Oleg Andreev

Software designer with focus on user experience and security.

You may start with my selection of articles on Bitcoin.

Переводы некоторых статей на русский.

Product architect at Chain.

Author of Gitbox version control app.

Author of CoreBitcoin, a Bitcoin toolkit for Objective-C.

Author of BTCRuby, a Bitcoin toolkit for Ruby.

Former lead dev of FunGolf GPS, the best golfer's personal assistant.

I am happy to give you an interview or provide you with a consultation.
I am very interested in innovative ways to secure property and personal interactions: all the way from cryptography to user interfaces. I am not interested in trading, mining or building exchanges.

This blog enlightens people thanks to your generous donations: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo

about
@oleganza
oleganza@gmail.com
reddit
archive
rss

April 16

BitUndo can destroy instant 0-confirmation transactions

BitUndo (http://www.bitundo.com) is a service allowing to double-spend your own transactions for a fee. So that you can “undo” your supposedly mistaken transaction. It is of questionable value and works as a direct attack on current practice of accepting 0-confirmation transactions for small purchases.

Right now nodes do not accept double spending transactions, no matter how much they pay in mining fees. This makes simple security promise for 0-conf transactions: the most relayed version is the one that most probably will be included in the block. So merchants can accept such transactions because they know that reversing it would cost much more than 100% of the transaction value.

If enough nodes on the network replace transactions when the mining fee is, say, 10% higher than the previous version (or 10% of the total amount, or whatever), then for the user it is much cheaper to “take money back”. You will send $5 for your coffee and get back $4 with no sweat. Merchant will lose all $5. You can say goodbye to 0-confirmation transactions.

So what do we have:

1) Users get some sort of “undo” function which is nobody was asking for. In my view, if there’s a problem with accidental button clicking in the UI, it’s simpler to fix right there, not by changing the entire network.

2) No one can rely on 0-confirmation transactions anymore. Even today they are not safe, but for small purchases the risks are pretty low, so they work for many people to everyone’s satisfaction. But with network-wide “replace with higher-fee transaction” the risk will go up significantly to make this feature unusable.

However, in the long run, 0-conf transactions won’t be the future of instant micropayments (we’ll have some sort of distributed clearing network instead), so we might not care that much. But the value of “undo” is still very questionable to throw away usefulness of 0-conf transactions today.

Final note: Bitundo can’t be useful when it’s small. It’s either working more than 90% of the time for legitimate “undos” (which makes 0-conf txs useless) or it’s used marginally only by those who wish to rob merchants who accept 0-conf transactions. In which case they still may render 0-conf transactions useless.