Transactions are committed to the block chain about every 10 minutes. Zero confirmation transactions do not reside in a block yet. Instead, they reside in the memory pool of miners. Until a block is mined that includes the transaction, it is said to have 'zero confirmations.' Once included in a block and written to the block chain the transaction has one confirmation.
Confirmation time is a measurement of a transaction's depth or age, in the block chain; the higher the number of confirmations, the older the transaction. When transactions are first broadcast to the network, they are zero confirmation transactions. Some exchanges and merchants do not accept these transactions. Instead, Bitcoin payments sit in limbo waiting for confirmations.
Bitcoin's Six Confirmation Bias
Today, but more so in the past, exchanges and merchants require a minimum number of confirmations before accepting a transaction. Typically this number is six. Why?
Well, after being broadcast zero confirmation transactions could wait as little as a few seconds to as long as hours or days for confirmation. Even though there is no way to rescind a transaction once broadcast, there is a bias towards accepting zero confirmation transactions.
The first reason is fear of a double spend attack. It is possible to broadcast multiple transactions at different points of the Bitcoin network. The transaction propagated to the highest number of miners first, wins. It is possible for an attacker to double spend by broadcasting two zero confirmation transactions. If timed correctly, the merchant software accepts the bogus transaction before receiving the double spend transaction.
The merchant is technically accepting an invalid transaction. The flaw exists because of the time it takes transactions to propagate the network. The two transactions are racing another across the globe.
For example, if my client is directly connected to your full node my transactions will relay through your software first. Your client will store the transaction and relay it to its known nodes. If I create four other clients and connect them to well-connected full nodes, I could lie to your node.
If each of my clients runs the same wallet software, with the keys they can build two separate transactions that spend the same bitcoins. For me to lie to you, I time the broadcasting of the transactions. My client that connects to the network through you will send a transaction to one of your addresses. My other four clients will broadcast a different transaction that claims the same bitcoins to one of my addresses.
For a short period, you will not be in sync with the network. That's the window of opportunity for a potential attack.
How much of a risk is a double spend? Well, services like Bitpay accept zero confirmation transactions because they monitor key nodes on the network. Once a transaction passes through these miners, there's no significant chance the transaction is invalid. After about 30 seconds the possibility of a double spend disappears. The transaction has been relayed to the majority of the network. Any attempt to broadcast a new transaction for the same bitcoins will fail.
The window of time is very short. Any payments through Bitpay's payment process demonstrate most transactions are safe to accept after just a few seconds. Also, for the majority of transactions, the cost of performing a double spend is far greater than the gains. It's not as lucrative to double spend low-value transactions. Purchases under $1,000 are likely safe. However, waiting 30 seconds for the transaction to relay is not unreasonable.
Zero Confirmation Transactions Aren't Alone
The second fear is that a bad actor that controls a significant portion of the hash rate could mine on a forked chain and orphan past blocks. In this scenario, the attacker mines a block. Instead of broadcasting the block, the miner begins a forked block chain and broadcasts a transaction that spends bitcoins.
The network could confirm the transaction, mining it in a block. The attacker will continue mining on their forked block chain. If it becomes longer than the main Bitcoin block chain, they release their blocks. In Bitcoin, the longest chain always wins. The block that confirmed the double spend transaction becomes an orphan and made invalid. The attacker's blocks include a transaction to themselves that spend the coins they spent earlier.
The possibility of a brute force attack like this is also very low. The cost of this kind of Bitcoin attack is much higher than a double spend. While zero confirmation transactions would always be at risk for this kind of attack, the probability of success diminishes as the confirmation time grows. An attacker controlling 10% of the network would have a .1% chance of reversing a six confirmation transaction.
What Do You Think? Comment Below?
Images from Bitnodes and Shutterstock.