0 confirm instant transactions

[MikeyVeez]

Guys Bitcoin has instant transactions because you can accept 0 confirm transactions, and then get double spended on. Ahh you guys crack me up. Where are all the 0 confirm retards? Where are the Bitcoin is faster than Visa because you can accept 0 confirms?

What more do you need to know that Bitcoin has no future? Don't worry CIA Gavin will come save the day maybe 10 years from now when 1 pool hits 78% of the network.

[1714789365]

1714789365

[1714789365]

1714789365

[1714789365]

1714789365

[BTCisthefuture]

Guys Bitcoin has instant transactions because you can accept 0 confirm transactions, and then get double spended on. Ahh you guys crack me up. Where are all the 0 confirm retards? Where are the Bitcoin is faster than Visa because you can accept 0 confirms?

What more do you need to know that Bitcoin has no future? Don't worry CIA Gavin will come save the day maybe 10 years from now when 1 pool hits 78% of the network.

I know bitpay already does instant transactions with merchants (I'm sure there's a limit on the transaction value) and if double spending were to occur they cover the cost so merchants have nothing to worry about.  I'm not 100% sure but I believe coinbase has started offering the same thing.  They simply account for occasional losses in their business model.  These are the two largest providers that merchants who accept bitcoin use.

So it's already starting to happen and certainly companies/people are working on improving the process even more because lets face it the average person wont want to sit around for 10 minutes waiting for a confirmation. Gotta keep in mind bitcoin is still in it's infacny, there are certainly things to improve upon but it seems like people are already stepping up to the plate to make those improvements. Give it some time and I'm sure in the future instant transactions will be the norm (except for maybe large purchases).

[Peter R]

[Cross-posted from https://bitcointalk.org/index.php?topic=369589.msg3970813#msg3970813, I also think MikeyVeez is trolling and knows that zero-confirm transactions are fine for most purchases, and thus the winky face and the random and stupid CIA/Gavin accusation.]

Bitcoin is indeed faster than credit card: here in Vancouver several brick-and-mortar merchants accept bitcoin via BitPay.  It is standard to consider the invoice paid when the network picks up the transaction as valid.  This typically occurs in a fraction of second--faster than a credit card.  

The double-spend problem, to most users and vendors, most of the time, is academic.  Let's consider how you could double-spend against a coffee shop here in Vancouver:

DOUBLE SPEND ATTEMPT #1: (fails)

1-A.  You walk up to the counter and ask for your coffee.  The sales girl generates the BitPay invoice, you scan the QR code, and press "send" on your iPhone.  The BitPay app picks up the transaction on the network in a fraction of a second, and the invoice suddenly says "PAID."  You grab your coffee and leave.

1-B.  But you're sneaky: you quickly run into your car where you've already generated a raw transaction with the same coins you used to pay for your coffee, but in this fraudulent transaction you instead send the coins to an address you control (you used the brainwallet.org "transactions" page) .  You broadcast this transaction using blockchain.info's pushtx service (https://blockchain.info/pushtx).  What you will realize is that by the time you got back to your car, the original transaction has already propagated across the network.  This means that nodes will not relay this new fraudulent transaction and miners will not add it to their memory pool since they know that these coins were already spent.  Double-spend attempt #1 fails.  

DOUBLE SPEND ATTEMPT #2: (fails)

2-A.  Discouraged by your failure, you head back to your evil lair where you continue your plot to get free coffee.

2-B.  You decide that you need to broadcast both transactions at roughly the same time in order to have a better chance of success.  You need to do this *inside* the coffee shop, but all you have access to while inside the store is your blockchain.info app for iPhone.  So, you jail-break your phone and hire an iOS expert to create you a custom double-spend app.  This app by design sends out the transaction to the coffee shop, but also sends out a transaction to an address that you control.

2-C.  So you order your coffee and test out your app.  But the BitPay invoice never says "paid."  When the sales girl checks at blockchain.info, she sees a big red "DOUBLE SPEND DETECTED" warning beside the transaction.

2-D.  You don't get your coffee and leave the store with everyone thinking that you are a thief.  

DOUBLE SPEND ATTEMPT #3: (succeeds once and a while)

3-A.  Back at the lair, you realize that your quest for free coffee is more difficult than you actually thought.  You call up some nefarious miner that controls 30% of the global hash power.  You tell him that when you give him the signal, he should add your fraudulent transaction to his memory pool of unconfirmed transactions.  You pay your iPhone hacker to modify your app to send the evil miner a special signal when you buy your coffee.

3-B.  You go to the coffee shop and buy your coffee.  Your new app sends the signal to the evil miner that you're in cahoots with.  The miner adds your fraudulent transaction, while the real transaction propagates across the network.

3-C.  Since the evil miner controls 30% of the global hash power, your coffee is free 30% of the time.  

3-D.  Finally, you succeed!  You also decide it is a lot less work to just pay for your coffee normally...

[pand70]

So you made this thread is to attack bitcoin or gavin? I 'm confused 

[CIYAM]

One other scenario that seems to have been missed:

1) Pay for your coffee with a zero fee low priority tx.

2) Wait for 24 hours when it will have been dropped from the memory pool in most Bitcoin software.

3) Send a different tx using the sample UTXOs but this time adding in a reasonable enough fee to get into the next block.

This is actually quite simple - and although I've not tried to get away with any free coffee I have actually performed this sort of "double spend" more than once (when the network just got too busy to process a couple of zero fee low priority txs I was playing with).

Does Bitpay do something to try and prevent this kind of "double spent"?

[Peter R]

One other scenario that seems to have been missed:

1) Pay for your coffee with a zero fee low priority tx.

2) Wait for 24 hours when it will be dropped from everyone's memory pool.

3) Send a different tx using the sample UTXOs but with an appropriate fee.

This is actually quite simple - and although I've not tried to get away with any free coffee I have actually performed this sort of "double spend" more than once (when the network just got too busy to process a couple of zero fee low priority txs I was playing with).

Does Bitpay do something to try and prevent this kind of "double spent"?

Thanks CIYAM for the intelligent comment (I feel I've been fighting trolls all day).  

I recently paid for a beer via BitPay and my Blockchain wallet for iOS sent it as a zero-fee transaction.  Because the network was very busy at the time, this transaction wasn't confirmed for about 36 hours.  

I would like to get to the bottom of the attack vector you proposed.  Is it possible that BitPay could just continuously rebroadcast the transaction, thereby preventing it from falling out of the memory pool?  And why didn't my transaction get "dropped" after 24 hours?  I remember that it took a day and a half before it was confirmed.  

[CIYAM]

Thanks CIYAM for the intelligent comment (I feel I've been fighting trolls all day).  

This is bitcointalk after all.

I recently paid for a beer via BitPay and my Blockchain wallet for iOS sent it as a zero-fee transaction.  Because the network was very busy at the time, this transaction wasn't confirmed for about 36 hours.  

I would like to get to the bottom of the attack vector you proposed.  Is it possible that BitPay could just continuously rebroadcast the transaction, thereby preventing it from falling out of the memory pool?  And why didn't my transaction get "dropped" after 24 hours?  I remember that it took a day and a half before it was confirmed.  

I too am interested to know what Bitpay would do - I guess they certainly could rebroadcast the tx themselves to "keep it alive" although there is the possibility that the tx may not confirm for months or even years (if network usage remained constantly at the same level).

That would open up an attack vector - which is the reason why I assume my tx got dropped from everyone's memory pool with 24-48 hours (I forget the exact amount of time but was certainly not longer than 48 hours).

I think the only *solution* is going to be that the *vendor* pays the fee (some work on the idea of one tx providing the fee for another has already been done although it isn't part of standard Bitcoin yet).

[whiskers75]

[Cross-posted from https://bitcointalk.org/index.php?topic=369589.msg3970813#msg3970813, I also think MikeyVeez is trolling and knows that zero-confirm transactions are fine for most purchases, and thus the winky face and the random and stupid CIA/Gavin accusation.]

Bitcoin is indeed faster than credit card: here in Vancouver several brick-and-mortar merchants accept bitcoin via BitPay.  It is standard to consider the invoice paid when the network picks up the transaction as valid.  This typically occurs in a fraction of second--faster than a credit card.  

The double-spend problem, to most users and vendors, most of the time, is academic.  Let's consider how you could double-spend against a coffee shop here in Vancouver:

DOUBLE SPEND ATTEMPT #1: (fails)

1-A.  You walk up to the counter and ask for your coffee.  The sales girl generates the BitPay invoice, you scan the QR code, and press "send" on your iPhone.  The BitPay app picks up the transaction on the network in a fraction of a second, and the invoice suddenly says "PAID."  You grab your coffee and leave.

1-B.  But you're sneaky: you quickly run into your car where you've already generated a raw transaction with the same coins you used to pay for your coffee, but in this fraudulent transaction you instead send the coins to an address you control (you used the brainwallet.org "transactions" page) .  You broadcast this transaction using blockchain.info's pushtx service (https://blockchain.info/pushtx).  What you will realize is that by the time you got back to your car, the original transaction has already propagated across the network.  This means that nodes will not relay this new fraudulent transaction and miners will not add it to their memory pool since they know that these coins were already spent.  Double-spend attempt #1 fails.  

DOUBLE SPEND ATTEMPT #2: (fails)

2-A.  Discouraged by your failure, you head back to your evil lair where you continue your plot to get free coffee.

2-B.  You decide that you need to broadcast both transactions at roughly the same time in order to have a better chance of success.  You need to do this *inside* the coffee shop, but all you have access to while inside the store is your blockchain.info app for iPhone.  So, you jail-break your phone and hire an iOS expert to create you a custom double-spend app.  This app by design sends out the transaction to the coffee shop, but also sends out a transaction to an address that you control.

2-C.  So you order your coffee and test out your app.  But the BitPay invoice never says "paid."  When the sales girl checks at blockchain.info, she sees a big red "DOUBLE SPEND DETECTED" warning beside the transaction.

2-D.  You don't get your coffee and leave the store with everyone thinking that you are a thief.  

DOUBLE SPEND ATTEMPT #3: (succeeds once and a while)

3-A.  Back at the lair, you realize that your quest for free coffee is more difficult than you actually thought.  You call up some nefarious miner that controls 30% of the global hash power.  You tell him that when you give him the signal, he should add your fraudulent transaction to his memory pool of unconfirmed transactions.  You pay your iPhone hacker to modify your app to send the evil miner a special signal when you buy your coffee.

3-B.  You go to the coffee shop and buy your coffee.  Your new app sends the signal to the evil miner that you're in cahoots with.  The miner adds your fraudulent transaction, while the real transaction propagates across the network.

3-C.  Since the evil miner controls 30% of the global hash power, your coffee is free 30% of the time.  

3-D.  Finally, you succeed!  You also decide it is a lot less work to just pay for your coffee normally...

That is the best read up I ever heard. Mind if I use it for a page on doublespends?

[Soros Shorts]

I recently  bought around $12K worth of Amazon gift cards from gyft.com using Bitpay as the payment method. In most cases, I finished loading the code into my Amazon account long before the first confirmation happened.

[CIYAM]

I recently  bought around $12K worth of Amazon gift cards from gyft.com using Bitpay as the payment method. In most cases, I finished loading the code into my Amazon account long before the first confirmation happened.

I think you'll find that it is up to the service/goods provider to decide their policy wrt 0 confirmation payments when using Bitpay.

For services such as say web hosting it isn't much of a problem as the service provider can easily just cancel the service if the payment doesn't confirm after x hours but for people shipping physical goods it is of course much more of a problem.

[zimmah]

Guys Bitcoin has instant transactions because you can accept 0 confirm transactions, and then get double spended on. Ahh you guys crack me up. Where are all the 0 confirm retards? Where are the Bitcoin is faster than Visa because you can accept 0 confirms?

What more do you need to know that Bitcoin has no future? Don't worry CIA Gavin will come save the day maybe 10 years from now when 1 pool hits 78% of the network.

Oh sure lets wait for visa to confirm the transaction, I'll see you next summer.

[Kluge]

Credit cards do actually take ~120 days to confirm a transaction. Until that point, a "double-spend" in the form of a chargeback is possible. Of course, for small transactions, nobody gives a damn because people aren't going to commit fraud for so little. In the US, it recently became legal to charge credit card users extra fees for all the risks and fees associated with them, though I think only gas stations currently take advantage of this.

Should a merchant charge significantly more for credit purchases, it may turn into a Paypal situation, where due to the high fees, the number of scammers using it balloons out of control, which leads to more fees leading a higher % of scammers until the businesses simply close their doors. This happened in the Bitcoin community, where Paypal and credit cards are practically banned forms of payment.

If reversible payment mechanisms were more secure, people would be happy to sell BTC for them.

[Peter R]

[Cross-posted from https://bitcointalk.org/index.php?topic=369589.msg3970813#msg3970813, I also think MikeyVeez is trolling and knows that zero-confirm transactions are fine for most purchases, and thus the winky face and the random and stupid CIA/Gavin accusation.]

Bitcoin is indeed faster than credit card: here in Vancouver several brick-and-mortar merchants accept bitcoin via BitPay.  It is standard to consider the invoice paid when the network picks up the transaction as valid.  This typically occurs in a fraction of second--faster than a credit card.  

The double-spend problem, to most users and vendors, most of the time, is academic.  Let's consider how you could double-spend against a coffee shop here in Vancouver:

DOUBLE SPEND ATTEMPT #1: (fails)

1-A.  You walk up to the counter and ask for your coffee.  The sales girl generates the BitPay invoice, you scan the QR code, and press "send" on your iPhone.  The BitPay app picks up the transaction on the network in a fraction of a second, and the invoice suddenly says "PAID."  You grab your coffee and leave.

1-B.  But you're sneaky: you quickly run into your car where you've already generated a raw transaction with the same coins you used to pay for your coffee, but in this fraudulent transaction you instead send the coins to an address you control (you used the brainwallet.org "transactions" page) .  You broadcast this transaction using blockchain.info's pushtx service (https://blockchain.info/pushtx).  What you will realize is that by the time you got back to your car, the original transaction has already propagated across the network.  This means that nodes will not relay this new fraudulent transaction and miners will not add it to their memory pool since they know that these coins were already spent.  Double-spend attempt #1 fails.  

DOUBLE SPEND ATTEMPT #2: (fails)

2-A.  Discouraged by your failure, you head back to your evil lair where you continue your plot to get free coffee.

2-B.  You decide that you need to broadcast both transactions at roughly the same time in order to have a better chance of success.  You need to do this *inside* the coffee shop, but all you have access to while inside the store is your blockchain.info app for iPhone.  So, you jail-break your phone and hire an iOS expert to create you a custom double-spend app.  This app by design sends out the transaction to the coffee shop, but also sends out a transaction to an address that you control.

2-C.  So you order your coffee and test out your app.  But the BitPay invoice never says "paid."  When the sales girl checks at blockchain.info, she sees a big red "DOUBLE SPEND DETECTED" warning beside the transaction.

2-D.  You don't get your coffee and leave the store with everyone thinking that you are a thief.  

DOUBLE SPEND ATTEMPT #3: (succeeds once and a while)

3-A.  Back at the lair, you realize that your quest for free coffee is more difficult than you actually thought.  You call up some nefarious miner that controls 30% of the global hash power.  You tell him that when you give him the signal, he should add your fraudulent transaction to his memory pool of unconfirmed transactions.  You pay your iPhone hacker to modify your app to send the evil miner a special signal when you buy your coffee.

3-B.  You go to the coffee shop and buy your coffee.  Your new app sends the signal to the evil miner that you're in cahoots with.  The miner adds your fraudulent transaction, while the real transaction propagates across the network.

3-C.  Since the evil miner controls 30% of the global hash power, your coffee is free 30% of the time.  

3-D.  Finally, you succeed!  You also decide it is a lot less work to just pay for your coffee normally...

That is the best read up I ever heard. Mind if I use it for a page on doublespends?

Thanks for the compliment, whiskers.  Please feel free to use/share my post as you see fit. 

Note that CIYAM did bring up a potential attack vector that I don't think we've analyzed properly yet (https://bitcointalk.org/index.php?topic=371751.msg3973607#msg3973607).  My gut feel is that already this is not a problem, since BitPay can just re-broadcast the transaction to "keep it alive."  Someone above my pay grade would have to confirm though.  Certainly, once "smart fees" are implemented (in the near future) any remaining concerns would disappear.

[JohnyBigs]

[Cross-posted from https://bitcointalk.org/index.php?topic=369589.msg3970813#msg3970813, I also think MikeyVeez is trolling and knows that zero-confirm transactions are fine for most purchases, and thus the winky face and the random and stupid CIA/Gavin accusation.]

Bitcoin is indeed faster than credit card: here in Vancouver several brick-and-mortar merchants accept bitcoin via BitPay.  It is standard to consider the invoice paid when the network picks up the transaction as valid.  This typically occurs in a fraction of second--faster than a credit card.  

The double-spend problem, to most users and vendors, most of the time, is academic.  Let's consider how you could double-spend against a coffee shop here in Vancouver:

DOUBLE SPEND ATTEMPT #1: (fails)

1-A.  You walk up to the counter and ask for your coffee.  The sales girl generates the BitPay invoice, you scan the QR code, and press "send" on your iPhone.  The BitPay app picks up the transaction on the network in a fraction of a second, and the invoice suddenly says "PAID."  You grab your coffee and leave.

1-B.  But you're sneaky: you quickly run into your car where you've already generated a raw transaction with the same coins you used to pay for your coffee, but in this fraudulent transaction you instead send the coins to an address you control (you used the brainwallet.org "transactions" page) .  You broadcast this transaction using blockchain.info's pushtx service (https://blockchain.info/pushtx).  What you will realize is that by the time you got back to your car, the original transaction has already propagated across the network.  This means that nodes will not relay this new fraudulent transaction and miners will not add it to their memory pool since they know that these coins were already spent.  Double-spend attempt #1 fails.  

DOUBLE SPEND ATTEMPT #2: (fails)

2-A.  Discouraged by your failure, you head back to your evil lair where you continue your plot to get free coffee.

2-B.  You decide that you need to broadcast both transactions at roughly the same time in order to have a better chance of success.  You need to do this *inside* the coffee shop, but all you have access to while inside the store is your blockchain.info app for iPhone.  So, you jail-break your phone and hire an iOS expert to create you a custom double-spend app.  This app by design sends out the transaction to the coffee shop, but also sends out a transaction to an address that you control.

2-C.  So you order your coffee and test out your app.  But the BitPay invoice never says "paid."  When the sales girl checks at blockchain.info, she sees a big red "DOUBLE SPEND DETECTED" warning beside the transaction.

2-D.  You don't get your coffee and leave the store with everyone thinking that you are a thief.  

DOUBLE SPEND ATTEMPT #3: (succeeds once and a while)

3-A.  Back at the lair, you realize that your quest for free coffee is more difficult than you actually thought.  You call up some nefarious miner that controls 30% of the global hash power.  You tell him that when you give him the signal, he should add your fraudulent transaction to his memory pool of unconfirmed transactions.  You pay your iPhone hacker to modify your app to send the evil miner a special signal when you buy your coffee.

3-B.  You go to the coffee shop and buy your coffee.  Your new app sends the signal to the evil miner that you're in cahoots with.  The miner adds your fraudulent transaction, while the real transaction propagates across the network.

3-C.  Since the evil miner controls 30% of the global hash power, your coffee is free 30% of the time.  

3-D.  Finally, you succeed!  You also decide it is a lot less work to just pay for your coffee normally...

That's great that you use coffee as the example, of course nobody will do it for coffee, but they will for higher priced items, 30% of the time of the global world commerce is a high unacceptable number, which is in Billions and Trillions of dollars.

Again great argument, you will only succeed at scamming 30% of the time lmao, what a joke this place is.

[jackmackg]

One other scenario that seems to have been missed:

1) Pay for your coffee with a zero fee low priority tx.

2) Wait for 24 hours when it will have been dropped from the memory pool in most Bitcoin software.

3) Send a different tx using the sample UTXOs but this time adding in a reasonable enough fee to get into the next block.

This is actually quite simple - and although I've not tried to get away with any free coffee I have actually performed this sort of "double spend" more than once (when the network just got too busy to process a couple of zero fee low priority txs I was playing with).

Does Bitpay do something to try and prevent this kind of "double spent"?

I think you told a more detailed way of the Finney attack. https://en.bitcoin.it/wiki/Double-spending#Finney_attack

To help protect from that connect to nodes you trust and make sure they include a miners fee. Its not 100% fool proof but it will help.

[JohnyBigs]

That's great that you use coffee as the example, of course nobody will do it for coffee, but they will for higher priced items, 30% of the time of the global world commerce is a high unacceptable number, which is in Billions and Trillions of dollars.

Again great argument, you will only succeed at scamming 30% of the time lmao, what a joke this place is.

Normally the paperwork alone on higher priced items takes longer than the amount of time required to get a few confirmations...

Seriously... the options aren't either:

a. wait for 6 confirmation every time

or:

b. never wait for confirmations

Merchants can go with whatever confirmation schedule they are comfortable with, and customers can shop accordingly.

I certainly don't mind waiting for several confirmations when purchasing a new car, but I'm probably not going to wait around at a coffee shop. Merchants didn't become merchants by being stupid, they will realize this and adjust accordingly.

Not to mention that existing credit card companies can simply introduce credit cards based on Bitcoin in the future, and customers will be able to pay those companies in order to get all the advantages/disadvantages they have with their precious credit cards today!

I have no idea why I am wasting so much time in a troll thread...

What paper work? Do I need paper work to buy a Macbook, TV, Clothes, fill up my Gas? Pay my Cell Phone Bill? You assume people want to use Bitcoins, NEWS FLASH they don't.

[prezbo]

You assume people want to use Bitcoins, NEWS FLASH they don't.

Well, I do and I'm sure I'm not alone.

[JohnyBigs]

You assume people want to use Bitcoins, NEWS FLASH they don't.

Well, I do and I'm sure I'm not alone.

How are you going to be alone in a thread of Apple Iphone? Assuming people there want to use Iphone's and Apple. Your in a Bitcoin Forum, of course it seems like everybody wants to use it.

There are 3 Million Bitcoin users in the world in 5 years, out of a population of 6 Billion. No they don't want to use it. If they did they would have, 42% of the population in the US knows what Bitcoin is, and they have no interest in using it, or they would have. Go out in the real world and see how many people use it.

[JohnyBigs]

What paper work? Do I need paper work to buy a Macbook, TV, Clothes, fill up my Gas? Pay my Cell Phone Bill? You assume people want to use Bitcoins, NEWS FLASH they don't.

Normally the paperwork alone on higher priced items takes longer than the amount of time required to get a few confirmations...

Merchants can go with whatever confirmation schedule they are comfortable with, and customers can shop accordingly.

NO, besides really high priced items. What a great market Bitcoin has there, only high priced items, with some extra hassle of opening 10 different accounts to fund your Bitcoins and Exchange them lol.

And even then paperwork does not take a few hours lmao.

[JohnyBigs]

What paper work? Do I need paper work to buy a Macbook, TV, Clothes, fill up my Gas? Pay my Cell Phone Bill? You assume people want to use Bitcoins, NEWS FLASH they don't.

Normally the paperwork alone on higher priced items takes longer than the amount of time required to get a few confirmations...

Merchants can go with whatever confirmation schedule they are comfortable with, and customers can shop accordingly.

NO, besides really high priced items. What a great market Bitcoin has there, only high priced items, with some extra hassle of opening 10 different accounts to fund your Bitcoins and Exchange them lol.

Again, the merchant can go with whatever confirmation schedule they are comfortable with. They are methods that don't even need to rely on confirmations like: scan photo ID for 0 confirmation acceptance. I'm sure you'd agree, 99% of the population doesn't care if the merchant knows their identity or not.

I've never signed up for any accounts to fund my Bitcoin addresses, so I'm not sure what you are talking about.

Wow really you must be Bitcoin God then, how did you fund your Bitcoin Address?

Yes they can deal with confirmations, running Gigs of information on their computers, must have the computer on 24/7 or else they need to wait for the blockchain to catch up, decide on what is a favorable confirmation number. OR now stick with me here, here is the big OR

Swipe a credit card, or write a check.