From: Gareth Williams <gacrux@gmail•com>
To: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] 0 confirmation txs using replace-by-fee and game theory
Date: Fri, 25 Apr 2014 23:38:06 +1000 [thread overview]
Message-ID: <535A653E.1060902@gmail.com> (raw)
In-Reply-To: <CANEZrP2FJ8m-kKeLiEZw-hb9teeVXay0FqzsJ0wJTtbNABetpA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1997 bytes --]
On 25/04/14 20:19, Mike Hearn wrote:
> You don't get any money back, but you do get an angry shopkeeper chasing
> you down the street / calling the police / blacklisting you from the
> store.
>
>
> If they could do that they'd just take the stolen property back and you
> would have failed to spend your money twice. So this is by definition,
> not a successful double spend. We are worried about the cases when you
> could successfully double spend, and the only thing stopping you is Bitcoin.
You might not succeed in catching them, but however small the risk of
getting caught is, they're taking that risk for an assured zero gain.
Any rational attacker would therefore not bother.
I think it's a very elegant solution to the typical "broadcast double
spend" attack. Of course it unfortunately does nothing to stop a
dishonest mining pool from secretly working on your double spend for a
fee. But that breaks down to:
* trade first and hope the dishonest pool finds the next block
* the dishonest pool finds and withholds the block while you trade
We can discount the second one entirely - the orphan risk makes it very
expensive to execute, and people are typically accepting zero-conf for
low value items like cups of coffee. For high value items it is probably
reasonable (and hopefully common practice?) to wait for a block.
So we're left with the first situation. As others have noted, given a
dishonest pool with 5% total hashrate, a dedicated attack is out (unless
you want to end up actually buying goods to 20x the value of the attack
in the process.)
That leaves the opportunists, who press the "attempt to take-back 70% of
this transaction" (remember the pool gets their cut) every time they buy
a coffee and very occasionally get lucky. They're the only unsolvable
problem I can see here. It remains to be seen how many such opportunists
we'll end up with, or how much hashrate the dishonest pool can actually
attract.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
next prev parent reply other threads:[~2014-04-25 13:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-24 10:48 Jorge Timón
2014-04-24 11:54 ` Mike Hearn
2014-04-24 12:07 ` Chris Pacia
2014-04-24 12:15 ` Mike Hearn
2014-04-24 14:49 ` Jorge Timón
2014-04-24 15:45 ` Mike Hearn
2014-04-24 17:13 ` Jannis Froese
2014-06-19 3:47 ` Isidor Zeuner
2014-04-25 4:51 ` Gareth Williams
2014-04-25 10:19 ` Mike Hearn
2014-04-25 13:38 ` Gareth Williams [this message]
2014-04-24 12:59 ` Peter Todd
2014-04-24 14:20 ` Jorge Timón
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=535A653E.1060902@gmail.com \
--to=gacrux@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox