Author

Topic: Security of 0-confirmation transactions (Read 639 times)

member
Activity: 70
Merit: 10
July 16, 2012, 12:33:50 PM
#6
I'm wondering about the state of a transaction immediately after it is published to the network, before it has entered any block.


Your client will submit the transaction to all it's connected peers, which will each verify it against their own copy of the blockchain.  If they consider it valid, they will forward it to all of their connected peers, and so on.  Once they have seen a valid transaction that spends a particular set of coins, that peer will hang onto a copy of that transaction and reject any other transactions that it sees that tries to spend those coins again.  Thus, the best defense against a double spend with the regular client is simply having a few seconds advantage over any possible double spend attempt.  If you have an online store accepting bitcoins, it is too easy for an attacker to time the transactions, so it would help to use more sophisticated means of detection for online stores.  Brick-&-Mortor stores would have no problem, however, since timing the transactions while at a physical cash register is difficult by it's nature.  And Bitcoin aware Point-of-Sale systems have other tricks for reducing risk exposure here.

Quote

 Does Bitcoin make any attempt at all to prevent double-spending or reversal at this point? If not, are there any theoretically possible approaches?

In a sense, yes.  The two transactions must race to cover as much of the bitcoin network as possible before the other takes over a majority of the mining nodes; because the transaction with the greater percentage of mining nodes is more likely to be included in a block, and thus become the officially correct transaction.  The other will be orphaned forever.

Quote

If there's no protection, my worry is that Bitcoin really isn't as "instant" as it's often portrayed to be. If I meet someone to make a transaction, do I need to hang around and smalltalk for 10-20 minutes to wait for a block or two? I mean, to be honest, I really hate smalltalk.

It's not portrayed to be instant in all cases, but it can be pretty close.  Credit cards aren't instant at all, as they can be reversed up to 45 days later; they just appear to be instant because of all the user identification required.  If you are willing to identify yourself using bitcoin, these same tricks could apply.
sr. member
Activity: 444
Merit: 250
July 16, 2012, 02:33:34 AM
#5
Thanks for the feedback. Interesting possibilities with the scripting system, I hope something comes of that. It really is a hard nut to crack, but I think it needs to be addressed, because bitcoin has to be useful in an "immediate transaction" scenario such as at the cash register. Those places could easily turn to a centralized clearing house to protect against it, which defeats some of the point of bitcoin.

If I ever sell my house for bitcoin, alright, I'll wait around for six confirmations :-)
donator
Activity: 1218
Merit: 1079
Gerald Davis
July 15, 2012, 04:07:34 PM
#4
A double spend is when the attacker makes two transactions; one sending coins to you and another sending the same coins back to him.

The tx included in blockchain is the only one which matters.  That being said pulling off a double spend in meatspace is non-trivial.  Each node will ignore any double spend it encounters.  

So the attacker must:
a) ensure the victim sees the "good tx" of the pair first (or they will never see the good one).
b) ensure that a significant fraction of hashing power sees the "bad tx" of the pair first.
c) ensure the victim doesn't see the "bad tx" before the sale completes (just got busted double spending).

While it isn't impossible it is very difficult.  A cautious/smart merchant would run a modified verision of the bitcoin.  The merchant would establish a huge number of connections.  When it receives its "good tx" it would ignore it unless it came from a trusted node.  It also wouldn't relay the tx to any node.  By only accepting incoming tx from trusted nodes (major exchanges, major ewallets, major mining pools, other merchants, etc) the merchant would have some confidence that the "good tx" has been seen by a significant portion of the network.

This would greatly reduce the possibility that an attacker could accomplish a,b, c.  Bitcoin is somewhat unique in that fraud involves the attacker's own funds (unlike CC fraud where attacker has no "skin in the game").  That changes the risk vs reward balance.

It really depends on the amount of funds we are talking about.  Trading something in the real world to someone you know personally for a small amount of coins is totally different than trading 1,000+ BTC for irreversible funds online with an anonymous party.
newbie
Activity: 7
Merit: 0
July 15, 2012, 03:31:58 PM
#3
How would someone double spend exactly? Can someone explain how this would work please.
donator
Activity: 2058
Merit: 1054
July 15, 2012, 03:00:36 PM
#2
I'm wondering about the state of a transaction immediately after it is published to the network, before it has entered any block. Does Bitcoin make any attempt at all to prevent double-spending or reversal at this point? If not, are there any theoretically possible approaches?
I don't think the current Bitcoin clients are very proactive in detecting double-spends, but in theory, for casual transactions you can get very good security waiting a few seconds.

If you want absolute security instantly, that can also be achieved with more advanced uses of the Bitcoin scripting system (some of which are yet to be finalized), depending on the particular use case. The basic idea is that some of the work of securing a transaction can be done before the payment is actually made.
sr. member
Activity: 444
Merit: 250
July 15, 2012, 02:48:29 PM
#1
I'm wondering about the state of a transaction immediately after it is published to the network, before it has entered any block. Does Bitcoin make any attempt at all to prevent double-spending or reversal at this point? If not, are there any theoretically possible approaches?

If there's no protection, my worry is that Bitcoin really isn't as "instant" as it's often portrayed to be. If I meet someone to make a transaction, do I need to hang around and smalltalk for 10-20 minutes to wait for a block or two? I mean, to be honest, I really hate smalltalk.
Jump to: