When does it become fraud? The ethics of bitcoin mining and zero-confirm TXs

[Peter R]

Fraud is usually considered a detriment to a prosperous society, and most societies have laws and social pressure to discourage such behaviour.  A common definition of fraud is:

    fraud: wrongful deception intended to result in financial or personal gain

The poll question relates to the ethics of bitcoin miners facilitating double-spends for users for profit.  

BACKGROUND:  Successfully double-spending a zero-confirm transaction is difficult.  If a customer broadcasts a transaction to pay a merchant, and simultaneously double-spends those coins to an address under his control, the merchant's listening node will very likely detect the double spend attempt and the customer will not be successful.  If the customer waits until he has left the store with his merchandise before broadcasting the double spend, then most network nodes won't propagate this transactions and most miners won't add it to their memory pool, and again the customer will not be successful.  

However, if the customer can broadcast the double-spend transaction privately to a miner that controls, say, 10% of global hash power, over a non-public back channel, and if the miner agrees to replace the original transaction (the payment to the merchant in our example) with this new transaction, then the double spend will be successful 10% of the time.  

If a miner offers this service for profit and if customers use it to deceive merchants, would you consider the miner to be complicit in fraud?  


(This is not a discussion about enforcement, just whether or not this qualifies as fraud in your opinion)

[1715375189]

1715375189

[1715375189]

1715375189

[cdog]

Yes.

[BADecker]

On the other hand, since Bitcoin is only BETA - even though it seems to work well - and since most Bitcoin users know that they know very little about the underlying process that makes Bitcoin work, and since many in government and the media have been suggesting (often loudly) to watch out for Bitcoin, and since we all know that there might be many different "things" not thought of regarding the Bitcoin processes, how can there be any fraud, since anything goes, because there isn't any complete "perfection" as yet, and it is all a risk that folks have wildly jumped into?

Now, if it goes through the courts, then will it be fraud if the courts say it is? Or is it only fraud in that case if you want to believe the courts?

[Mike Christ]

...how can there be any fraud, since anything goes, because there isn't any complete "perfection" as yet, and it is all a risk that folks have wildly jumped into?

Users of Bitcoin do not have their own special moral category; the warning that comes with bitcoin refers to the technology itself failing in some fashion, not the people who use it.  It's fraud under the following condition:

fraud  (frôd)
n.
1. A deception deliberately practiced in order to secure unfair or unlawful gain.

Which is precisely what double-spending is.

[BADecker]

...how can there be any fraud, since anything goes, because there isn't any complete "perfection" as yet, and it is all a risk that folks have wildly jumped into?

Users of Bitcoin do not have their own special moral category; the warning that comes with bitcoin refers to the technology itself failing in some fashion, not the people who use it.  It's fraud under the following condition:

fraud  (frôd)
n.
1. A deception deliberately practiced in order to secure unfair or unlawful gain.

Which is precisely what double-spending is.

Thank you. But it made you think, didn't it?

Now ask yourself, is government fraud?

[Peter R]

...how can there be any fraud, since anything goes, because there isn't any complete "perfection" as yet, and it is all a risk that folks have wildly jumped into?

Users of Bitcoin do not have their own special moral category; the warning that comes with bitcoin refers to the technology itself failing in some fashion, not the people who use it.  It's fraud under the following condition:

fraud  (frôd)
n.
1. A deception deliberately practiced in order to secure unfair or unlawful gain.

Which is precisely what double-spending is.

Well put Mike. 

[Mike Christ]

Thank you. But it made you think, didn't it?

Now ask yourself, is government fraud?

I see what you did there

[Peter R]

Just wanted to add some fuel to this fire! (It's a good fire!)

Does the miner know the intention of the individual committing the double spend? Does it matter?

Is there ever a situation where double spending is legitimate?

I thought this was some kind of riddle, so I racked my brain trying to come up with a situation where I felt double spending would be legitimate.  I couldn't think of anything.

A corollary of this is that when accepting transactions into your memory pool, I also couldn't think of any situation where you should not simply accept the first transaction that you are aware of as the legitimate one.  

[Light]

It a clearly fraud if the miner is aware that he is being complicit/aiding someone wishing to commit fraud themselves. It is really no different from an accomplice in a crime, both are guilty. On the other hand if the miner isn't aware ethically there isn't anything he could do. Although, it is rather hard to see a legitimate reason for such a service.

[grau]

I thought this was some kind of riddle, so I racked my brain trying to come up with a situation where I felt double spending would be legitimate.  I couldn't think of anything.

A double spend could also be a legitimate attempt of correction for excessive fee, wrong address or whatever previous software or human error.

The problem lies with the assumption the miner could know better. You simply can not assume that, and then call the miner a fraudster depending on your view of order. Transactions do not have a timestamp of their own, network propagation is random.

kjj summed it up nicely: https://bitcointalk.org/index.php?topic=500345.msg5540800#msg5540800

[mustyoshi]

A merchant should not rely on unconfirmed transactions ever.

[exapted]

Bitcoin is about security by algorithmic design, not security by policy. We should assume nothing about peoples' intentions when using the Bitcoin network. Don't expect anyone to swoop in and save you, unless you're ready for them to be your overlord.

Double spending is a legitimate use of the Bitcoin network.

[luv2drnkbr]

The protocol is the protocol.  If it enables fraud, that is part of the protocol.  Thankfully, with a modicum of simple measures, it does not allow fraud.

The protocol is the protocol.  It doesn't care if your transaction is a double spend or if there's a fee or no fee or if it's non-standard or standard or if you accidentally send 0.01 bitcoins with a 300 bitcoin miner fee.

The protocol is the protocol.  You will relay any transactions you think should be relayed, just as others will do.  You will mine transactions you think should be mined, just as others will do.  Most people don't mine dust or non-standard transactions, some do.

The protocol is the protocol.  The protocol is amoral.  It doesn't care about what you use your bitcoins for, or if you are attempting to defraud somebody.  All it knows is that's a valid transaction.  And that's all it needs to know.

Anything allowed by the protocol is fair game.

In fact that's the entire point of the protocol.  You are actually doing bitcoin wrong if you are placing your trust in people with bitcoin.  The whole idea is that the protocol prevents fraud where possible with cryptography, and where crypto is not possible, it prevents it with economic incentive.  That is how the protocol works.  If you can change those parameters, more power to you.  If you can break the crypto, you get the coins.  If you can change the economic incentive, you can pressure the miners.

All's fair in love and crypto, because the whole purpose of crypto is that you aren't supposed to trust it.

Something worth double spending for is something worth waiting a few confirmations for.  All's fair in crypto.

The protocol is the protocol.

[Peter R]

You are on this list and don't want your money trapped in limbo. https://blockchain.info/unconfirmed-transactions

You've made a copypasta error and sent money to the wrong address, yet it has not been confirmed yet.

Someone has hacked your computer and sent your money to an address that you do not control, yet it has not been confirmed yet.

Yes, I came up with all these reasons myself, but they just don't hold up to scrutiny in my mind.  

1.  I've had money trapped in limbo, and it was annoying, but it eventually got confirmed.  If it didn't then the other nodes would have dropped it from their memory pool.  Neither I nor the recipient was ever at risk of losing funds.  When we have smarter miners that implement the "child pays parent" scheme then this annoyance should disappear.    

2 & 3.  Both these arguments seem like slippery-slopes: what if it has only received 1 confirmation?  Is it ethical to pay a miner to attempt to orphan this block?  From an ethical perspective, I believe that the transaction becomes legitimate the moment it is broadcast to the network.  Again, just because it is technically possible to intentionally orphan a block or swap an earlier TX variant with a later one, doesn't mean that doing so is ethical.  


Additional thoughts:

Copypasta: I hope that in most cases, copypasta errors don't result in the loss of funds.  I only store addresses in my address-book of people I trust: if I made a copypasta error, I would simply ask for my funds back.  (Readers should note that typo errors are safe, as the typo will result in an invalid bitcoin address and your wallet will flag the error.)  Furthermore, as wallet technology improves, this will naturally become less of a risk. 

Theft: If hackers stole the limited funds accessible on my computer...hmm that reminds me that I need to make another transaction to cold storage.  I don't know.  This is the hardest one for me, and...you know...I would probably try to double-spend in this case if I had the ability to attempt it.  But I would rather not have this ability if it means that others do not have this ability.  For this reason, I don't believe I would ever accept the later TX variant into my memory pool.  That being said, if a hacker breaks into my computer and steals my bitcoin, they still committed a crime!

[Peter R]

It sounds like you are accepting at least one scenario as a legitimate reason to double spend.

May I ask you what your opinion on the matter is?  Do you think there is ever a legitimate reason to double spend?

I am also curious how you would vote in my poll.  The poll question wasn't about double-spending in general, but the particular case where a miner offers an OOB double-spending service for profit that enables users to defraud merchants (the service keeps the later TX variant private from the network).  Do believe the miner is or is not complicit in the fraud in such a case?  

[deltanine]

However, if the customer can broadcast the double-spend transaction privately to a miner that controls, say, 10% of global hash power, over a non-public back channel, and if the miner agrees to replace the original transaction (the payment to the merchant in our example) with this new transaction, then the double spend will be successful 10% of the time.  

If a miner offers this service for profit and if customers use it to deceive merchants, would you consider the miner to be complicit in fraud?  


(This is not a discussion about enforcement, just whether or not this qualifies as fraud in your opinion)

Whoever would scam like this would be the dumbest criminal of all time.    The double-spending miner would need 3 petahashes to have 10% of the network.  That's at least $6-7,000,000 in asics to achieve that.  But they would constantly need to add as the difficulty continues to rise.  All this so that 10% of the time you are successful at a small purchase scam?

If you had that much hashing power wouldn't you just use it to mine bitcoins honestly, raking in around 900 a day?

[deltanine]

However, if the customer can broadcast the double-spend transaction privately to a miner that controls, say, 10% of global hash power, over a non-public back channel, and if the miner agrees to replace the original transaction (the payment to the merchant in our example) with this new transaction, then the double spend will be successful 10% of the time.  

If a miner offers this service for profit and if customers use it to deceive merchants, would you consider the miner to be complicit in fraud?  


(This is not a discussion about enforcement, just whether or not this qualifies as fraud in your opinion)

Whoever would scam like this would be the dumbest criminal of all time.    The double-spending miner would need 3 petahashes to have 10% of the network.  That's at least $6-7,000,000 in asics to achieve that.  But they would constantly need to add as the difficulty continues to rise.  All this so that 10% of the time you are successful at a small purchase scam?

If you had that much hashing power wouldn't you just use it to mine bitcoins honestly, raking in around 900 a day?

The miner can do both. The miner can add the double spend transactions to the blocks they create and these blocks are compatible with the honest network, raking in all those block rewards.

The miner chooses which transactions to add to his blocks. In this example, the double spenders are paying the miner to add their double spend transaction instead of their initial transaction. If this particular miner then finds the next block, the double spend becomes the transaction written in the block chain. If another miner finds the next block, then the initial transaction is most likely the one which will be included in the block chain. This kind of double spending would only work in blocks found by the miner being paid to include the double spend transactions.

But why would anyone do this?  If you had that type of money invested in bitcoin mining why would you strive to devalue bitcoin?  If small transactions failed 10% of the time merchants would be less likely to adopt it.  Then at the end of the day your 900 honestly mined bitcoins a day are all valued less and you have left yourself open to legal issues.  This move just does not make any sense.

And keep in mind, you couldn't scam like this with high dollar purchases.  Those would undoubtedly be waited on for full confirmation by the merchant into their wallet.

[grau]

Let me pour a bit more oil to the fire:

What if one broadcasts a double spend of a confirmed transaction with a fee that provides enough incentive not to mine on top of the chain but to fork it just before the confirmation?

Is it ok to accept the bribe?

[grau]

Let me pour a bit more oil to the fire:

What if one broadcasts a double spend of a confirmed transaction with a fee that provides enough incentive not to mine on top of the chain but to fork it just before the confirmation?

Is it ok to accept the bribe?

Does the miner know the intention of the broadcaster?

No. The miner has only publicly available information accessible to all other miner: that is the block chain and a double spend attempt on the network.

[grau]

Let me pour a bit more oil to the fire:

What if one broadcasts a double spend of a confirmed transaction with a fee that provides enough incentive not to mine on top of the chain but to fork it just before the confirmation?

Is it ok to accept the bribe?

Does the miner know the intention of the broadcaster?

No. The miner has only publicly available information accessible to all other miner: that is the block chain and a double spend attempt on the network.

Then I would say there is nothing wrong with attempting to grab these coins. There is also nothing wrong with the rest of the network ignoring your fork should they choose.

I agree. Just emphasized with the question, that order is not even final with a confirmations it is just more and more likely to be final... There are no good and bad motives in absence of extra information.

[Peter R]

Regarding the miner, if he is knowingly facilitating fraud, yes, he is an accomplice to the fraudulent double spender.

If there are legitimate reasons to double spend, and he is simply offering a service which the protocol allows, without knowing the intentions of the double spender, then no.

I am in agreement with what you said.  And I agree with Grau that "there are no good and bad motives in absence of extra information."  But usually we will have extra information:

Now what if the miner knows that 90% of the double-spend transactions going through his "OOB double-spend service" are for the purpose of defrauding a merchant (possibly from statistics compiled from payment providers such as BitPay).  If he considers a single double-spend request in isolation, the miner cannot say for sure that that transaction is fraudulent, but using this to legitimize his service seems disingenuous if, statistically, it is known that most of the transactions are fraudulent (and he just can't tell which ones).  

[flower1024]

No
0-conf should only be trusted for small amounts or digital goods which are revokeable (eg usenetprovider).

[StarfishPrime]

We shouldn't lose sight of the fact that tx replacement issues were considered and accounted for at the very beginning, by Satoshi himself:

Using the sequence and lock_time fields prevents a tx from being replaced by another tx after the specified time (or block number, or ever if sequence = UINT_MAX). Essentially all transactions currently being broadcast have sequence == UINT_MAX, so they should never be replaced if the protocol is followed.

A race conditon between maliciously broadcast double-spend tx's will always be a function of how well connected the initial receiving nodes are, and the timing of the double spend tx broadcast. There's really no way around waiting for confirmations for absolute transaction certainty.

Best practice should be to always reject an incoming tx if it already has a counterpart in the mempool, where sequence == UINT_MAX. This is currently considered normal behavior and is probably the only thing that saved the network from being overwhelmed by the large scale TM attack in early Feb.

Non-conforming nodes are simply not following the protocol (i.e. they are disregarding the sequence parameter).

[Lauda]

Let me pour a bit more oil to the fire:

What if one broadcasts a double spend of a confirmed transaction with a fee that provides enough incentive not to mine on top of the chain but to fork it just before the confirmation?

Is it ok to accept the bribe?

It's never okay to accept bribe.

[HorseCoin]

i don't know  

http://i1.ytimg.com/vi/v7BkdARYNAE/maxresdefault.jpg

[BTC_Learner]

Let me pour a bit more oil to the fire:

What if one broadcasts a double spend of a confirmed transaction with a fee that provides enough incentive not to mine on top of the chain but to fork it just before the confirmation?

Is it ok to accept the bribe?

Does the miner know the intention of the broadcaster?

No. The miner has only publicly available information accessible to all other miner: that is the block chain and a double spend attempt on the network.

Then I would say there is nothing wrong with attempting to grab these coins. There is also nothing wrong with the rest of the network ignoring your fork should they choose.

I'm a beginner. Can someone help me understand how this works?

The original transaction--buyer sending coins to seller--got confirmed, and the bitcoins have moved to the address of the seller. The miner then forks the chain, at the point just before that confirmation. He is successful (which if I understand correctly, means that he mined the next block, forked the chain, AND that everyone else on the network accepted his chain as valid).

Does this mean that the coins that had showed up in the address of the seller are simply no longer there? They just look in their wallet, and the coins they had just received are now missing?

Also, can someone shed some light for me in terms of HOW other miners/nodes on the network 'choose' between the original chain and the forked chain? What types of validations are the other nodes doing to try and determine which chain is legitimate? Are these validations manual or automated?

[BTC_Learner]

We shouldn't lose sight of the fact that tx replacement issues were considered and accounted for at the very beginning, by Satoshi himself:

Using the sequence and lock_time fields prevents a tx from being replaced by another tx after the specified time (or block number, or ever if sequence = UINT_MAX). Essentially all transactions currently being broadcast have sequence == UINT_MAX, so they should never be replaced if the protocol is followed.

A race conditon between maliciously broadcast double-spend tx's will always be a function of how well connected the initial receiving nodes are, and the timing of the double spend tx broadcast. There's really no way around waiting for confirmations for absolute transaction certainty.

Best practice should be to always reject an incoming tx if it already has a counterpart in the mempool, where sequence == UINT_MAX. This is currently considered normal behavior and is probably the only thing that saved the network from being overwhelmed by the large scale TM attack in early Feb.

Non-conforming nodes are simply not following the protocol (i.e. they are disregarding the sequence parameter).

This was helpful. Some questions for you on this, probably stupid ones.

When you say a transaction has a counterpart in the mempool, what defines a counterpart? What parameters indicate that a transaction is basically a replica of another? Is it just that the same number of coins are being sent from the same address (which may not represent a double spend, right?)? I'm guessing it has to be something more fundamental than that?

Second, also probably a dumb question. If sequence is the only thing that matters, then couldn't one increase the probability of successfully double spending by reversing the transaction order? Send the malicious TX first, and then the legitimate one? Appreciate someone filling in the blanks, because I'm sure I'm missing something!

[OnkelPaul]

The protocol is the protocol.  If it enables fraud, that is part of the protocol.  Thankfully, with a modicum of simple measures, it does not allow fraud.

The protocol is the protocol.  It doesn't care if your transaction is a double spend or if there's a fee or no fee or if it's non-standard or standard or if you accidentally send 0.01 bitcoins with a 300 bitcoin miner fee.

The protocol is the protocol.  You will relay any transactions you think should be relayed, just as others will do.  You will mine transactions you think should be mined, just as others will do.  Most people don't mine dust or non-standard transactions, some do.

The protocol is the protocol.  The protocol is amoral.  It doesn't care about what you use your bitcoins for, or if you are attempting to defraud somebody.  All it knows is that's a valid transaction.  And that's all it needs to know.

Yes. All true.

Anything allowed by the protocol is fair game.

No. (old rhetoric trick - slip in an innocent sounding misleading statement after a list of things everybody agrees to, and most of the listeners will nod in agreement)

Whether something is allowed by the protocol is completely irrelevant to the question whether it is ethical.
Is stealing bitcoins by planting a trojan on a victim's computer ethical? The protocol does not care, but the action is certainly theft.
Is deliberately staging a double-spend to defraud a merchant ethical? The protocol does not care, but the action is certainly fraud.
Is deliberatley offering services to support such activities ethical? The protocol does not care, but the action is certainly complicity in crime.

Onkel Paul

[Peter R]

When you say a transaction has a counterpart in the mempool, what defines a counterpart? What parameters indicate that a transaction is basically a replica of another? Is it just that the same number of coins are being sent from the same address (which may not represent a double spend, right?)? I'm guessing it has to be something more fundamental than that?

By "counterpart," he means another transaction that spends at least one of the outputs spent by the transaction in question.  Outputs can only be spent once (of course).  

Let's say you create a transaction that spends coins A and B and broadcast it to the network.  My node will check if coins A and B have been spent, and, if not, accept this transaction into my memory pool and relay it to my peers.  

Let's say you also create a transaction that spends coins A and C.  If my node learns of this transaction after it has accepted the A/B transaction, it will reject it.  That is, my node will not allow it to replace the A/B transaction and my node will not relay it to my peers.  It is because of this behaviour that zero-confirm transactions are reasonably reliable.  

If sequence is the only thing that matters, then couldn't one increase the probability of successfully double spending by reversing the transaction order? Send the malicious TX first, and then the legitimate one? Appreciate someone filling in the blanks, because I'm sure I'm missing something!

This would increase the chances of getting caught by the merchant.  The merchant (or their payment provider) will have listening nodes.  These nodes are well-connected to other important nodes across the network.  If you broadcast the double-spend (the one that signs the coins back to you) first, then the listening node will likely see this by the time you broadcast the legitimate transaction.  

It is also likely that the legitimate transaction sent later would be rejected by the network.  The first node you relay it to may immediately drop it because it is clearly a double-spend.  

[BTC_Learner]

Thank you, that's helpful.

The check the nodes perform that you're describing, it sounds like it's voluntary? It's just that it's common and ubiquitous on the network, and that's why double spends are typically unlikely to be successful?

Say I am trying to do two separate transactions that are both for 0.2 BTC, using an output that has 0.5 BTC total. In that case, would nodes view both those transactions as valid? In other words, is it only when the total attempted spend exceeds the amount in the output that one of the transactions would not be accepted by the other nodes?

[amspir]

A merchant should not rely on unconfirmed transactions ever.

For small purchases, this is impractical.   To require the customer to stand there and wait for the transaction to be confirmed by one block could take up to 30-45 minutes.

The merchant, or the payment processing system, would have to take a small loss due to fraudulent transactions, just like they do with the credit/debit card payment systems.

[Peter R]

The check the nodes perform that you're describing, it sounds like it's voluntary? It's just that it's common and ubiquitous on the network, and that's why double spends are typically unlikely to be successful?

Users are free to modify the software as they see fit.  Personally, I would never relay double spends and I don't believe the developers would ever release a version of bitcoin-qt that relays double spends.  Relaying double spends would also decrease network robustness against DoS attacks as multiple variants of transactions could be broadcast to flood the network.  But you could modify your node to do whatever you want.  

What matters is the emergent behaviour of the network as a whole.

Say I am trying to do two separate transactions that are both for 0.2 BTC, using an output that has 0.5 BTC total. In that case, would nodes view both those transactions as valid? In other words, is it only when the total attempted spend exceeds the amount in the output that one of the transactions would not be accepted by the other nodes?

Bitcoin isn't based on "balances."  It is based on destroying and creating outputs.  If you have a 0.5 BTC output in Address 1, and you want to send 0.2 BTC to both Address 2 and Address 3, you could do it as a single transaction:

    input    = 0.5 BTC coin from Address 1

    outputs = 0.2 BTC coin assigned to Address 2,
                  0.2 BTC coin assigned to Address 3, and
                  0.1 BTC coin (change) assigned back to Address 1.

Or, as you mentioned, you could do this as two transactions:

TX #1:
    input    = 0.5 BTC coin from Address 1

    outputs = 0.2 BTC coin assigned to Address 2,
                  0.3 BTC coin (change) assigned back to Address 1.

TX #2:
    input    = 0.3 BTC coin from Address 1

    outputs = 0.2 BTC coin assigned to Address 3,
                  0.1 BTC coin (change) assigned back to Address 1.

Both methods are valid and would be accepted by conforming nodes and miners.  

[Lethn]

Assuming this is even possible, yes it would be fraud, because the miner is claiming transactions have occurred that haven't, I'm not an expert in Bitcoin code so I couldn't tell you whether it's possible but this is the reason I believe the whole mining system of proof of work/stake was created in the first place. I guess whether or not the miner actually being involved in the fraud would depend on their knowledge of the glitch/exploit in the first place, it would be a bit like with somebody working at a company that is knowingly committing fraud and inadvertently helps them hide evidence or something because they kept it hidden from them.

[bountygiver]

to the 12 people who voted no, I am disappoint.
Willingly aiding any unlawful activity is as bad as doing the unlawful act yourself.

And if you want more people to accept the use of bitcoin, you better damn well make sure the currency is secure and they have reasons to put faith in it.

[grau]

to the 12 people who voted no, I am disappoint.
Willingly aiding any unlawful activity is as bad as doing the unlawful act yourself.

And if you want more people to accept the use of bitcoin, you better damn well make sure the currency is secure and they have reasons to put faith in it.

Bitcoin is not about faith or trust. Any assumption of fair play is wrong here. Any assumption that the network will play nice with you only leads to your loss.

This is a system for money, that has rules, you like or not and those rules have no moral, they are just rules.

[lnternet]

So for transactions above 25BTC, if my partner accepts 1 confirmation, I should try to rebroadcast the tx with 25.1 BTC miners fee and hope some miner forks the chain.

[btc_jumpnrl]

You shouldn't ever accept 0-confirms as receipt of payment. If you need instant-confirmations, you need to adapt your PoS (PointofSale) to accommodate this with external means.

[grau]

So for transactions above 25BTC, if my partner accepts 1 confirmation, I should try to rebroadcast the tx with 25.1 BTC miners fee and hope some miner forks the chain.

There is a short term incentive for miner to accept your bounty. It is not really a bribe since they would do nothing against the rules. They are free to mine on whatever block they like.

There is however a long term incentive for miner to keep the network reliable in its behavior, since that influences the value of their coins.

I guess 25.1 is not enough to override the long term incentive, but there is definitely a sum some would consider it.