summaryrefslogtreecommitdiff
path: root/b5/3aef30ca959f35bae0743d88b08bb9797a646d
blob: 80f1842fd70d51f7b3c3ca42180a4882bea8833a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gacrux@gmail.com>) id 1WdgKY-0003GP-4R
	for bitcoin-development@lists.sourceforge.net;
	Fri, 25 Apr 2014 13:38:18 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.223.171 as permitted sender)
	client-ip=209.85.223.171; envelope-from=gacrux@gmail.com;
	helo=mail-ie0-f171.google.com; 
Received: from mail-ie0-f171.google.com ([209.85.223.171])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WdgKW-0006Id-8q
	for bitcoin-development@lists.sourceforge.net;
	Fri, 25 Apr 2014 13:38:18 +0000
Received: by mail-ie0-f171.google.com with SMTP id ar20so3830378iec.30
	for <bitcoin-development@lists.sourceforge.net>;
	Fri, 25 Apr 2014 06:38:11 -0700 (PDT)
X-Received: by 10.42.129.9 with SMTP id o9mr7243278ics.38.1398433090983;
	Fri, 25 Apr 2014 06:38:10 -0700 (PDT)
Received: from [192.168.1.150] (60-240-212-53.tpgi.com.au. [60.240.212.53])
	by mx.google.com with ESMTPSA id sb11sm8627915igb.0.2014.04.25.06.38.09
	for <bitcoin-development@lists.sourceforge.net>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Fri, 25 Apr 2014 06:38:10 -0700 (PDT)
Message-ID: <535A653E.1060902@gmail.com>
Date: Fri, 25 Apr 2014 23:38:06 +1000
From: Gareth Williams <gacrux@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
References: <CAC1+kJM3pSq8YfwbX167rQ0=0Y_hozRQ3pggDN524=LUfOdTqg@mail.gmail.com>	<CANEZrP1f9WV-Mp9SGm4q88h82xxBnwqg8M7JJhnqGOHCWf65xg@mail.gmail.com>	<CAB+qUq7=o05GgCNdTtH=cuW56qbjg5v0ZpxvCYmCPj1AvFui+g@mail.gmail.com>	<5359E9CB.9050703@gmail.com>
	<CANEZrP2FJ8m-kKeLiEZw-hb9teeVXay0FqzsJ0wJTtbNABetpA@mail.gmail.com>
In-Reply-To: <CANEZrP2FJ8m-kKeLiEZw-hb9teeVXay0FqzsJ0wJTtbNABetpA@mail.gmail.com>
X-Enigmail-Version: 1.6
OpenPGP: id=378E4544
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="m041PeASdhDJdjudmF9vV5hMsKE4JWXlQ"
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(gacrux[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WdgKW-0006Id-8q
Subject: Re: [Bitcoin-development] 0 confirmation txs using replace-by-fee
 and game theory
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 13:38:18 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--m041PeASdhDJdjudmF9vV5hMsKE4JWXlQ
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


On 25/04/14 20:19, Mike Hearn wrote:
>     You don't get any money back, but you do get an angry shopkeeper ch=
asing
>     you down the street / calling the police / blacklisting you from th=
e
>     store.
>=20
>=20
> If they could do that they'd just take the stolen property back and you=

> would have failed to spend your money twice. So this is by definition,
> not a successful double spend. We are worried about the cases when you
> could successfully double spend, and the only thing stopping you is Bit=
coin.

You might not succeed in catching them, but however small the risk of
getting caught is, they're taking that risk for an assured zero gain.
Any rational attacker would therefore not bother.

I think it's a very elegant solution to the typical "broadcast double
spend" attack. Of course it unfortunately does nothing to stop a
dishonest mining pool from secretly working on your double spend for a
fee. But that breaks down to:
* trade first and hope the dishonest pool finds the next block
* the dishonest pool finds and withholds the block while you trade

We can discount the second one entirely - the orphan risk makes it very
expensive to execute, and people are typically accepting zero-conf for
low value items like cups of coffee. For high value items it is probably
reasonable (and hopefully common practice?) to wait for a block.

So we're left with the first situation. As others have noted, given a
dishonest pool with 5% total hashrate, a dedicated attack is out (unless
you want to end up actually buying goods to 20x the value of the attack
in the process.)

That leaves the opportunists, who press the "attempt to take-back 70% of
this transaction" (remember the pool gets their cut) every time they buy
a coffee and very occasionally get lucky. They're the only unsolvable
problem I can see here. It remains to be seen how many such opportunists
we'll end up with, or how much hashrate the dishonest pool can actually
attract.



--m041PeASdhDJdjudmF9vV5hMsKE4JWXlQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTWmU+AAoJEEY5w2E3jkVEk3EIAMGY2c1Q1V3EEZZFLxyMQsIr
RF23fp5FhLnK7jyH2QQ0kfNW5yq4vUZahG2RwtQIlLrAjFGaQSOfkIi48PqnSHpZ
eP/fMkj9+BLiF7KSTaiXHYaBA0VQmxhaiIw1gBynrKXo8/+TO1HYpD1lPaWnYIXU
+Ykz6NiVQmJJ3xLm1uAQJKwT4yZ8LRL51g65aVPnXYQaNgYURN3nBkCYLWi2t7q4
VGmYa+7EGhG4Y8NWUqexphMlLpXhzIh05wukiFIDWGXReRTfDYKcEjz22/x1i39e
RH1k1sEyP8X4HmA378MbKMlgTYDV+5+N+OxvAJiYaa8oVaSt/XaHVHGHb6PqAgI=
=4Plk
-----END PGP SIGNATURE-----

--m041PeASdhDJdjudmF9vV5hMsKE4JWXlQ--