Topic: @MtGox Staff... when will mtgox change the number of confirmations? - page 2. (Read 3128 times)

That just sets up a scale for people to figure out how much they can get away with and calculate how long and how much capital it will take.

However 6 confirms isn't magically safe.  It isn't like 5 confirms = massive risk and then 6 confirms = impossible.

Lets assume the attacker has hashpower that equals 20% of the network. 

To reverse an unconfirmed transaction will be 100% successful if using a finney attack or 20% of the time by brute force.  Obviously too much of a risk for high value transactions.
To reverse 1 confirmation will be successful (0.2^2 ) 4% of the time.  An attacker could reverse roughly 1 in 25 deposits.  That likely is insufficient.
To reverse 2 confirmations will happen (0.2^3 ) 0.8% of the time.  An attacker could reverse roughly 1 in 125 deposits.  Pretty small attack vector but still plausible.
To reverse 3 confirmations will happen (0.2^4 ) 0.16% of the time.  An attacker could reverse roughly 1 in 625 deposits.  The attack is non-viable and very obvious*
To reverse 4 confirmations will happen (0.2^5 ) 0.032% of the time.  An attacker could reverse roughly 1 in 3125 deposits.  The attack is completely non-viable.

* With a 0.16% success rate the attacker would only reverse on average one in 625 deposits.  Given there are only 144 blocks per day the attacker would need to deposit a MASSIVE amount of funds every hour (24+ times per day) for an average of 4-5 days before being successful.   The signature would be very obvious.   The attacker will on average lose 625 blocks to orphans for every successful attack.  The lost blocks would be worth roughly $203,000.  So to yield a 30% bonus on that would require a $300,000 double spend.  Think it might be obvious someone with a level 3 verified account depositing and withdrawing $300K in BTC every hour for days and days?

MtGox 6 confirm policy is simply an anachronism.  Why 6?  Why not 60 to be super duper sure.  Satoshi never intended the #6 to have divine like powers.

I vote for 3 confirms on smaller btc deposits 

If its about the high amounts of transactions then why not make something like this:
up to 100btc per day 1 confirmation
up to 500btc per day 2 confs
...

When i think about... this hasnt to be per day... per hour is enough. Because after a hour you know if the previous transaction was fishy or not and you could allow more fast transactions.

Im not sure if highly verified users could help. I mean i can imagine that some people use voip-numbers, faked id and so on and then could misuse this.

But i think when its only about the height of transactions then small transactions doesnt need ultra high security.

I understand the need of 6 confirmations for bigger (XX XXX) transactions but it wouldn't hurt to change the number of confirmations to 1 or 2 for smaller transactions (<$1k).

If anything, I would propose the idea that highly verified customers should be allowed to use their MtGox balances to guarantee against double spending.

MtGox's exposure to a double spend is only what one could withdraw from their account, and the losses one could incur in trading.  If withdrawal is blocked pending confirmation, the exposure to trading could hardly be anywhere near the full balance.  What if every confirmed 1BTC in your Gox account gave you access to 2BTC in zero-confirmation-tradeable deposit?

If I have $1000 in my MtGox account and want to send $1000 more, let's say Gox lets me trade $2000 immediately, I just can't withdraw it.  If I were to double spend, Gox would rightfully lock my account.  Let's say they could liquidate my whole account for $1500 (assume bitcoins just took a dive).  They're still made whole, because the double spend was only $1000 to begin with.  I can't withdraw, so the coins aren't going anywhere.

This would double the value of leaving funds in Gox.  I could have the "benefit" of leaving $2x in my account, while only leaving $x there.

From what I understand double spending after even a single confirmation would be nearly impossible, but MtGox is willing to do big transactions. Transactions involving five digit numbers of bitcoins and six or more digit numbers of dollars. When transactions get that big, sometimes you have to take the safest route. Waiting for six confirmations may make things absurdly safe on their end, but they have to do it because any security failings can hit their reputation hard.

But as far as i read these 6 confirmations are giving nearly no more security. I mean waiting one hour for a digital payment is a big timeframe. Ok, its part of the network but if the waiting time is unneded long it isnt an argument for using bitcoins.

Anyway... i found a workaround but i still dont understand that the outcome of security <> time needed comes out to this result. But its your decision. Maybe im only wrong and the security gain is really worth to note.

This is why https://en.bitcoin.it/wiki/Confirmation, indeed it is "slow" but it is also 100% secure.

The classic bitcoin client will show a transaction as "n/unconfirmed" until 6 blocks confirm the transaction. Merchants and exchanges who accept bitcoins as payment can set their own threshold as to how many confirmations are required until funds can be considered valid. When potential loss due to double spending as nominal, as with very inexpensive or non-fungible items, payments can be considered confirmed as soon as it is seen on the network. Most exchanges and other merchants who bear the risk from double spending require 6 or more blocks.

If you are sending coins to another Mt.Gox Bitcoin account you can remove the needed 6 confirmations, but once again, from an Mt.Gox account to another one.

Looks really interesting. Thanks for the tip... if it works it would be a nice thing.

Iirc you can use smpake.com for 0confirm service.

Hello,

mtgox needs 6 confirmations until your btc are there. That means waiting a hour in average. Why doesnt mtgox change this to a lower value since more than 2 confirmations seems to bring nearly no more security.

I think its a hindrance for trading. Bitcoin is, even though its a internet currency, slow with one or 2 confirmations. But waiting 6 is even worse.

I hope that it will be considered.

Thanks!
Sebastian