Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Qp68K-0008Qf-6o for bitcoin-development@lists.sourceforge.net; Thu, 04 Aug 2011 22:11:16 +0000 X-ACL-Warn: Received: from sulfur.webpack.hosteurope.de ([217.115.142.104]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1Qp68I-00059M-Mw for bitcoin-development@lists.sourceforge.net; Thu, 04 Aug 2011 22:11:16 +0000 Received: from 84-72-69-153.dclient.hispeed.ch ([84.72.69.153] helo=[192.168.0.21]); authenticated by sulfur.webpack.hosteurope.de running ExIM with esmtpsa (TLSv1:AES256-SHA:256) id 1Qp68C-0002NM-NK; Fri, 05 Aug 2011 00:11:08 +0200 Message-ID: <4E3B18F3.4010605@justmoon.de> Date: Fri, 05 Aug 2011 00:10:59 +0200 From: Stefan Thomas User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <201108041423.14176.andyparkins@gmail.com> <201108041922.16956.andyparkins@gmail.com> <1312483196.3109.38.camel@Desktop666> <201108042042.55214.andyparkins@gmail.com> <82CEB610-9821-4928-8A13-30088A59223C@andrewschaaf.com> <1312490305.3109.46.camel@Desktop666> In-Reply-To: <1312490305.3109.46.camel@Desktop666> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-bounce-key: webpack.hosteurope.de;moon@justmoon.de;1312495874;17f234c5; X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1Qp68I-00059M-Mw Subject: Re: [Bitcoin-development] Double spend detection to speed up transaction trust X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2011 22:11:16 -0000 Since nobody else has mentioned it: There is another (more pragmatic?) way to detect double spends: 1. Connect to lots of clients 2a. If they all send you the same transaction -> double spend unlikely 2b. If some don't send you the transaction (or send a conflicting one) -> double spend in progress Obviously not everyone will run a double spend detector - it's much more easily realized as a service (just like mining.) Jan put up a proof of concept: http://www.transactionradar.com/ Would network support like a MSG_DOUBLESPEND be better? I used to think yes, but looking at the reality of Transaction Radar, I'm not so sure. Nothing stops such a service from scaling up and connecting to thousands of random nodes (especially when the network itself grows bigger), pushing the probabilities of missing a double spend "in the wild" to near zero. It could also connect directly to important miners/pools as others have suggested. Of course this doesn't help against double spends where the attacker does his own mining*, but neither would MSG_DOUBLESPEND. Given the added network load I'd argue that network support for double spends is unnecessary and potentially damaging. DoS is more scary to me than non-instant transactions. * In this case of course the hacker will be exposed to some randomness, and I doubt many attackers will buy 100 televisions, newspaper subscriptions or MP3s to get one for free. So this is only a problem for liquid goods with tiny spreads (any investment or stored value instrument.)