|
January 08, 2014, 10:18:24 PM |
|
Hi,
I have been thinking about enabling secure zero-confirmation (and even completely offline) transactions, using special contracts with a third party. My construction doesn’t claim to be 100% secure, but secure enough so that if I stop by some roadside stall without any internet connection I'll be able to buy and the vendor well be able to accept my transaction without being afraid too much of double spending.
Following are some varieties, and I am sure there are many more, but the core idea is that I can sign a special commitment saying that X of my Bitcoins are frozen until tomorrow and can be used only for at most X/L transactions that each one transmits at most L Bitcoins to an address that is approved by a certain certificate authority (CA). Until tomorrow I can't transfer any of this frozen money to an address which is not approved by the CA; I can't make more than X/L such transaction; and I can't have multiple transactions with the same (approved) address if the total sum is more than L Bitcoins.
The CA is going to charge vendors for providing them certificates, and makes sure no vendor receives more than a single approved address. After a transaction have been made, and the vendor have finally connected to the internet, the transaction can be included within a block only if the vendor sends along with the transaction the CA certificate of the address; there are at least L unspent frozen Bitcoins of the buyer; and the transaction is of no more than L Bitcoins combined with all previous transactions with the same address.
Basic security The only way a buyer can trick the vendor is by spending all the frozen money before the vendor connects to the internet. Since a buyer can spend at most L Bitcoins on each vendor, he must run through more than X/L different vendors during a relatively short time. If we are interested only in zero-confirmation transaction and not offline transaction, that means the attacker has to visit X/L different places within approximately 10 minutes. That is quite difficult. A bunch of thieves sharing the same private key can nevertheless do so, but the more thieves are involved the bigger is their risk of getting caught.
Making the CA more involved A possible way to strengthen the basic security is by making the CA more involved: for a higher certificate charge, the CA can partly or fully compensate the vendor for double spending cases. That's way the CA will have a strong incentive to approve only reliable vendors (and no vendors that might sell their approved address for the thieves). Approving also the buyers The CA may approve potential buyers that are willing to be registered (and thus compromise their privacy). Vendors may refuse to accept offline payments from unapproved buyers, so in case of a double spending they can contact the CA and ask for the buyer's details that will be delivered to the police. The anonymity compromising is limited, at least if you trust the CA for not sharing this information without a reason and trust yourself to protect well your private key (if someone steals your private key and commits double spending, your details will be shared).
So… what do you think about it?
Lear
|