In a previous post I discussed long confirmation delays being a major obstacle to adoption, especially for bricks-and-mortar shops where the customer expects to walk away with his purchase immediately.
An interesting reply linked to a comment made by Satoshi on bitcointalk:
I believe it'll be possible for a payment processing company to provide as a service the rapid distribution of transactions with good-enough checking in something like 10 seconds or less.which then went on to discuss the technicalities. The obvious question this raises is then:
"If this is the case, then why do most big players in the bitcoin economy require multiple confirms?"MtGOX asks for several hours, TradeHill estimates one hour, VirtEx requires 6 confirms, not sure how long BritCoin requires after their makeover but it used to be 6 confirms. Are they being unnecessarily cautious, or has the technology Satoshi refers to not arrived yet? If so, when can we expect that? These aren't rhetorical questions, I think a lot of people would really like to know if zero-confirm transactions can indeed be made relatively secure.
Other replies point out that since the existing credit card infrastructure allows chargebacks, and chargebacks can happen months after the initial transaction, bitcoin is still superior to CC. However, CC chargeback is a somewhat known quantity; CyberSource’s Annual Online Fraud Report claims that about 40% of retailers have a chargeback rate of 1% or more, according to this blog. This means that as a business you should expect your CC transactions to cost a percentage point more than your payment provider claims. Annoying, but not something that's going to kill you. And since credit cards have been around for a while, it's unlikely to get orders-of-magnitude worse.
I view the confirmation characteristics as being a probability as a function of time. The longer you wait, the more certain you are of a valid transaction. In the case of credit cards you have to wait 2 months for a complete guarantee, whereas for bitcoin you might have to wait up to an hour based on what the big exchanges are telling us, although according to Satoshi it may be far less than an hour. The following diagram depicts the datapoints we have:
What I propose is that we setup a honeypot to find out more about the properties of the bitcoin validity curve in this region. It would work like a security honeypot - if you can have a transaction rejected after 5 seconds then you win a prize. Of course we want to know all the data-points, so we would have multiple prizes, one for each duration we're interested in. The process would work like this:
- Whitehat sends bounty to honeypot address.
- Honeypot waits 5s and sends the money back if transaction is still valid at this point.
- If whitehat manages to reverse his original payment, then he keeps his original bitcoins from 1. and also wins the bounty from 2. Otherwise, he just gets his money back from 2.
The website would display a table of what has been hacked so far and what the current bounties are, something like this (not sure what the actual bounties should be):
Or perhaps you could start all bounties off at 1 BTC, and then let each one grow daily until someone manages to hack them. That way you don't have to make decisions about the relative difficulties of different rejections, you just find out over time.
If someone builds this, I will fund bounties as a service to the bitcoin community.