Pages:
Author

Topic: Why 6 confirmations? (Read 1175 times)

full member
Activity: 126
Merit: 100
April 20, 2013, 11:40:24 PM
#24
Thank you for the information.  I had read in several places the idea of multiple confirmations being how to handle the idea of block racing (is that what it would be called?) but never connected the 25 BTC * $125 number to the cost of a block.

I appreciate your time.
sr. member
Activity: 364
Merit: 250
April 20, 2013, 10:34:22 PM
#23
yeah, people are also forgetting that the tx could just always appear in a later block.  there is no way to cancel a bitcoin tx.  bitcoin tx's are not tied to one block.  if your counter-party heard it off hte network, fairly safe bet most of the miners heard it.  so go ahead and generate your txless block.  your tx will just get dumped into a later block.  money = spent
legendary
Activity: 1512
Merit: 1036
April 20, 2013, 10:18:04 PM
#22
... (orphaned blocks worth $3,000 each).

Stupid question.  How did you assign the $3,000 value to an orphaned block?
25 BTC per block * $127.8 @ mtgox = $3195

An attempt to double-spend a one-confirmation block is an attempt to:

1. Identify a "sucker" that trusts 1 confirmation transactions,
2. Buy something unreversible (rare) that you receive in seconds or minutes,
3. Your transaction is included in a network block, you have one confirmation,
4. You need to independently create two blocks before the rest of the network creates one, or create three blocks before the rest of the network creates two, to replace the one-confirmation block with one of your own that sends the coins elsewhere.

The probability of being able to pull all these off is very low. #4 requires you to mine blocks that nobody else accepts if you fail, blocks that could have earned you 25 BTC.

You also must be able to afford many losing attempts to double spend - if you were buying something for 1000 BTC, you would be spending 1000 BTC multiple times before one double-spend attempt was able to refund you one of the 1000BTCs.

Satoshidice accepted 0 confirmations transactions which require 0 miner expense, had an instant reward payment, attackers only needed a 2% success rate to profit, and yet it was still difficult to pull off an attack.
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 20, 2013, 10:15:31 PM
#21
Found it:
https://bitcoil.co.il/Doublespend.pdf

If we assume the attacker will have no more than 20% of network hashpower then 3 confirms is sufficient to protect a transaction of up to 763 BTC (~$95,000).

There are times when 6 (or even more) confirmations are necessary however I think at this point the 6-confirms have evolved into religious dogma.  I (personally) had a seller unwilling to transfer a steam game ($5 value) until it had 6 confirms.  For me to even attempt a 1-confirm reversal with say 10% of the network hashing power would have cost me ~$48,000.  That means even if the steam game was $48,000 in the long run I would only break even trying to double spend all 1-confirm attempts.

Of course the 6 confirm "dogma" leads to the "bitcoin is too slow" dogma because everyone "knows" you can't sell a $0.99 candybar without 6 confirms and 6 confirms takes on average 60 minutes (and occasionally could take 2+ hours).
sr. member
Activity: 364
Merit: 250
April 20, 2013, 10:13:08 PM
#20
... (orphaned blocks worth $3,000 each).

Stupid question.  How did you assign the $3,000 value to an orphaned block?

Solved block = 25 BTC reward * $120/BTC ~ $3,000

An attacker must go back and rework the block that just posted and remove the transaction he's trying to double spend. he must get lucky beating the rest of the network which is ahead and working on a block solution on top of the old block.

Chances are attacker never catches up and any blocks he did find become orphaned (never adopted b/c he's just too slow).  That compute power could have been used to score a real block by building on the valid block.  Cost is 25 btc per fake block you waste time trying to build.  Satoshi figured if you have 10% of the network hash power (which is A LOT) there is a less that 0.1% you could do this if you tried going back 5 blocks.  That is use 10% of the has power to score 6 blocks before the other 90% could score just 1.
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 20, 2013, 10:12:57 PM
#19
... (orphaned blocks worth $3,000 each).

Stupid question.  How did you assign the $3,000 value to an orphaned block?

Its not a stupid question.  A miner who can produce a double spend block can also potentially just produce a "legit" block.  25 BTC * $120 = ~$3,000 per block.  There is a real COST for a miner to attempt (with <51% of hashpower) to extend an alternate chain.  The risk is that the rest of the network builds a longer chain and not only does the miner not successfully double spend any blocks produced in the attempt become worthless as orphans.

That cost is what gives the network security.  That cost also means that waiting 6 confirms before transfering a $20 game about as silly as keeping a 1 oz gold bullion in a $50,000 safe guarded 24/7 by fully armed security detail. 
full member
Activity: 126
Merit: 100
April 20, 2013, 10:03:59 PM
#18
... (orphaned blocks worth $3,000 each).

Stupid question.  How did you assign the $3,000 value to an orphaned block?
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 20, 2013, 09:34:22 PM
#17
Only one confirmation is risky.
Cryptocurrency, being a peer-to-peer supported commodity, has to have more than 1 valid opinion in order to be accepted network-wide.
And 6 confirmations isn't that long IMO.

Once again there is no one size fits all.  If you are selling $20 steam games 1 confirm is likely plenty.  An attacker is taking a significant risk attempting to double spend, the risk is in potentially orphaned blocks.  Blocks have economic value and someone with TH/s of computing power has real costs.  The benefit of a double spend ($20 game stolen) is outweighed by the cost of failing (orphaned blocks worth $3,000 each).
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 20, 2013, 09:32:07 PM
#16
3 confirms in what coin ?

Bitcoin.  Meni posted a whitepaper of confirmation security.  For most transaction values 6 confirms is an overkill.  Satoshi never indicated 6 confirms has some magical significance.  Merchants should set confirmation policies based on the likelihood of an attack and the potential value lost if an attack is successful. 
full member
Activity: 122
Merit: 100
April 20, 2013, 08:44:47 PM
#15
Only one confirmation is risky.
Cryptocurrency, being a peer-to-peer supported commodity, has to have more than 1 valid opinion in order to be accepted network-wide.
And 6 confirmations isn't that long IMO.
newbie
Activity: 6
Merit: 0
April 20, 2013, 07:02:58 PM
#14
3 confirms in what coin ?
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 20, 2013, 06:57:14 PM
#13
We only require three confirms.
newbie
Activity: 22
Merit: 0
April 20, 2013, 01:58:51 PM
#12
Great info
newbie
Activity: 6
Merit: 0
April 20, 2013, 01:49:46 PM
#11
all the system was designed to be extremly secure.
lets stay like that..

there are also other coins with less security
legendary
Activity: 3472
Merit: 4801
April 20, 2013, 01:43:47 PM
#10
Better to be safe than sorry.

+1, love this adverb.

Which adverb?

I see:

  • Implied subject/noun (It)
  • Implied verb (is)
  • Adjective (better)
  • Infinitive (to be)
  • Adjective (safe)
  • Preposition (than)
  • Implied infinitive (to be)
  • Adjective (sorry)

Am I missing something?  Where's the adverb?
legendary
Activity: 1036
Merit: 1001
/dev/null
April 20, 2013, 12:22:01 PM
#9
Better to be safe than sorry.

+1, love this adverb.
full member
Activity: 252
Merit: 100
April 20, 2013, 12:12:55 PM
#8
There are a million threads answering this question
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
April 20, 2013, 12:10:13 PM
#7
No, why?
newbie
Activity: 22
Merit: 0
April 20, 2013, 12:01:56 PM
#6

In the future that means it will be necessary more confirmations than 6 ?

thnx.
legendary
Activity: 1512
Merit: 1036
April 20, 2013, 11:54:31 AM
#5
It is a point where the probability of an attacker being able to "cancel" the transaction by replacing blockchain blocks is remote. The original Bitcoin whitepaper has related statistics.

http://we.lovebitco.in/bitcoin-paper/#ch11

Code:
P < 0.001
q=0.10   z=5

which means:
Blocks needed before a less than 0.1% chance a 10% hashrate attacker could double-spend: 5
Pages:
Jump to: