BitCoin Confirmation Honeypot

[skubeedooo]

I think that we should build a confirmation honeypot so the community can get a better handle on how long you have to wait for a transaction to be effectively irreversible.  If it turns out that it only really needs 1 minute rather than 1 hour, that could be a huge win for bitcoin adoption by bricks-and-mortar businesses.

More details on my blog http://newmeraire.blogspot.com/2011/09/bitcoin-confirmation-honeypot.html.

What do you think?

[BadBear]

I think we should do this, everyone click on MY blog to see my response. 

[casascius]

I don't think it will help much.  It doesn't take into account the different things a skilled attacker might try.  If someone isn't trying to double-spend, or is trying with a "cheap shot" method a couple seconds later, demonstrating that the first spend succeeds virtually all of the time doesn't prove anything useful.  It would be like trying to prove that a padlock is secure against skilled locksmiths by having you and all of your friends try to pick it and concluding it is secure because none of you succeeded.

Other proposals have been discussed, a notable one of which is to have a third party (call it a "bank") who holds a portion of the customer's balance on deposit provide the service of "guaranteeing" the eventual success of the transaction against the customer's own deposited funds.  If the transaction turns out to have been voided due to a double spend, the merchant collects from the bank, who collects from the customer, making the guarantee pretty much instant.

[skubeedooo]

I don't think it will help much.  It doesn't take into account the different things a skilled attacker might try.  If someone isn't trying to double-spend, or is trying with a "cheap shot" method a couple seconds later, demonstrating that the first spend succeeds virtually all of the time doesn't prove anything useful.  It would be like trying to prove that a padlock is secure against skilled locksmiths by having you and all of your friends try to pick it and concluding it is secure because none of you succeeded.

I don't really understand what you're saying here. The bitcoin honeypot would be open to 'skilled locksmiths' as well as friends. If there is an outstanding bounty of, say, 50 BTC for a 1-minute delay then it does at least say that as a merchant you're pretty safe accepting 1-minute confirms in the same manner as the honeypot. You could also think of it like a bug-bounty.

[vermorel]

Even if the approach isn't perfect, I think it deserves some credit. At the very least, it tells what time-span are provably insecure. The reverse is not true (aka provably secure); but this knowledge is still of interest for the community. In particular, it will ultimately helps a bank to position itself as value-added middleman to speed-up transactions.

My 2cts on the question.