Bitcoin Forum
November 10, 2024, 12:37:02 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: @MtGox Staff... when will mtgox change the number of confirmations?  (Read 3103 times)
SebastianJu (OP)
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
November 28, 2012, 12:39:57 AM
 #1

Hello,

mtgox needs 6 confirmations until your btc are there. That means waiting a hour in average. Why doesnt mtgox change this to a lower value since more than 2 confirmations seems to bring nearly no more security.

I think its a hindrance for trading. Bitcoin is, even though its a internet currency, slow with one or 2 confirmations. But waiting 6 is even worse.

I hope that it will be considered.

Thanks!
Sebastian

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
November 28, 2012, 01:39:32 PM
 #2

Iirc you can use smpake.com for 0confirm service.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
SebastianJu (OP)
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
November 28, 2012, 02:27:11 PM
 #3

Iirc you can use smpake.com for 0confirm service.

Looks really interesting. Thanks for the tip... if it works it would be a nice thing.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
Mt.Gox_Alex
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
December 10, 2012, 07:26:19 AM
 #4

Hello,

mtgox needs 6 confirmations until your btc are there. That means waiting a hour in average. Why doesnt mtgox change this to a lower value since more than 2 confirmations seems to bring nearly no more security.

I think its a hindrance for trading. Bitcoin is, even though its a internet currency, slow with one or 2 confirmations. But waiting 6 is even worse.

I hope that it will be considered.

Thanks!
Sebastian

This is why https://en.bitcoin.it/wiki/Confirmation, indeed it is "slow" but it is also 100% secure.

The classic bitcoin client will show a transaction as "n/unconfirmed" until 6 blocks confirm the transaction. Merchants and exchanges who accept bitcoins as payment can set their own threshold as to how many confirmations are required until funds can be considered valid. When potential loss due to double spending as nominal, as with very inexpensive or non-fungible items, payments can be considered confirmed as soon as it is seen on the network. Most exchanges and other merchants who bear the risk from double spending require 6 or more blocks.

If you are sending coins to another Mt.Gox Bitcoin account you can remove the needed 6 confirmations, but once again, from an Mt.Gox account to another one.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions :   Now Available!
SebastianJu (OP)
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
December 11, 2012, 12:46:39 AM
 #5

But as far as i read these 6 confirmations are giving nearly no more security. I mean waiting one hour for a digital payment is a big timeframe. Ok, its part of the network but if the waiting time is unneded long it isnt an argument for using bitcoins.

Anyway... i found a workaround but i still dont understand that the outcome of security <> time needed comes out to this result. But its your decision. Maybe im only wrong and the security gain is really worth to note.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
Atruk
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
December 11, 2012, 01:21:52 AM
 #6

But as far as i read these 6 confirmations are giving nearly no more security. I mean waiting one hour for a digital payment is a big timeframe. Ok, its part of the network but if the waiting time is unneded long it isnt an argument for using bitcoins.

Anyway... i found a workaround but i still dont understand that the outcome of security <> time needed comes out to this result. But its your decision. Maybe im only wrong and the security gain is really worth to note.

From what I understand double spending after even a single confirmation would be nearly impossible, but MtGox is willing to do big transactions. Transactions involving five digit numbers of bitcoins and six or more digit numbers of dollars. When transactions get that big, sometimes you have to take the safest route. Waiting for six confirmations may make things absurdly safe on their end, but they have to do it because any security failings can hit their reputation hard.

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 11, 2012, 01:40:04 AM
 #7

If anything, I would propose the idea that highly verified customers should be allowed to use their MtGox balances to guarantee against double spending.

MtGox's exposure to a double spend is only what one could withdraw from their account, and the losses one could incur in trading.  If withdrawal is blocked pending confirmation, the exposure to trading could hardly be anywhere near the full balance.  What if every confirmed 1BTC in your Gox account gave you access to 2BTC in zero-confirmation-tradeable deposit?

If I have $1000 in my MtGox account and want to send $1000 more, let's say Gox lets me trade $2000 immediately, I just can't withdraw it.  If I were to double spend, Gox would rightfully lock my account.  Let's say they could liquidate my whole account for $1500 (assume bitcoins just took a dive).  They're still made whole, because the double spend was only $1000 to begin with.  I can't withdraw, so the coins aren't going anywhere.

This would double the value of leaving funds in Gox.  I could have the "benefit" of leaving $2x in my account, while only leaving $x there.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1724



View Profile
December 11, 2012, 01:44:28 AM
 #8

I understand the need of 6 confirmations for bigger (XX XXX) transactions but it wouldn't hurt to change the number of confirmations to 1 or 2 for smaller transactions (<$1k).

Signature space available for rent.
SebastianJu (OP)
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
December 11, 2012, 02:03:56 AM
 #9

If its about the high amounts of transactions then why not make something like this:
up to 100btc per day 1 confirmation
up to 500btc per day 2 confs
...

When i think about... this hasnt to be per day... per hour is enough. Because after a hour you know if the previous transaction was fishy or not and you could allow more fast transactions.

Im not sure if highly verified users could help. I mean i can imagine that some people use voip-numbers, faked id and so on and then could misuse this.

But i think when its only about the height of transactions then small transactions doesnt need ultra high security.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
SuperTramp
Legendary
*
Offline Offline

Activity: 1073
Merit: 1000



View Profile WWW
December 11, 2012, 02:13:59 AM
 #10

I vote for 3 confirms on smaller btc deposits  Grin

MincoinForum, Home Of The World's Fastest & Rarest Cryptocurrency. https://www.mincoinforum.com
Only 10million Mincoin To Be Created. Find out more at https://www.mincoin.us
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
December 11, 2012, 02:17:42 AM
 #11

But as far as i read these 6 confirmations are giving nearly no more security. I mean waiting one hour for a digital payment is a big timeframe. Ok, its part of the network but if the waiting time is unneded long it isnt an argument for using bitcoins.

Anyway... i found a workaround but i still dont understand that the outcome of security <> time needed comes out to this result. But its your decision. Maybe im only wrong and the security gain is really worth to note.

From what I understand double spending after even a single confirmation would be nearly impossible, but MtGox is willing to do big transactions. Transactions involving five digit numbers of bitcoins and six or more digit numbers of dollars. When transactions get that big, sometimes you have to take the safest route. Waiting for six confirmations may make things absurdly safe on their end, but they have to do it because any security failings can hit their reputation hard.

However 6 confirms isn't magically safe.  It isn't like 5 confirms = massive risk and then 6 confirms = impossible.

Lets assume the attacker has hashpower that equals 20% of the network. 

To reverse an unconfirmed transaction will be 100% successful if using a finney attack or 20% of the time by brute force.  Obviously too much of a risk for high value transactions.
To reverse 1 confirmation will be successful (0.2^2 ) 4% of the time.  An attacker could reverse roughly 1 in 25 deposits.  That likely is insufficient.
To reverse 2 confirmations will happen (0.2^3 ) 0.8% of the time.  An attacker could reverse roughly 1 in 125 deposits.  Pretty small attack vector but still plausible.
To reverse 3 confirmations will happen (0.2^4 ) 0.16% of the time.  An attacker could reverse roughly 1 in 625 deposits.  The attack is non-viable and very obvious*
To reverse 4 confirmations will happen (0.2^5 ) 0.032% of the time.  An attacker could reverse roughly 1 in 3125 deposits.  The attack is completely non-viable.

* With a 0.16% success rate the attacker would only reverse on average one in 625 deposits.  Given there are only 144 blocks per day the attacker would need to deposit a MASSIVE amount of funds every hour (24+ times per day) for an average of 4-5 days before being successful.   The signature would be very obvious.   The attacker will on average lose 625 blocks to orphans for every successful attack.  The lost blocks would be worth roughly $203,000.  So to yield a 30% bonus on that would require a $300,000 double spend.  Think it might be obvious someone with a level 3 verified account depositing and withdrawing $300K in BTC every hour for days and days?

MtGox 6 confirm policy is simply an anachronism.  Why 6?  Why not 60 to be super duper sure.  Satoshi never intended the #6 to have divine like powers.




notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
December 11, 2012, 02:30:50 AM
 #12

If its about the high amounts of transactions then why not make something like this:
up to 100btc per day 1 confirmation
up to 500btc per day 2 confs
...

When i think about... this hasnt to be per day... per hour is enough. Because after a hour you know if the previous transaction was fishy or not and you could allow more fast transactions.

Im not sure if highly verified users could help. I mean i can imagine that some people use voip-numbers, faked id and so on and then could misuse this.

But i think when its only about the height of transactions then small transactions doesnt need ultra high security.

That just sets up a scale for people to figure out how much they can get away with and calculate how long and how much capital it will take.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
December 11, 2012, 02:49:09 AM
 #13

If its about the high amounts of transactions then why not make something like this:
up to 100btc per day 1 confirmation
up to 500btc per day 2 confs
...

When i think about... this hasnt to be per day... per hour is enough. Because after a hour you know if the previous transaction was fishy or not and you could allow more fast transactions.

Im not sure if highly verified users could help. I mean i can imagine that some people use voip-numbers, faked id and so on and then could misuse this.

But i think when its only about the height of transactions then small transactions doesnt need ultra high security.

That just sets up a scale for people to figure out how much they can get away with and calculate how long and how much capital it will take.

The scale is already set up. There is some cost to unspending after 6 confirmations and you get an unlimited (Gox hot-wallet really) amount for the effort. It seems like allowing some little amount at 3 confirmations would let the vast majority through in half the time while not really exposing as much as the current 6 limit for huge amounts. In combination with all the KYC in place and per account limits based on current balance as was mentioned it could increase convenience without loss of security.

I don't think Gox will ever, but others will. I don't use exchanges, who knows what other sites have in place?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
tbcoin
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile WWW
December 11, 2012, 03:08:19 AM
 #14

If anything, I would propose the idea that highly verified customers should be allowed to use their MtGox balances to guarantee against double spending.

MtGox's exposure to a double spend is only what one could withdraw from their account, and the losses one could incur in trading.  If withdrawal is blocked pending confirmation, the exposure to trading could hardly be anywhere near the full balance.  What if every confirmed 1BTC in your Gox account gave you access to 2BTC in zero-confirmation-tradeable deposit?

If I have $1000 in my MtGox account and want to send $1000 more, let's say Gox lets me trade $2000 immediately, I just can't withdraw it.  If I were to double spend, Gox would rightfully lock my account.  Let's say they could liquidate my whole account for $1500 (assume bitcoins just took a dive).  They're still made whole, because the double spend was only $1000 to begin with.  I can't withdraw, so the coins aren't going anywhere.

This would double the value of leaving funds in Gox.  I could have the "benefit" of leaving $2x in my account, while only leaving $x there.

I agree that 6 confirmations are really unnecessary and even more for verified accounts. But the success of doubled spending on mtgox is not just a problem if you withdraw, as you could execute large sell orders, manipulating the market to your advantage.

Furthermore, all those bitcoins sold may be withdrawn by their buyers

Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
Atruk
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
December 11, 2012, 05:32:26 AM
 #15

If anything, I would propose the idea that highly verified customers should be allowed to use their MtGox balances to guarantee against double spending.

MtGox's exposure to a double spend is only what one could withdraw from their account, and the losses one could incur in trading.  If withdrawal is blocked pending confirmation, the exposure to trading could hardly be anywhere near the full balance.  What if every confirmed 1BTC in your Gox account gave you access to 2BTC in zero-confirmation-tradeable deposit?

If I have $1000 in my MtGox account and want to send $1000 more, let's say Gox lets me trade $2000 immediately, I just can't withdraw it.  If I were to double spend, Gox would rightfully lock my account.  Let's say they could liquidate my whole account for $1500 (assume bitcoins just took a dive).  They're still made whole, because the double spend was only $1000 to begin with.  I can't withdraw, so the coins aren't going anywhere.

This would double the value of leaving funds in Gox.  I could have the "benefit" of leaving $2x in my account, while only leaving $x there.



This seems like an interesting idea for allowing margins trading.

SuperTramp
Legendary
*
Offline Offline

Activity: 1073
Merit: 1000



View Profile WWW
December 11, 2012, 05:37:45 AM
 #16

But as far as i read these 6 confirmations are giving nearly no more security. I mean waiting one hour for a digital payment is a big timeframe. Ok, its part of the network but if the waiting time is unneded long it isnt an argument for using bitcoins.

Anyway... i found a workaround but i still dont understand that the outcome of security <> time needed comes out to this result. But its your decision. Maybe im only wrong and the security gain is really worth to note.

From what I understand double spending after even a single confirmation would be nearly impossible, but MtGox is willing to do big transactions. Transactions involving five digit numbers of bitcoins and six or more digit numbers of dollars. When transactions get that big, sometimes you have to take the safest route. Waiting for six confirmations may make things absurdly safe on their end, but they have to do it because any security failings can hit their reputation hard.

However 6 confirms isn't magically safe.  It isn't like 5 confirms = massive risk and then 6 confirms = impossible.

Lets assume the attacker has hashpower that equals 20% of the network. 

To reverse an unconfirmed transaction will be 100% successful if using a finney attack or 20% of the time by brute force.  Obviously too much of a risk for high value transactions.
To reverse 1 confirmation will be successful (0.2^2 ) 4% of the time.  An attacker could reverse roughly 1 in 25 deposits.  That likely is insufficient.
To reverse 2 confirmations will happen (0.2^3 ) 0.8% of the time.  An attacker could reverse roughly 1 in 125 deposits.  Pretty small attack vector but still plausible.
To reverse 3 confirmations will happen (0.2^4 ) 0.16% of the time.  An attacker could reverse roughly 1 in 625 deposits.  The attack is non-viable and very obvious*
To reverse 4 confirmations will happen (0.2^5 ) 0.032% of the time.  An attacker could reverse roughly 1 in 3125 deposits.  The attack is completely non-viable.

* With a 0.16% success rate the attacker would only reverse on average one in 625 deposits.  Given there are only 144 blocks per day the attacker would need to deposit a MASSIVE amount of funds every hour (24+ times per day) for an average of 4-5 days before being successful.   The signature would be very obvious.   The attacker will on average lose 625 blocks to orphans for every successful attack.  The lost blocks would be worth roughly $203,000.  So to yield a 30% bonus on that would require a $300,000 double spend.  Think it might be obvious someone with a level 3 verified account depositing and withdrawing $300K in BTC every hour for days and days?

MtGox 6 confirm policy is simply an anachronism.  Why 6?  Why not 60 to be super duper sure.  Satoshi never intended the #6 to have divine like powers.






With above^^ in mind,  I would like to re-affirm my vote for 3 confirms on small btc deposits  Grin

MincoinForum, Home Of The World's Fastest & Rarest Cryptocurrency. https://www.mincoinforum.com
Only 10million Mincoin To Be Created. Find out more at https://www.mincoin.us
Yuhfhrh
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
December 11, 2012, 06:18:42 AM
 #17

Related, Campbx only requires 4 confirmations, and btc-e only requires 3.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1054



View Profile WWW
December 11, 2012, 08:47:18 AM
Last edit: December 11, 2012, 08:41:18 PM by Meni Rosenfeld
 #18

This is why https://en.bitcoin.it/wiki/Confirmation, indeed it is "slow" but it is also 100% secure.
This is a myth, and a dangerous one at that.

It is fine if Mtgox wants to be safer than strictly necessary. But if they believe that 6 confirmations are somehow special and magically safe, and fail to incorporate it in a complete risk management solution, it can have disastrous consequences.

Optimally, the system will credit increasing amounts based on the number of confirmations. For example, someone deposits some amount X of bitcoins. After 1 confirmation 10 BTC will be credited. After 2 confirmations, 30. 3: 100. 4: 300. 5: 1000. 6: 3000. 7: 10000. And so on, until the entire deposit is credited. This system also needs to properly handle multiple simultaneous deposits.

While simple and efficient, it can be understood if Mtgox wishes to avoid confusing themselves and the customers, and properly handling the number of confirmations can be "outsourced" to smpake-style services.

That just sets up a scale for people to figure out how much they can get away with and calculate how long and how much capital it will take.
Right, and the scale can be set up so that the expense is always greater than what they can get away with.

* With a 0.16% success rate the attacker would only reverse on average one in 625 deposits.  Given there are only 144 blocks per day the attacker would need to deposit a MASSIVE amount of funds every hour (24+ times per day) for an average of 4-5 days before being successful.   The signature would be very obvious.   The attacker will on average lose 625 blocks to orphans for every successful attack.  The lost blocks would be worth roughly $203,000.  So to yield a 30% bonus on that would require a $300,000 double spend.  Think it might be obvious someone with a level 3 verified account depositing and withdrawing $300K in BTC every hour for days and days?

MtGox 6 confirm policy is simply an anachronism.  Why 6?  Why not 60 to be super duper sure.  Satoshi never intended the #6 to have divine like powers.
I agree with the spirit of this, but the numbers are way off. The success rate is not simply q^(n+1).
The correct numbers for 20% are: 1:40%, 2:20.8%, 3:11.6%, 4:6.67%.

As we speak I am finishing a paper analyzing double-spending success probabilities in more detail, including more accurate formulas and tables. I will link to it here when done.

Edit: Said paper is available here, and this is the thread for discussing it.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
SebastianJu (OP)
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
December 11, 2012, 08:31:02 PM
 #19

Im not so into the network techniques but isnt the idea of double spendings more of an academic kind and not of a real "earn money" thing? I mean of course you could do it but wouldnt one have more success with using such hashpower for normal mining and earning safe money with that instead taking the risk of double spendings with all consequences?

I only mean there didnt happen anything till now. And using one confirmation for small transactions would mean a relatively low risk for mtgox and a high risk that isnt worth the hashpower for an attacker. Right? So at the end the only persons suffering from the waiting time are the customers. Because of something probably never will happen because of the ressources needed.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
December 11, 2012, 09:05:20 PM
 #20

Bitcoin-Central : 2 confirmations.
Instawallet : 2 confirmations.

Never a single Bitcoin lost.

Have fun waiting for your Bitcoins on MtGox, on Bitcoin-Central they'd already be on their way to your bank account.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!