Pages:
Author

Topic: Collaboration between pools could make accepting 0-confirmation transaction safe (Read 2368 times)

sr. member
Activity: 269
Merit: 250
Instead of saying your idea is wrong, maybe I can contribute to it.

One of the things gmaxwell pointed out was that mining pools may be around now but there is no guarantee they will be around later, in fact he thinks they probably won't. So depending on them as fundamental architecture is probably a bad idea all around.

But imagine miners (both solo and pools) included a IP:Port calling card in the coinbase of their block. The calling card would convey the message: I am a miner, you can contact me via udp directly at (ip:port), send me your transaction, and if it looks valid, I will give you a signed promise (signed by coinbase key) that I accept and plan to confirm this transaction.

One would know what percentage of the mining pool any given calling card represents just by the number of recent blocks containing it.

Someone wanting a miner commitment on a transaction would blast out that transaction via UDP to all of the miners whose calling cards appear in the last 1000 blocks.  That sounds extreme, but we're only talking a few hundred kilobytes total, with the total going to each miner being under 1-2KB.

By using UDP instead of TCP, one could blindly blast out a bunch of simultaneous requests into the internet on a "best effort" basis with low overhead, knowing most of them will arrive and many won't and that that's OK.  The responses would arrive the same way.

Either the sender or the recipient of a transaction could immediately contact thousands of miners with a blast of udp packets and rapidly get an accurate feel for how much mining power supporting the transaction has just by gauging the udp responses that come back within the following 10 seconds.

If it is a supermajority you have success.

Such could be the standard practice for accepting zero conf transactions.  It could be an excellent revenue generator for the mining community as a whole in the form of a for-pay service (example, all miners could stipulate that this UDP confirmation service is only available if transaction fee [in the transaction being zero-confirmed] is meets a far more generous criterion than the satoshi client minimum)

To address gmaxwell's rightfully placed fear that I could pay "you" and then use the premium service to pay the doublespend to myself... if getting zero-conf is a fee-based service paid by the payer, then "you" could demand, as a condition of giving me goods with zero conf, that I include a fee big enough to ensure that you can click a button in your client and enjoy the confirmation service yourself, prepaid.

I agree with you and the second part of gmaxwell's post, that my proposal brings more centralization, and that's not ideal. You are thinking about making 0-confirmation tnx accepted in decentralize or less centralized way, that would be great if it's possible. I see problems with your proposal, but I am not ready to discuss it yet.
legendary
Activity: 1106
Merit: 1004
I don't see this proposal adding any rule to the protocol. Miners are already free to try not to build on top of any block they don't want to. They should just be conscious that if they implement such thing as a "hard rule", they'll actually be forking the chain. So it'd better be a "soft rule".

There's no way to enforce miners to build on top of the longest chain.
member
Activity: 85
Merit: 10
Please keep in mind that the "valid block policy" only concerns blocks with "illegal" contents (double-spends concerning previous blocks, wrong signatures, syntax problems etc). There's no policy concerning which transactions a miner will accept, or on top of which block he'll mine.

but by adding another illegal content (the type of transaction i paid not to include) I'm effectively changing the valid block policy which isn't a good thing imho.
legendary
Activity: 1106
Merit: 1004
Adding to what Serith already said, one of the clauses of the contract could contain a limit of how many blocks deep the double-spend is. If it's deeper than X, then the miner would stop trying to counter it.

Please keep in mind that the "valid block policy" only concerns blocks with "illegal" contents (double-spends concerning previous blocks, wrong signatures, syntax problems etc). There's no policy concerning which transactions a miner will accept, or on top of which block he'll mine.
sr. member
Activity: 269
Merit: 250
Splits happen from time to time, that's not working against the network. Plus, why would you generate a block and pay the majority of the miners to overrun it? You'd be throwing away all the reward of the block by doing so.

But this split can go on for days. If I pay 50% of the miners and then release my double spend block the split will continue until the miners I paid build a longer chain because they will never accept the chain of the other miners who included my block.
By paying nodes not to include certain blocks we change their valid block policy you can't compare that to todays splits which are caused by block propagation lag.

There is couple ways to counter that, the most obvious is that every miner knows about pool-signed tnx, so everyone can make intelligent decision not to mine on chain that eventually would become orphan. Second, a pool can require that there must be at least 60%-70% percent behind the transaction in order to get signed by the pool. 
member
Activity: 85
Merit: 10
Splits happen from time to time, that's not working against the network. Plus, why would you generate a block and pay the majority of the miners to overrun it? You'd be throwing away all the reward of the block by doing so.

But this split can go on for days. If I pay 50% of the miners and then release my double spend block the split will continue until the miners I paid build a longer chain because they will never accept the chain of the other miners who included my block.
By paying nodes not to include certain blocks we change their valid block policy you can't compare that to todays splits which are caused by block propagation lag.
legendary
Activity: 1190
Merit: 1004
Well, in my country, robbers blow ATMs up with dynamite, get as much untainted cash as they manage to, and run away, all that in less than 2 min. AFAIK most of the time they're not caught.

So, yeah, you'd better protect yourself against double-spending! Wink
Lol what the hell kind of country is that!

A country I want to live in! Tongue
hero member
Activity: 815
Merit: 1000
Well, in my country, robbers blow ATMs up with dynamite, get as much untainted cash as they manage to, and run away, all that in less than 2 min. AFAIK most of the time they're not caught.

So, yeah, you'd better protect yourself against double-spending! Wink
Lol what the hell kind of country is that!

Lol, thief can engineer a double spend, but not wear gloves. Lucky for us!
I'm pretty sure print scanners today can tell if you are showing a print or nothing.


Anyway I'm not saying its impossible just that double-spends aren't that potent, maybe except for ATMs. (Which apparently are dynamited anyway)
sr. member
Activity: 269
Merit: 250
About the con that you mentioned:

If 50% of the network know about your contract and a solominer that doesn't mines on the longest chain, then he's wasting his work because all the major pools are still working on an older block.
So with your proposal you are bribing the major pools to work against the rest of the network if there's a double spend to your transaction. That doesn't sound like a good thing and it also decreases the income of the normal miners and lowers the overall security of the network.
That scenario would be extremely rare (only when someone makes a costly mistake) because it would be pointless to try to execute Finney attack and would make an attacker to only loose money by throwing away a good block in case he tries.

Hm I think it is. Let's say i pay the biggest pools to not accept double spends of my transaction. Then I create a block including the double spend and broadcast it. That will result in a network split were the miners i've paid are still mining on the old block and the miners i didn't pay will work on the new block because its a legal block.

I suppose the fee for such a guaranteed transaction shouldn't be too much which means that it's pretty cheap to split the network (well you still need some mining power but around 100Gh/s should be enough to cause one split a day)
Besides the fees you would also loose money from the valid block that you found. I did a quick math on that and in the end that strategy would make an attacker to pay more then the damage he made to solo miners.
legendary
Activity: 1106
Merit: 1004
Splits happen from time to time, that's not working against the network. Plus, why would you generate a block and pay the majority of the miners to overrun it? You'd be throwing away all the reward of the block by doing so.
member
Activity: 85
Merit: 10
It's not really "working against the rest of the network".

Hm I think it is. Let's say i pay the biggest pools to not accept double spends of my transaction. Then I create a block including the double spend and broadcast it. That will result in a network split were the miners i've paid are still mining on the old block and the miners i didn't pay will work on the new block because its a legal block.

I suppose the fee for such a guaranteed transaction shouldn't be too much which means that it's pretty cheap to split the network (well you still need some mining power but around 100Gh/s should be enough to cause one split a day)
legendary
Activity: 1246
Merit: 1016
Strength in numbers
ATMs have cameras and since cash is involved I am pretty sure you could in fact call the cops with some success.

The ATM might also say require your fingerprint, just in case!

Would YOU risk robbing an ATM with max 10. of a head start from the cops?

If your attack is detected make that head start smaller.


Even should you succeed you likely would get a maximum of 10k$, trivial compared to bitcoinicas loss and considering the expertise the thieves would have to posses. + your fingerprints are now on police file.

Lol, thief can engineer a double spend, but not wear gloves. Lucky for us!
legendary
Activity: 1106
Merit: 1004
About the con that you mentioned:
So with your proposal you are bribing the major pools to work against the rest of the network if there's a double spend to your transaction. That doesn't sound like a good thing and it also decreases the income of the normal miners and lowers the overall security of the network.

It's not really "working against the rest of the network". If they're really honest miners, they'll just replace the double-spend they're being payed to avoid. They can pretty well replicate all other honest transactions. At most there'll be a "blip" in the confirmation count of others.
legendary
Activity: 1106
Merit: 1004
ATMs have cameras and since cash is involved I am pretty sure you could in fact call the cops with some success.

The ATM might also say require your fingerprint, just in case!

Would YOU risk robbing an ATM with max 10. of a head start from the cops?

Well, in my country, robbers blow ATMs up with dynamite, get as much untainted cash as they manage to, and run away, all that in less than 2 min. AFAIK most of the time they're not caught.

So, yeah, you'd better protect yourself against double-spending! Wink
member
Activity: 85
Merit: 10
About the con that you mentioned:

If 50% of the network know about your contract and a solominer that doesn't mines on the longest chain, then he's wasting his work because all the major pools are still working on an older block.
So with your proposal you are bribing the major pools to work against the rest of the network if there's a double spend to your transaction. That doesn't sound like a good thing and it also decreases the income of the normal miners and lowers the overall security of the network.
hero member
Activity: 815
Merit: 1000
ATMs have cameras and since cash is involved I am pretty sure you could in fact call the cops with some success.

The ATM might also say require your fingerprint, just in case!

Would YOU risk robbing an ATM with max 10 min. of a head start from the cops?

If your attack is detected make that head start smaller.


Even should you succeed you likely would get a maximum of 10k$, trivial compared to bitcoinicas loss and considering the expertise the thieves would have to posses. + your fingerprints are now on police file.
legendary
Activity: 1106
Merit: 1004
Sure you could steal a micro-payment unlocked article that I would unlock with 0-conf. but then after 10 minutes I would ban your IP forever/call the cops and have lost a total of 0.01 BTC.

Banning IP and calling the cops is useless.
Of course, for a 0,01BTC tx the damage would be so trivial that the risk is also trivial, you can pretty much take it.

There are some use cases where 0-conf would be interesting and the damage caused by a double-spend would not be that trivial though. Take cash ATMs for instance. It would be annoying to wait for confirmation, but the ATM cannot risk a double-spend when giving cash away. Or imagine an ATM like this one: https://en.wikipedia.org/wiki/Gold_to_Go
hero member
Activity: 815
Merit: 1000
I'm not too worried about double spends; the time frame you have to run away with your product, the loops you have to jump through and the small amounts people will only accept with 0 confs... just not worth it.
Sure, you can't execute Finney attack for in store purchase, but for over internet purchase that's not a problem
Except its pretty easy as a website delaying anything significant (sending money/products) say 10 minutes. That pretty much destroys any double spend attack I have heard of.

Sure you could steal a micro-payment unlocked article that I would unlock with 0-conf. but then after 10 minutes I would ban your IP forever/call the cops and have lost a total of 0.01 BTC.
sr. member
Activity: 269
Merit: 250
I'm not too worried about double spends; the time frame you have to run away with your product, the loops you have to jump through and the small amounts people will only accept with 0 confs... just not worth it.
Sure, you can't execute Finney attack for in store purchase, but for over internet purchase that's not a problem, just wait until you found a block then automatically run a script that makes purchase on a website that accepts 0-confirmation transaction, and after transaction complete realize the block. I think insecurity of 0-confirmation transaction is the reason why there is so few places that accept it.

OP, in what is that better than Green Addresses?
In both models there's trust in a third party, and Green Addresses are probably cheaper (so far they're free, aren't them?)
Green Address model requires trust relationship between every merchant using it and a Green Address operator, and it's not scalable because too many Green Addresses from different operators would require from a merchant to maintain a list of trusted entities.
Unlike what I described that requires trust relationships between fixed number of people. Only pool operators would have to collaborate to make it work, and a merchant would only need to trust to single entity that consists from fixed number of pool operators, also it wouldn't require any additional code on a merchant side in order to start accepting 0-confirmation transactions.
legendary
Activity: 1106
Merit: 1004
OP, in what is that better than Green Addresses?
In both models there's trust in a third party, and Green Addresses are probably cheaper (so far they're free, aren't them?)

With the rise of asic mining making miners with single GPUs insignificant I expect to see mining move towards decentralized pooling techniques like p2pool, or the eligius memorypool mode.

P2Pool AFAIK requires the miner to have a full client. That's not scalable.
I don't know about this memorypool you talk about though.
Pages:
Jump to: