Transactions are committed to the block chain about every Ten minutes. Zero confirmation transactions do not reside ter a block yet. Instead, they reside ter the memory pool of miners. Until a block is mined that includes the transaction, it is said to have ‘zero confirmations.’ Once included ter a block and written to the block chain the transaction has one confirmation.
Confirmation time is a measurement of a transaction’s depth or age, ter the block chain, the higher the number of confirmations, the older the transaction. When transactions are very first broadcast to the network, they are zero confirmation transactions. Some exchanges and merchants do not accept thesis transactions. Instead, Bitcoin payments sit te limbo waiting for confirmations.
Bitcoin’s Six Confirmation Bias
Today, but more so te the past, exchanges and merchants require a ondergrens number of confirmations before accepting a transaction. Typically this number is six. Why?
Well, after being broadcast zero confirmation transactions could wait spil little spil a few seconds to spil long spil hours or days for confirmation. Even tho’ there is no way to rescind a transaction once broadcast, there is a bias towards accepting zero confirmation transactions.
Ordner of Active Bitcoin Utter Knots
The very first reason is fear of a dual spend attack. It is possible to broadcast numerous transactions at different points of the Bitcoin network. The transaction propagated to the highest number of miners very first, wins. It is possible for an attacker to dual spend by broadcasting two zero confirmation transactions. If timed correctly, the merchant software accepts the bogus transaction before receiving the dual spend transaction.
The merchant is technically accepting an invalid transaction. The flaw exists because of the time it takes transactions to propagate the network. The two transactions are racing another across the globe.
For example, if my client is directly connected to your utter knot my transactions will relay through your software very first. Your client will store the transaction and relay it to its known knots. If I create four other clients and connect them to well-connected utter knots, I could lie to your knot.
If each of my clients runs the same wallet software, with the keys they can build two separate transactions that spend the same bitcoins. For mij to lie to you, I time the broadcasting of the transactions. My client that connects to the network through you will send a transaction to one of your addresses. My other four clients will broadcast a different transaction that claims the same bitcoins to one of my addresses.
For a brief period, you will not be ter sync with the network. That’s the window of chance for a potential attack.
How much of a risk is a dual spend? Well, services like Bitpay accept zero confirmation transactions because they monitor key knots on the network. Once a transaction passes through thesis miners, there’s no significant chance the transaction is invalid. After about 30 seconds the possibility of a dual spend vanishes. The transaction has bot relayed to the majority of the network. Any attempt to broadcast a fresh transaction for the same bitcoins will fail.
The window of time is very brief. Any payments through Bitpay’s payment process demonstrate most transactions are safe to accept after just a few seconds. Also, for the majority of transactions, the cost of performing a dual spend is far greater than the gains. It’s not spil lucrative to dual spend low-value transactions. Purchases under $1,000 are likely safe. However, waiting 30 seconds for the transaction to relay is not unreasonable.
Zero Confirmation Transactions Aren’t Alone
The 2nd fear is that a bad actor that controls a significant portion of the hash rate could mine on a forked chain and orphan past blocks. Te this screenplay, the attacker mines a block. Instead of broadcasting the block, the miner starts a forked block chain and broadcasts a transaction that spends bitcoins.
The network could confirm the transaction, mining it te a block. The attacker will proceed mining on their forked block chain. If it becomes longer than the main Bitcoin block chain, they release their blocks. Te Bitcoin, the longest chain always wins. The block that confirmed the dual spend transaction becomes an orphan and made invalid. The attacker’s blocks include a transaction to themselves that spend the coins they spent earlier.
The possibility of a brute force attack like this is also very low. The cost of this kleintje of Bitcoin attack is much higher than a dual spend. While zero confirmation transactions would always be at risk for this zuigeling of attack, the probability of success diminishes spil the confirmation time grows. An attacker controlling 10% of the network would have a .1% chance of reversing a six confirmation transaction.
Pictures from Bitnodes and Shutterstock.