limikael (OP)
|
|
November 15, 2012, 12:48:45 PM |
|
Hello, I have been following bitcoin for quite a while but haven't really expressed myself here, so I'm still a newbie... But I had an idea for a service to speed up bitcoin transactions, and wanted to see if this was something that already existed, and if not, what you guys would think about it. For the sake of this discussion I'm using the name quickbit.com for this service. I'm deliberately choosing a name that is already registered but that has nothing on it. In the real world it would be called something else.. So it would work like this. Say that party A wants to pay some money to party B for the exchange of a good or service. Normally this takes 10 minutes or so to clear, or an hour if B wants to wait for 6 confirmations, so B will have to wait for that amount of time to deliver to A what A purchased. Imagine now the service quickbit.com, and party A could open an account with that service and deposit some money there. Now, if party A wants to pay party B some money, he/she would use an interface at quickbit.com to input party B's bitcoin address, and quickbit.com would start the transaction to party B. This transaction would take 10 minutes to confirm, just like any other transaction, but there would also be a receipt page generated for the transaction, say quickbit.com/receipt/123456 where the number is a reference number for the transaction. Party A can now give this URL to party B, and party B can visit the address to see that the transaction is on its way. On the receipt page it would show the amount being payed and to what bitcoin address, so party B would be able to see that it is the correct address. Party B can now immediately deliver the goods or service to party A, since the money is on it's way. Of course, this assumes that party B would trust the service quickbit.com, but it would be easy to see if previous transactions from quickbit.com were legit by verifying them with the blockchain. In the example above I'm describing party A and party B as two persons, and the receipt page as a webpage that someone actually looks at with their eyes. However, it would be easy to extend this to an automated service using an API. What do you think about this idea? Does it already exist? Btw... How many posts does it take to be "promoted" to the regular board?
|
|
|
|
payb.tc
|
|
November 15, 2012, 01:42:58 PM |
|
this already exists in the form of the 'satoshi client'. party B can already see that the money is 'on it's way', just by seeing it as an unconfirmed transaction in their client. you can even see unconfirmed transactions on http://bitcoincharts.com/bitcoin/txlist unless that page is timing out too much these days.
|
|
|
|
Rising
|
|
November 15, 2012, 02:22:27 PM |
|
Doesn't trusting unconfirmed transactions open one up to doublespending attacks?
As far as I understand it, you can send out two transactions for the same bitcoin, it's just that only one of them will be confirmed by the network.
|
189D6UeWNPjtzqzXWZuNcJokCYDEYSbciX
|
|
|
limikael (OP)
|
|
November 15, 2012, 03:29:25 PM |
|
Hm, no I think you are missing my point.
The point would be to first transfer the bitcoins to a third party service, and let the transactions confirm. So I transfer say 10 bitcoins to the third party service, so I charge my account there. Then, when I want to pay 1 bitcoin to address XYZ, I use a webinterface of the third party service to pay to XYZ. Then the owner of the address XYZ would be able to confirm with the third party service that my payment is on the way. The owner of address XYZ would then just have to trust the third party service to not double spend the bitcoins. And if that third party service would become a "recognized name", and if the business idea of that service would be to facilitate this kind of transactions, then that third party service could be trusted.
See what I mean?
|
|
|
|
Rising
|
|
November 15, 2012, 03:35:00 PM |
|
I get your point, I was replying to payb.tc and his assertion unconfirmed transactions are safe to consider as "paid".
Your plan is basically sound but as far as I see it depends on having a central clearinghouse for all transactions. So you'd need to put full trust in them, and they'd likely charge a fee for their service too. Bitcoin's idea is to move away from central clearinghouse and towards a peer-to-peer infrastructure.
So yes, it probably works, but it's not in the spirit of what most people are looking for in Bitcoin.
|
189D6UeWNPjtzqzXWZuNcJokCYDEYSbciX
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 15, 2012, 03:38:40 PM |
|
That already exists. It is called Green Addresses. MtGox has a green address for example. IF a merchant trusts MtGox not to double spend they can delivery on 0-confirm tx coming from MtGox green address. It hasn't really caught on though.
There are a couple of reasons: 1) if the tx is low value you likely don't need confirmations. Who is going to risk getting caught in a double spend for a $5 steam game? 2) if the tx takes longer than an hour to deliver you are waiting anyways (i.e. mailed goods) 3) if the tx can be revoked the merchant has no risk (i.e. MMORPG subscription, or poker room deposit)
So essentially the only people who are really hindered by confirmations are merchants who sell high value transactions which are delivered digitally and are irreversible. Despite the gnashing of teeth the reality is almost no commerce falls into the category except maybe exchanges.
|
|
|
|
Rising
|
|
November 15, 2012, 03:40:09 PM |
|
Who is going to risk getting caught in a double spend for a $5 steam game?
Depends. What is the consequence of getting caught doublespending, assuming no real names are attached to the address?
|
189D6UeWNPjtzqzXWZuNcJokCYDEYSbciX
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 15, 2012, 03:49:58 PM |
|
Who is going to risk getting caught in a double spend for a $5 steam game?
Depends. What is the consequence of getting caught doublespending, assuming no real names are attached to the address? The merchant keeps your money. If you have multiple games attached to a single account (aka steam) then steam bans your entire account (losing all prior purchased games). Bitcoin doesn't need to be 0 fraud, trying to make it 0 fraud is making "perfect" the enemy of "good". If Bitcoin has LESS fraud and LESS cost than credit cards it will rapidly displace that form of payment. I honestly think the "double spender" around every corner is way overblown. We routinely sell prepaid cellular refills and only require 1 confirmation and often give repeat customers the code after 0 confirms. How many people on the forum have been a victim of double spending? How many people of the forum have been a victim of CC/PayPal/ebay fraud (so called "friendly fraud")? Still if one is ultra-paranoid the system the OP described already exists. It is called a green address. If the funds come from a third party and you trust the third party then you can trust there is no double spend. In this case the largest such "trusted third party" is MtGox. Very few merchants check and deliver based on green addresses though. The risk really isn't there OR if the merchandise is very high value one is better off waiting for confirmations rather than trusting MtGox.
|
|
|
|
limikael (OP)
|
|
November 15, 2012, 03:57:12 PM |
|
That already exists. It is called Green Addresses. MtGox has a green address for example. IF a merchant trusts MtGox not to double spend they can delivery on 0-confirm tx coming from MtGox green address. It hasn't really caught on though.
There are a couple of reasons: 1) if the tx is low value you likely don't need confirmations. Who is going to risk getting caught in a double spend for a $5 steam game? 2) if the tx takes longer than an hour to deliver you are waiting anyways (i.e. mailed goods) 3) if the tx can be revoked the merchant has no risk (i.e. MMORPG subscription, or poker room deposit)
So essentially the only people who are really hindered by confirmations are merchants who sell high value transactions which are delivered digitally and are irreversible. Despite the gnashing of teeth the reality is almost no commerce falls into the category except maybe exchanges.
Ah I see, this makes sense. On a separate not however, when you talk about a poker room deposit, how is that not a risk? What if someone deposits some money into a poker room account and then loses all the bitcons to someone else, and then it turns out the coins were double spent?
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 15, 2012, 04:42:44 PM |
|
On a separate not however, when you talk about a poker room deposit, how is that not a risk? What if someone deposits some money into a poker room account and then loses all the bitcons to someone else, and then it turns out the coins were double spent?
True however the same can be done with credit cards and a chargeback is trivially easy compared to a double spend. Still I was thinking more along the lines of allowing a small amount of the funds available so the player can play the first couple hands while funds clear. Nobody does this but eventually I could see it as a competitive advantage. i.e. you deposit 100 BTC and the site grants you 5 BTC on 0-confirm and the rest once the funds confirm. You can start playing right away in SECONDS. The marketing aspect is IMHO worth the marginal risk. " Instant Play Poker Room. Pull up a chair and get dealt in within seconds!". Of course this assumes the merchant is well aware of double spend (and Finney Attack) risks. Sets up network connections to minimize the risk and actively checks for fraud. No one can't simply be "stupid" and hope for the best.
|
|
|
|
ercolinux
Legendary
Offline
Activity: 938
Merit: 1000
|
|
November 15, 2012, 04:46:47 PM |
|
So essentially the only people who are really hindered by confirmations are merchants who sell high value transactions which are delivered digitally and are irreversible. Despite the gnashing of teeth the reality is almost no commerce falls into the category except maybe exchanges.
You forgot brick 'n mortar shops: for a shop that sell in bitcoin is a risk to accept a 0 confirmation transaction, and wait 30-45 minutes for 3-4 confirm can be too long for costumer. This execption was rasied by a friend that has a cell phone shop to which I propose the bitcoin as payment form. He sell objects that can arrive easily at 300-500$ of value and he can't risk a double spend attack. But even a restaurant/pub can risk (a dinner for 4 can easily be over 100$). The ideal way will be IMHO to use an escrow based system: when you enter in the shop you transfer the money you think to spend to the address so it start to be confirmed, but transaction can be fixed only after you confirm the receipt of the goods (just before you leave). Is possible to implement that kind of escrow without rely on a third part. There is an example here: https://blockchain.info/wallet/escrowIn the example Bob is both the shop keeper and the third part , Alice the customer.
|
Bitrated user: ercolinux.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 15, 2012, 04:54:35 PM |
|
You forgot brick 'n mortar shops: for a shop that sell in bitcoin is a risk to accept a 0 confirmation transaction, and wait 30-45 minutes for 3-4 confirm can be too long for costumer. This execption was rasied by a friend that has a cell phone shop to which I propose the bitcoin as payment form. He sell objects that can arrive easily at 300-500$ of value and he can't risk a double spend attack. Does he accept credit cards? Does he wait 180 days before delivering goods? The ideal way will be IMHO to use an escrow based system: when you enter in the shop you transfer the money you think to spend to the address so it start to be confirmed, but transaction can be fixed only after you confirm the receipt of the goods (just before you leave). Agreed. One option is a green address. Escrow is another option. A third option is to get miners to bond transactions and thus allow the merchant to "stack the deck" if you will. A major pool(s) could post a bond (as in surety bond) and offer a contract to merchants guaranteeing their tx will not be replaced in any block the pool solves. Merchants can check if a tx is in the pool's memory pool and once the pool confirm it is, the pool guarantees that if they solve a block it will contain that tx. If the pool fails to live up to the guarantee it reimburses the merchant for its failure (hence the reason for posting a surety bond). Now a merchant might not be able to get a guarantee by 100% of hashing power but even a sizable fraction makes the low risk of a double spend even lower. In time you may even seen processing companies wrap all this up and simply insure the transaction (collecting profit between actual risk and the premium charged).
|
|
|
|
Rising
|
|
November 15, 2012, 05:01:26 PM |
|
What does SatoshiDice do to avoid doublespending attacks?
|
189D6UeWNPjtzqzXWZuNcJokCYDEYSbciX
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 15, 2012, 05:06:43 PM |
|
What does SatoshiDice do to avoid doublespending attacks?
It sends the same coins (plus winnings) back to the recipient in one tx. If you double spend your bet, you double spend your winnings too. Technically one could selectively only double spend only the losing bets. As I pointed out it is much much much harder than most people think to pull off a double spend against a properly hardened merchant. Against an uninformed merchant the chance is higher but I doubt SD has a non-optimal network configuration. The biggest threat against SD would be a Finney Attack but if it became a problem there is a small change they could make which would make that attack very difficult and risky for the attacker. I am sure that the SD developers are already aware of it. A D&T PSA: Before I leave this thread let me make it clear; one shouldn't casually dismiss the risk of a double spend. That wasn't my intent, rather each merchant should realize there is no one size fits all. A merchant doing millions a week in irreversible transactions is completely different than a brick and mortar shop which is different than a hypothetical Bitcoin vending machine selling candybars for bitcents. Still as a rule of thumb double spends are hard and low value tx are unlikely to be worth the effort. It probably is wise for new merchants to err on the side of caution but the "everyone needs 6 confirms" or they will be robbed overnight is just nonsense. It would be like saying all merchants need to wait 180 days before delivering goods paid by credit card. Sure that would be safe but it is overkill. Could you imagine how unpopular Steam would be if you could pay for a game today and it would unlock in six months?
|
|
|
|
ercolinux
Legendary
Offline
Activity: 938
Merit: 1000
|
|
November 15, 2012, 06:51:19 PM |
|
You forgot brick 'n mortar shops: for a shop that sell in bitcoin is a risk to accept a 0 confirmation transaction, and wait 30-45 minutes for 3-4 confirm can be too long for costumer. This execption was rasied by a friend that has a cell phone shop to which I propose the bitcoin as payment form. He sell objects that can arrive easily at 300-500$ of value and he can't risk a double spend attack. Does he accept credit cards? Does he wait 180 days before delivering goods? At least here in Italy, if you pay with a credit card in a shop you can't reverse the transaction: you sign the receipt and shop keeper check that the credit card is hold by the issuer checking a document of identity.
|
Bitrated user: ercolinux.
|
|
|
fido
Newbie
Offline
Activity: 8
Merit: 0
|
|
November 15, 2012, 07:20:15 PM |
|
Yes I think trusting unconfirmed transactions (or low confirmation transactions) opens up possibility of double spend attack depending on which blockchain the network ultimately agrees upon. Anyone care to elaborate?
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
November 15, 2012, 09:40:01 PM |
|
But even a restaurant/pub can risk (a dinner for 4 can easily be over 100$).
So let's say the merchant uses the Bitcoin.org client and has it properly configured (no incoming transactions, has an outgoing connection to a well-connected node). The success of a race attack double spend is maybe one in twenty (5%) (this is a wild ass guess, ... it is probably below an order of magnitude of that even.) So if I am a thief, I then have to buy 19 meals (at $100 each) in order to steal the 20th meal (using the unverified estimate that on average, one out of twenty attempts succeed). I think the restaurant might just encourage this practice, since margins at a restaurant are often much better than 5%. As far as the other double spending threat, the Finney Attack, an attempt of this for stealing from a restaurant doesn't work well. The thief can't wait for the restaurant to process the charge, instead the thief needs to have the timing down exactly. As soon as the miner has a block the thief then needs to get the merchant to process the payment in seconds and upon doing so the thief needs to runs off immediately as the merchant will discover the double spend seconds later. With the Finney attack, each second the miner holds onto the block costs just about ten dollars worth of bitcoins, so if this takes more than ten seconds the miner loses money in gaining a $100 food bill. And both of these are silly thought games anyway. Why wouldn't the thief just walk out the restaurant without paying rather than mess with this double spending approach? [Edit: On second thought, concerns about the risks are valid, just that they seem to be easily blown out of proportion because there is so little actual bricks-and-mortar types of activity so far to know which types of situations have risk and which don't.]
|
|
|
|
pinnpe
Full Member
Offline
Activity: 158
Merit: 100
DumBlinDeaf
|
|
November 15, 2012, 10:54:31 PM |
|
Hi limikael, With your solution there is a middle man, who probably want money for the service. (nobody wants a middleman) I'm just saying something without the full knowledge of how bitcoin works. But maybe bitcoin could be speed up, like they did with http://litecoin.org/It's strange that bitcoin got so much computing power and use it to solve a mathematical problem, while that power could be used to make transactions instantly, in my humble opinion.
|
|
|
|
limikael (OP)
|
|
November 17, 2012, 01:04:00 PM |
|
With your solution there is a middle man, who probably want money for the service. (nobody wants a middleman)
Yes that was kind of the idea, that someone would provide this kind of service and charge a fee for it. And the idea was then that people would think it was worth it, that the extra speed provided would be worth the fee, so the whole thing would be a business idea. But, well, reading the replies here and thinking about it a bit more I realize that it probably isn't the case. Also it is probably already built in to bitcoin from the start, because miners can earn a fee for confirming transactions. At least something like that, I'm not 100% sure how it works either... It's strange that bitcoin got so much computing power and use it to solve a mathematical problem, while that power could be used to make transactions instantly, in my humble opinion.
I agree. Maybe this will change with the coming reward drop from 50 BTC to 25 BTC for generated blocks, because it would be more profitable for miners to expedite transactions rather than mine new bitcoins. Could this be the case?
|
|
|
|
ercolinux
Legendary
Offline
Activity: 938
Merit: 1000
|
|
November 17, 2012, 03:03:57 PM |
|
It's strange that bitcoin got so much computing power and use it to solve a mathematical problem, while that power could be used to make transactions instantly, in my humble opinion.
I agree. Maybe this will change with the coming reward drop from 50 BTC to 25 BTC for generated blocks, because it would be more profitable for miners to expedite transactions rather than mine new bitcoins. Could this be the case? No, it will not: even if you pay a big transaction fee the block still come every 10 minutes (on average) so it tooks at least 10-20 minutes to have one confirm to the transaction. Only way to speed up blocks is to modify the protocol and mine 1 block every 5 minutes (halving the reward in consequence).
|
Bitrated user: ercolinux.
|
|
|
|