Toms Blog

Where I talk about Bitcoin and Technology

zero-conf and double-spend FAQ

2018-04-01 bitcoin bitcoin cash

Q) What is zero-conf

A) Payments in Bitcoin Cash get confirmed by miners in a block, one block after another. An exchange may require 3 confirmations which means that a payment was mined in a block and two more blocks were created extending the bitcoin chain.

Zero-conf is when you understand how likely it is that the payment will get mined in a block to such an extend that a merchant can complete the transaction with its customer. Even while the payment still has only zero confirmations.

There is a risk that should be mentioned. The risk that the sender of the payment attempts to defraud the merchant by attempting to do a double spend. On the Bitcoin Cash network there are various tools to mitigate that risk, and the rest of this FAQ will go over the details of that.

Q) Who is at risk?

A) There is a risk involved in accepting zero confirmation transactions due to double-spend attacks. These can be mitigated to very acceptable levels by understanding how the technology helps the merchant, or generally, the receiver of the payment.

A mutually consenting transaction is on one hand a payment (in Bitcoin Cash) and then the payer getting something in return. If that ‘something’ you get in return is not naturally given instantly or the interaction will even be for a good duration, then the only thing the merchant really risks is having to hold their customer accountable when it turns out the payment failed. As such selling a house, the mortgage or a car can be done with zero-conf.

Q) What does it mean when you say Bitcoin Cash helps zero-conf to be more secure?

A) There is a strong economic push to make sure zero-conf is and stays secure. Specifically, any miner that would willfully assist double-spend attacks are publicly causing all the miners loose money due to the loss of trustworthiness of the coin. Economic sanctions are very likely. And a miner would be stealing from their own pocket.

Miners follow the “first seen” principle. The second transaction will be at a vast disadvantage. Effectively limiting an attacker to less than 2 second window to do it in.

Any merchant will be able to see both transactions within a very short time-span of seconds. Using Flowee Cashier you will get a notification when a double-spend is done against you. So you can take appropriate action.

BCH is also increasing the reliability further for systems not based on fully validating nodes using technologies like double-spend-proofs (more).

Q) Can’t the miner just mine the first one?

A) The question implies that the miner knows which transaction is the “right” one. Practically speaking a miner can’t know this, he can receive the transaction in reverse order than another miner. This kind of ‘race-condition’ is very easy and common and should not cause a chain-split.

Q) Should a miner just not mine any transaction that is double-spent?

A) That would lead to an even worse security for the receiver of the transaction as they are for sure not getting paid that way. Next to that this is very impractical for people that honestly have to re-create transactions in completely different settings than the shopper-merchant setup.

Q) What happens to the double-spend once the other one is mined in a block

A) Per definition a coin can only be spend once, much like Schrodinger’s cat we don’t know which one until it is mined. When it is mined, the choice has been made and the other option is no longer possible.

Q) What can a merchant that notices a double-spend do?

A) When the merchant receives a payment and notices a double spend, they first of all have to check if there is any problem at all. If both transactions pay the merchant, then there is no reason to worry. If one paid the merchant and the other doesn’t, then the buyer is engaging in defrauding the merchant, in-person activities should consider acting on that. Secondary, the merchant may create a child transaction to increase the fee paid, using child-pays-for-parent, to ensure that the miners will pick that one. Either way, it is wise to not hand over the service or product until at least one confirmation has occurred.

Q) What is the maximum amount I should accept zero-conf for?

A) There is a wisdom that if the action of accepting zero-conf implies you take more risk, then you can work on lowering the risk by accepting only smaller payments.

While this is not a bad idea, the real thing to pay attention to is method of payment. These rules should be very familiar to most merchants;

You should take into account situations when there is no physical interaction, such as an in-person exchange of goods, as well as there being no transfer time which allows you extended face-to-face time and last there being no traceable record of the buyer which allows you to find the buyer at a later date when you discover the fraudulent payment.

Only in such situations is there a risk of being defrauded by double-spend attack.

Q) How does selfish mining affect zero-conf.

A) It doesn’t have any effect.

Q) What about RBF (replace-by-fee) ?

A) Bitcoin Cash does not have the RBF mis-feature.