in london so it might be very hard to be instant AND secure without green address.
legendary
Activity: 1708
Merit: 1010
why doesnt someone that wants to operate vending machine have a small service where people put in pocket amount of funds in per day while taking a shower in the morning EG 0.1BTC which get pre confirmed into the service. then the funds are ready to use throughout the day

and the balance is deducted when they scan qr codes from the vending machine.

then they can expand this pocket money service to also cater to a payment gateway for starbucks, 7-11 etc..

i wouldnt call it a bank i would call it more like a prepaid service. much like how people use oyster cards in london to pay for train tickets and other things.

You just described green addresses.
legendary
Activity: 1232
Merit: 1001
I apologize for the bump, but this has been done Cool
There's also a good (albeit too detailed for the average consumer) explanation of how it works in the video.
http://www.youtube.com/watch?v=pDOcLros-w0

How does the protection against double-spending work?

Is not needed. If it's done right, the vending machine itself doesn't run a BTC client, but receives a paid notification from the vending machine company server that runs the node and is located elsewhere, which would be a good protection against a race attack as you can't make sure miners get the double spend transaction first (the vending company node gets the double spend transaction before the "valid" one).

Therefore leafs only the Finney attack which requires a pool or very large miner to participate to even have a slight chance of success. Which is obviously to expansive to get a bag of popcorn for free.

Also, real cool machine. This could be a great advantage for the snack industry as no money has to be stored on this machines if the machine doesn't contain any private keys, which would be unnecessary anyway.
legendary
Activity: 1456
Merit: 1010
Ad maiora!
Even better than an escrow, you just fund the beverage machine company itself.

Like this: you go to the company's website and send them 100 BC.  Then, they give you an ID.  They have plenty of time to get confirmations to build, and when you need a beverage you just use the ID they issued you and they debit it from your account.

5/10 - this prohibits "impulse sales" which are HUGE in snack and beverage industries.
legendary
Activity: 4424
Merit: 4794
why doesnt someone that wants to operate vending machine have a small service where people put in pocket amount of funds in per day while taking a shower in the morning EG 0.1BTC which get pre confirmed into the service. then the funds are ready to use throughout the day

and the balance is deducted when they scan qr codes from the vending machine.

then they can expand this pocket money service to also cater to a payment gateway for starbucks, 7-11 etc..

i wouldnt call it a bank i would call it more like a prepaid service. much like how people use oyster cards in london to pay for train tickets and other things.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Why doesn't someone who wants to operate vending machines also operate a mining rig that specifically prioritizes confirms from transactions from it's vending machines?  This way, it could release the goods immediately from receiving the btc and then expedite the confirmations thus minimizing risk of double spends.
Because you don't know how mining works  Roll Eyes
member
Activity: 85
Merit: 10
Fortune favors the bold and brave
Why doesn't someone who wants to operate vending machines also operate a mining rig that specifically prioritizes confirms from transactions from it's vending machines?  This way, it could release the goods immediately from receiving the btc and then expedite the confirmations thus minimizing risk of double spends.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
The problem with slow confirmations is because of a little amount of nodes. When Bitcoin will become somewhat popular, then you could get the confirmations much quicker (especially the ones in the limit of an ISP/city/region[or state]/country)
Wrong.
The word "confirmation" means "block"  Wink
Pages:
Jump to: