Transactions are committed to the block chain about every 10 minutes.Zero confirmation transactions do not reside in a block yet.Instead, they reside in the memory pool of miners.Until a block is mined that includes the transaction, it is said to have ‘zero confirmations.’ Once included in a block and written to the block chain the transaction has one confirmation.Confirmation time is a measurement of a transaction’s depth or age, in the block chain; the higher the number of confirmations, the older the transaction.When transactions are first broadcast to the network, they are zero confirmation transactions.Some exchanges and merchants do not accept these transactions.Instead, Bitcoin payments sit in limbo waiting for confirmations.Today, but more so in the past, exchanges and merchants require a minimum number of confirmations before accepting a transaction.Typically this number is six.Well, after being broadcast zero confirmation transactions could wait as little as a few seconds to as long as hours or days for confirmation.

Even though there is no way to rescind a transaction once broadcast, there is a bias towards accepting zero confirmation transactions.The first reason is fear of a double spend attack.It is possible to broadcast multiple transactions at different points of the Bitcoin network.bitcoin gratis yang banyakThe transaction propagated to the highest number of miners first, wins.bitcoin mediciIt is possible for an attacker to double spend by broadcasting two zero confirmation transactions.mts bitcoinIf timed correctly, the merchant software accepts the bogus transaction before receiving the double spend transaction.bitcoin ati or nvidiaAlso read: Undoing the Undoable: Bitundo – Doublespending Bitcoins as a Service The merchant is technically accepting an invalid transaction.xbox bitcoin miner

The flaw exists because of the time it takes transactions to propagate the network.The two transactions are racing another across the globe.For example, if my client is directly connected to your full node my transactions will relay through your software first.armory bitcoin offline walletYour client will store the transaction and relay it to its known nodes.If I create four other clients and connect them to well-connected full nodes, I could lie to your node.If each of my clients runs the same wallet software, with the keys they can build two separate transactions that spend the same bitcoins.For me to lie to you, I time the broadcasting of the transactions.My client that connects to the network through you will send a transaction to one of your addresses.My other four clients will broadcast a different transaction that claims the same bitcoins to one of my addresses.For a short period, you will not be in sync with the network.

That’s the window of opportunity for a potential attack.How much of a risk is a double spend?Well, services like Bitpay accept zero confirmation transactions because they monitor key nodes on the network.Once a transaction passes through these miners, there’s no significant chance the transaction is invalid.After about 30 seconds the possibility of a double spend disappears.The transaction has been relayed to the majority of the network.Any attempt to broadcast a new transaction for the same bitcoins will fail.The window of time is very short.Any payments through Bitpay’s payment process demonstrate most transactions are safe to accept after just a few seconds.Also, for the majority of transactions, the cost of performing a double spend is far greater than the gains.It’s not as lucrative to double spend low-value transactions.Purchases under $1,000 are likely safe.However, waiting 30 seconds for the transaction to relay is not unreasonable.The second fear is that a bad actor that controls a significant portion of the hash rate could mine on a forked chain and orphan past blocks.

In this scenario, the attacker mines a block.Instead of broadcasting the block, the miner begins a forked block chain and broadcasts a transaction that spends bitcoins.Also read: Stealth Payments Create Anonymous Bitcoin Transactions The network could confirm the transaction, mining it in a block.The attacker will continue mining on their forked block chain.If it becomes longer than the main Bitcoin block chain, they release their blocks.In Bitcoin, the longest chain always wins.The block that confirmed the double spend transaction becomes an orphan and made invalid.The attacker’s blocks include a transaction to themselves that spend the coins they spent earlier.The possibility of a brute force attack like this is also very low.The cost of this kind of Bitcoin attack is much higher than a double spend.While zero confirmation transactions would always be at risk for this kind of attack, the probability of success diminishes as the confirmation time grows.An attacker controlling 10% of the network would have a .1% chance of reversing a six confirmation transaction.

What Do You Think?Images from Bitnodes and Shutterstock.This semester, I've been taking a course on Bitcoin and Cryptocurrencies, offered by Princeton's Center for Information Technology Policy, and co-taught by Arvind Narayanan and Joseph Bonneau (with help from Ed Felten and Andrew Miller).Inspired by the course, I spent some time this semester on a Bitcoin Script-to-JavaScript compiler and a real-time playground for the browser: the Script Playground.It's a great way to familiarize yourself with the semantics of and philosophies behind Bitcoin Script.The ES6 source is available on GitHub; you can also download the interpreter as the bitcoin-script package on npm.In this post, I'll explain some of the core principles and functionality behind Script before introducing the Script Playground and a few examples.(If you have a good handle on Script, feel free to skip ahead.)Script is a simple stack-based programming language used by Bitcoin to validate transactions.Script programs are processed left-to-right, with each operation modifying a global stack.

On termination, the script is either considered valid (indicated by the presence of a 1 on top of the stack) or invalid (anything else).As an example, this script pushes a 0 onto the stack, increments it, and terminates.As 0 + 1 = 1 is on top of the stack, this script will run successfully: Script is used to verify that the spender of some Bitcoins actually owns them.In other words, scripts validate transactions.Each Bitcoin transaction requires two scripts: ScriptPubKey and ScriptSig.The former is included as part of the transaction when it is broadcast to the network and typically encodes the destination address D of the Bitcoins involved.The latter is provided when those Bitcoins are spent in the future by the owner of address D and typically provides some evidence that the owner actually owns that address (i.e., by signing a message with its private key).To validate the spending of Bitcoins, miners concatenate the ScriptSig and ScriptPubKey.If the concatenated program is valid, the transaction is valid, and vice-versa.

For this reason, these scripts are sometimes referred to as the "unlocking" and "locking" scripts, respectively, as the ScriptPubKey is provided to lock some Bitcoins to an address, and the ScriptSig, to unlock them in the future.Script is purposefully not Turing-complete.It contains no loops (it's only form of control flow is through if-else statements) and the instruction set is limited to the bare necessities: stack manipulation, arithmetic, cryptography, and little else.This simplicity is a feature, not a flaw.As scripts are used to validate transactions, miners across the network have to execute them in bulk to compose and validate blocks.If the Script language allowed for intense computation, miners would be disincentivized from validating transactions because of the costs of computing.At the very least, these miners would be incurring an unnecessary cost, as Script's simplicity is sufficient for covering most of what we want to do in transaction validation.This cost would make mining less attractive, and as the attractivity of mining is crucial to maintaining a high hash rate across the network (and thus securing the network), this simplicity is a good thing.

In practice, Bitcoin scripts typically take one of a handful of forms, e.g.: In fact, miners will reject transactions that veer from the list of standard Script formats.In Bitcoin jargon, these are referred to as "non-standard transactions".Script is an interesting facet of Bitcoin.First, the language is intentionally simple, which makes you wonder just how far you can push it.Second, Script is a good mechanism for reinforcing the principles behind Bitcoin.For example, Script's limited instruction set reinforces an understanding of miner incentives, while its multi-signature support demonstrates interesting use-cases for Bitcoin.For these reasons, I wanted to make it possible to play with Script in the most accessible of settings: the browser.The finished product is available here, with the source free to view on GitHub.You can also download it as the bitcoin-script package from npm.My implementation of Script covers all of the enabled opcodes listed on the Bitcoin Wiki, apart from the reserved words, altstack commands, pseudo-words, and OP_CODESEPARATOR.

In particular, it's worth noting that my implementation allows for the use of disabled commands, like OP_MUL, by passing in true as the second argument to any of the exported functions.(The Script Playground has this behavior enabled by default.)However, it differs from Bitcoin's implementation in a few ways: Each of these changes was made so as to make this implementation easier to use and understand.In addition to the Script implementation itself, the Playground also includes: The Script playground compiles Script programs down to JavaScript using Jison, a JavaScript parser generator, with the grammar defined here.The implementation is built to run in Node, and is transpiled for use in the browser with Browserify.The live editor itself is based on my friend Joel Burget's react-live-editor, which is in-turn based on CodeMirror for real-time updates and editing.Because my implementation is built for Node, it's really easy to play around with Script using all the expressive power of JavaScript.

As an example, consider a ScriptPubKey that is only unlocked if the redeemer provides a three-digit prime number.We can programmatically generate the ScriptPubKey in JavaScript and then evaluate some ScriptSig candidates, all within the same module.As Script's division and remainder operators are disabled in Bitcoin, the best we can do (whilst remaining in the realm of enabled operators) is generate all the set of prime numbers in [100, 999] and evaluate whether the ScriptSig is in that set.Since the ScriptPubKey is public, we won't want to include the actual primes; instead, we'll include the hash of each prime and evaluate the hash of the ScriptSig for equality.The final evaluation function looks like this: = (; = (; () { = ; = ; = ( = ; ( i = 0; i < .; i) { = [ , , ([i , () { .(+ ; } = ; = [ + .((, } It's fun to test the limits of Script's expressiveness.Unfortunately, this example isn't very useful.

In the real world, the goal of such a script would be to incentivize individuals to find large primes: in return for their effort, they could unlock the script and claim some Bitcoin (this is in the realm of a useful proof-of-work system).But by computing all the primes in advance, we defeat the purpose, as all the work is being done twice: once by the individual that issues the challenge, and once by the individual that solves it.What commands would it take, then, to write a ScriptPubKey that doesn't need to precompute primes?A test for divisability would be sufficient and, indeed, this is possible with the OP_MOD command.OP_MOD is disabled in the Bitcoin Script spec, but can be enabled in my implementation by switching a flag.Here's the revised code which is much more useful, as the burden of producing a prime number is placed on the unlocker: { } = ( { } = ( () { = ; = ; = ; ( i = 2; i < .(i) { = [ , i, , , , , , .()