BIP Draft - Instant Partial Confirmation

[JoelKatz]

I think the technical issues with this proposal are minor hiccups that could easily be worked around, I don't see any point. The Finney attack is the biggest threat to accepting 0-confirmation transactions and this does nothing to reduce that threat. So reducing the threat of a conflicting transaction by miners seems kind of pointless. It's like adding another chain across the window when the door is held shut with masking tape. If we had a fix for the Finney attack, then this might be worth doing as it would address the biggest problem with accepting 0-confirmation transactions, thus making it significantly safer to do so.

[1715668025]

1715668025

[1715668025]

1715668025

[1715668025]

1715668025

[runeks]

I really do think that the ideas of Bitcoin replacing VISA are misguided. We should be comparing the Bitcoin network to SWIFT (with its 1-day+ settlement time) and not VISA, with its ~10-second settlement time (notwithstanding chargebacks).

I don't think you can say "notwithstanding chargebacks". If you don't care about chargebacks/double spends then Bitcoin settles in a few seconds, about the same speed as card payments today. And if you throw trusted hardware into the mix (like smart cards, or computers with TPM chips), you can trust you have the money instantly, as you have some confidence that the hardware holding the private keys won't allow the owner to make double spends.

Let's be clear, Bitcoin is a set of techniques to reduce the probability of people rolling back their spends and it does a very fine job of that. We can layer more techniques on top to try and push the envelope around value/speed, but those techniques don't have to be extensions of the core system. For instance you can do what the credit card system does and have deep risk analysis of customers. You can have double spend insurance. You can have double spend alerts. You can leverage secure hardware, like trusted computing does. You can experiment with networks of payment channels routers, like in Menis proposal.

Probably we'll end up with some combination of these ideas, which will mean that plenty of Bitcoin merchants accept payments instantly and in practice users don't need to wait for confirmation.

It'd be neat if somebody could find a way to converge on a global consensus much faster. The physics of message propagation throughout a large broadcast network suggest it won't be feasible for a while though.

I think my point about not considering chargebacks as double spends is valid. I can't go out and spend the money on my VISA card twice. Chargebacks are an additional layer that VISA chooses to offer customers, because there's a demand for it. VISA doesn't have any problems with double spends. The fact that they offer chargebacks is a completely separate service from the actual transaction verification. We shouldn't conflate VISA-style chargebacks and a double spend vulnerability.

That being said I think the Bitcoin network works wonderfully considering its decentralized nature. I just think it would add a lot of value to have a decentralized 10-second payment system. Not that I think it's necessarily possible, but I like to play with the idea. Which is why I'm posting in this thread - to get a better understanding of what exactly is necessary for such a system to work.

I think we sometimes get stuck at designing a system that prevents unwanted activity, when it's only necessary to make unwanted activity unprofitable. Bitcoin is a great example of this. While all the hardcore cryptographers were trying to figure out a bullet-proof protocol for preventing double spends, Satoshi combined already available knowledge into a system that actually works.

Reminds me of this great Google Talk by Van Jacobson, where he describes how, back in the late 60's/early 70's, all researchers were spending their time trying to figure out how to quickly set up a physical connection between two points, for the use of electronic communication. While they were busy doing this, two guys developed the idea of a packet switched network. These ideas were ridiculed for not being "true to the cause" and a "hack".
The fact remains that a packet switched network is the basis of the Internet today. Researchers never figured out how to quickly set up a physical connection between two arbitrary points. I wouldn't be surprised if a "pure" cryptographic approach to solving the double spend problem suffers the same fate.

[Mike Hearn]

I think my point about not considering chargebacks as double spends is valid. I can't go out and spend the money on my VISA card twice.

That's exactly what chargebacks let you do. If you obtain some goods then it is charged back, you get the money back but don't have to return the goods.

In theory this is not a problem because if you do it repeatedly you get kicked out of the system. In practice it's a huge problem because card fraud/theft is so common, so carders can obtain whatever they want and the people whose card details were stolen don't lose any money, effectively their money gets "double spent" (just the first spend was by somebody else).

You're right that VISA doesn't have a problem with double spends. The merchants who use VISA do though, which is why they invest so heavily into risk analysis and usually bump up the prices to cover card losses.

[JoelKatz]

That's exactly what chargebacks let you do. If you obtain some goods then it is charged back, you get the money back but don't have to return the goods.

That's the nature of credit. Credit cards are credit. With credit, there's always a risk that the debtor won't pay the debt. It's not really a double spend because if you chargeback, you haven't spent in the first place. A purchase with a credit card is functionally more like a promise to pay than an actual payment.

In theory this is not a problem because if you do it repeatedly you get kicked out of the system. In practice it's a huge problem because card fraud/theft is so common, so carders can obtain whatever they want and the people whose card details were stolen don't lose any money, effectively their money gets "double spent" (just the first spend was by somebody else).

If you chargeback a merchant wrongly, the merchant will sue you. They may decide to eat the cost if they thing you're not worth going after. It is important to understand that a chargeback doesn't in any way change how much money you owe and to whom. If the purchase wasn't legitimate, you never owed anyone for it, before or after the chargeback. If the purchase was legitimate, you owed for the transaction both before and after the chargeback. The credit card company is just an intermediary for your payment to the merchant. When a credit card company accepts a chargeback, they're simply removing themselves as an intermediary in the transaction between the cardholder and the merchant.

You're right that VISA doesn't have a problem with double spends. The merchants who use VISA do though, which is why they invest so heavily into risk analysis and usually bump up the prices to cover card losses.

That's right. The 2.5% or so that merchants pay is only part of the cost of credit cards. The fraud they have to eat is part of that risk too. One of the big advantages of systems like Bitcoin over credit cards is that you don't have to expose the credentials needed to authorize additional spending just to do some spending now. Eventually, that could mean that crypto-currencies become significantly cheaper than credit cards, even more than just avoiding the transaction costs would suggest. (Even if features like chargebacks are added to them!)

[Serith]

Even if features like chargebacks are added to them!

Escrow, essentially, serves the same purpose as chargeback, so it's already implemented.

[cunicula]

I also think that pools will become less prominent in future. If the ASIC transition really does happen then non-serious miners (the type who use live cds) will get kicked out and the only miners left will be those who treat it as an actual business. If you've invested heavily into specialized equipment then mining solo against your own bitcoind isn't such a big deal. If you represent 0.1% of the networks hash power then you'd get a block every 10 days or so - hardly eye-bleeding variance risk given the time and effort it took to set up your mining farm.

Mike's premise: Mining is going to get centralized anyways. There will be small numbers of miners. The economics and technology of mining all point that way.

From a technical perspective: If you were only to have 1000 entities the Bitcoin consensus algorithm is fundamentally wrong:  The stochastic POW chain consensus provides slow and unpredictable eventual consensus. A consensus of 1000 entities can be accomplished far more inexpensively, rapidly, and reliably by identify them and using a majority vote with digital signatures. There are places for systems with this kind of security property, and they are the sorts of things OpenTransactions seek to create (potentially ones with much better scalability than the broadcast based Bitcoin system).

Gmaxwell's premise: With small numbers of voters, majority voting via signatures is much cheaper, faster, and more secure ("reliable") than mining.

Combining these two premises yields a conclusion. -> Ditch Mining, Adopt Majority Voting via Signatures.

Now, instead of coming to a conclusion, they turn to a faith-based approach.

Axiom: Majority voting via Signatures is wrong.

Jointly, Gmaxwell's premise and Mike's premise imply that Majority voting via Signatures is right. This contradicts the axiom that majority voting is wrong. Therefore, either Mike's premise or Gmaxewll's premise is incorrect.

BTW, one of the prime advantages of proof of work, as I see it, is there's no need for co-ordination. It may well be that 1000 nodes can achieve consensus much faster just by swapping signatures amongst themselves. However if you want to become the 1001st node (or stop being the first node) that's much harder in such a design. With PoW you just start calculating, you can join or leave the network at any time. That "robust simplicity" as Satoshi put it is a great thing.

Not really. For example: https://bitcointalk.org/index.php?topic=127952.msg1360115#msg1360115

[kjj]

From a technical perspective: If you were only to have 1000 entities the Bitcoin consensus algorithm is fundamentally wrong:  The stochastic POW chain consensus provides slow and unpredictable eventual consensus. A consensus of 1000 entities can be accomplished far more inexpensively, rapidly, and reliably by identify them and using a majority vote with digital signatures. There are places for systems with this kind of security property, and they are the sorts of things OpenTransactions seek to create (potentially ones with much better scalability than the broadcast based Bitcoin system).

Gmaxwell's premise: With small numbers of voters, majority voting via signatures is much cheaper, faster, and more secure ("reliable") than mining.

Combining these two premises yields a conclusion. -> Ditch Mining, Adopt Majority Voting via Signatures.

Now, instead of coming to a conclusion, they turn to a faith-based approach.

Axiom: Majority voting via Signatures is wrong.

Jointly, Gmaxwell's premise and Mike's premise imply that Majority voting via Signatures is right. This contradicts the axiom that majority voting is wrong. Therefore, either Mike's premise or Gmaxewll's premise is incorrect.

You failed to understand the assumption in his hypothetical.  I've bolded it for you.

We are not looking for an n-entity system, no matter the value of n.  Even when Satoshi started out, and n was 1, we did not have and did not want a n-entity system.

What we want, and what we have, is a system where anyone can join.  It may not make economical sense for them to do so, so the system may, from time to time, have a small n value, but anyone can still join.

You've been straining to avoid understanding this simple point for about as long as you've been posting here.  How long can you keep it up?

[cunicula]

You failed to understand the assumption in his hypothetical.  I've bolded it for you.

http://en.wikipedia.org/wiki/Premise
Maybe that will help you expand your vocabulary? Or perhaps you are only capable of analyzing one premise at a time, as you did in the previous post.

We are not looking for an n-entity system, no matter the value of n.  Even when Satoshi started out, and n was 1, we did not have and did not want a n-entity system.

Yes, your motivation is faith-based: "We are not looking for an n-entity system, no matter the value of n." I pointed that out in the previous post.

You've been straining to avoid understanding this simple point for about as long as you've been posting here.  How long can you keep it up?

Apparently, quite a long time. Confronting faith with satire, logic, and empiricism is something I enjoy. I understand that it is usually ineffective.

[kjj]

You failed to understand the assumption in his hypothetical.  I've bolded it for you.

http://en.wikipedia.org/wiki/Premise
Maybe that will help you expand your vocabulary? Or perhaps you are only capable of analyzing one premise at a time, as you did in the previous post.

We are not looking for an n-entity system, no matter the value of n.  Even when Satoshi started out, and n was 1, we did not have and did not want a n-entity system.

Yes, your motivation is faith-based: "We are not looking for an n-entity system, no matter the value of n." I pointed that out in the previous post.

You've been straining to avoid understanding this simple point for about as long as you've been posting here.  How long can you keep it up?

Apparently, quite a long time. Confronting faith with satire, logic, and empiricism is something I enjoy. I understand that it is usually ineffective.

Thanks for reminding me why I have you on ignore.  Not really sure why I clicked show on that post.  Probably curiosity.

Apparently, in your mind, it is "faith" when someone wants something other than what you want.  Bitcoin mining is decentralized in the sense that you don't need permission from anyone to become a miner yourself.  It may not make sense for you to do so, but no one can stop you.  Even if we end up in a world where there are only 10 miners, that system is still less centralized, in principle, than a system with 1000 miners in a cabal, or a million.

No one gives a shit what your "satire, logic and empiricism" confronts about something that we don't want.

[cunicula]

You failed to understand the assumption in his hypothetical.  I've bolded it for you.

http://en.wikipedia.org/wiki/Premise
Maybe that will help you expand your vocabulary? Or perhaps you are only capable of analyzing one premise at a time, as you did in the previous post.

We are not looking for an n-entity system, no matter the value of n.  Even when Satoshi started out, and n was 1, we did not have and did not want a n-entity system.

Yes, your motivation is faith-based: "We are not looking for an n-entity system, no matter the value of n." I pointed that out in the previous post.

You've been straining to avoid understanding this simple point for about as long as you've been posting here.  How long can you keep it up?

Apparently, quite a long time. Confronting faith with satire, logic, and empiricism is something I enjoy. I understand that it is usually ineffective.

Thanks for reminding me why I have you on ignore.  Not really sure why I clicked show on that post.  Probably curiosity.

Apparently, in your mind, it is "faith" when someone wants something other than what you want.  Bitcoin mining is decentralized in the sense that you don't need permission from anyone to become a miner yourself.  It may not make sense for you to do so, but no one can stop you.  Even if we end up in a world where there are only 10 miners, that system is still less centralized, in principle, than a system with 1000 miners in a cabal, or a million.

No one gives a shit what your "satire, logic and empiricism" confronts about something that we don't want.

I had assumed you were designing a product to help people make payments. Thus, the argument should be about how one can do this most effectively (low fees, secure, etc.)

As you say, you are pursuing personal objectives instead. Sorry for misunderstanding.

[kjj]

You failed to understand the assumption in his hypothetical.  I've bolded it for you.

http://en.wikipedia.org/wiki/Premise
Maybe that will help you expand your vocabulary? Or perhaps you are only capable of analyzing one premise at a time, as you did in the previous post.

We are not looking for an n-entity system, no matter the value of n.  Even when Satoshi started out, and n was 1, we did not have and did not want a n-entity system.

Yes, your motivation is faith-based: "We are not looking for an n-entity system, no matter the value of n." I pointed that out in the previous post.

You've been straining to avoid understanding this simple point for about as long as you've been posting here.  How long can you keep it up?

Apparently, quite a long time. Confronting faith with satire, logic, and empiricism is something I enjoy. I understand that it is usually ineffective.

Thanks for reminding me why I have you on ignore.  Not really sure why I clicked show on that post.  Probably curiosity.

Apparently, in your mind, it is "faith" when someone wants something other than what you want.  Bitcoin mining is decentralized in the sense that you don't need permission from anyone to become a miner yourself.  It may not make sense for you to do so, but no one can stop you.  Even if we end up in a world where there are only 10 miners, that system is still less centralized, in principle, than a system with 1000 miners in a cabal, or a million.

No one gives a shit what your "satire, logic and empiricism" confronts about something that we don't want.

I had assumed you were designing a product to help people make payments. Thus, the argument should be about how one can do this most effectively (low fees, secure, etc.)

As you say, you are pursuing personal objectives instead. Sorry for misunderstanding.

Bitcoin is an attempt to more closely approach the platonic ideal of money.

Part of that is payment processing, but there are other parts, such as store-of-value and unit-of-account.  If you only see one part in isolation, you might think that it is a "product to help people make payments" and start thinking that you need to wring every last bit of efficiency out of that one part.

[AsymmetricInformation]

I realize that this discussion ended in disaster, but the Pay-To-Instant-Confirmation idea is something I'm pretty interested in, and I just wanted to necro the topic to see if anyone has any new ideas.

The concept is that people pay an extra fee, and their funds arrive instantly in a way that they can trust that there will eventually be 6 confirmations. This was ostensibly done with ZipConf but all of those people vanished.

[runeks]

I realize that this discussion ended in disaster, but the Pay-To-Instant-Confirmation idea is something I'm pretty interested in, and I just wanted to necro the topic to see if anyone has any new ideas.

The concept is that people pay an extra fee, and their funds arrive instantly in a way that they can trust that there will eventually be 6 confirmations. This was ostensibly done with ZipConf but all of those people vanished.

The partial confirmations concept seems useful to me.

The biggest issue is how to compensate miners for participating. Although I'm not sure this is absolutely necessary if we can make the solution sufficiently light weight (ie. light on bandwidth, CPU power and RAM).