Peter Todd [ARCHIVE] on Nostr: 📅 Original date posted:2013-05-21 📝 Original message:On Mon, May 20, 2013 at ...
📅 Original date posted:2013-05-21
📝 Original message:On Mon, May 20, 2013 at 08:54:25PM -0700, Gregory Maxwell wrote:
> One point that was only recently exposed to me is that replacement
> combined with child-pays-for-parent creates a new kind of double spend
> _defense_: If someone double spends a payment to an online key of
> yours, you can instantly produce a child transaction that pays 100% of
> the double spend to fees... so a double spender can hurt you but not
> profit from it. (and if your side of the transaction is
> potentially/partially reversible he will lose)...
You can do better than that actually: you can arrange the transaction
such that the double-spender is hurt by asking them to pay an excess on
top of the initial payment, and having that excess get returned to them
in a subsequent transaction. Of course, that's trusting the merchant,
but you're trusting the merchant to ship to a product anyway so...
A really interesting example for this though would be applications where
you are making a deposit. You credit the customer account immediately
with half of the deposit amount, allowing them to immediately spend that
portion for something transferable. (perhaps an alt-coin) If the
customer tries to double-spend you burn half to fees, still leaving the
other half to pay for what they did spend. If they don't double-spend,
the rest of the balance becomes available after n confirmations. A
BTC->alt-coin exchange could use this mechanism for instance, although
it only works with widespread replace-by-fee adoption; blockchain.info's
shared-send service is another application, as is SatoshiDice. (the
failed bet tx can be the refund)
What's nice here is even if the customer tries to pay a miner to do the
dirty work, a short-term rational miner still has an incentive to screw
over the customer by accepting the merchant's double-spend. Now the
customer can promise the miner future business, but they've shown
themselves to be dishonest... how much honor is there among thieves?
--
'peter'[:-1]@petertodd.org
00000000000000f31f5cd20f915e3edb8e3fceea49580235b984fea63f1f882c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130521/ed1f372e/attachment.sig>;
📝 Original message:On Mon, May 20, 2013 at 08:54:25PM -0700, Gregory Maxwell wrote:
> One point that was only recently exposed to me is that replacement
> combined with child-pays-for-parent creates a new kind of double spend
> _defense_: If someone double spends a payment to an online key of
> yours, you can instantly produce a child transaction that pays 100% of
> the double spend to fees... so a double spender can hurt you but not
> profit from it. (and if your side of the transaction is
> potentially/partially reversible he will lose)...
You can do better than that actually: you can arrange the transaction
such that the double-spender is hurt by asking them to pay an excess on
top of the initial payment, and having that excess get returned to them
in a subsequent transaction. Of course, that's trusting the merchant,
but you're trusting the merchant to ship to a product anyway so...
A really interesting example for this though would be applications where
you are making a deposit. You credit the customer account immediately
with half of the deposit amount, allowing them to immediately spend that
portion for something transferable. (perhaps an alt-coin) If the
customer tries to double-spend you burn half to fees, still leaving the
other half to pay for what they did spend. If they don't double-spend,
the rest of the balance becomes available after n confirmations. A
BTC->alt-coin exchange could use this mechanism for instance, although
it only works with widespread replace-by-fee adoption; blockchain.info's
shared-send service is another application, as is SatoshiDice. (the
failed bet tx can be the refund)
What's nice here is even if the customer tries to pay a miner to do the
dirty work, a short-term rational miner still has an incentive to screw
over the customer by accepting the merchant's double-spend. Now the
customer can promise the miner future business, but they've shown
themselves to be dishonest... how much honor is there among thieves?
--
'peter'[:-1]@petertodd.org
00000000000000f31f5cd20f915e3edb8e3fceea49580235b984fea63f1f882c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130521/ed1f372e/attachment.sig>;