Defense: Confirmations
So how might Rustie protect himself from this? Well, we know that Rustie only gets to keep his bitcoins if a transaction to him makes its way into the longest chain.
And, as we know, the longest chain could be forked early on.
To provide some confidence in the immutability of the transaction, he can look for what we call confirmations.
Instead of just accepting a transaction as valid when he sees it floating around the network or when it first makes its way into a block, Rustie waits for the transaction to get a certain number of confirmations.
A confirmation is defined as the number of blocks built off of some particular block.
In this diagram, there’s the block holding my transaction to Rustie, and there’s two blocks built on top of that.
This means that there’s two confirmations on this block.
The more confirmations a transaction has, the harder it is to double spend, since a malicious miner such as myself would have to fork the chain starting from before the block that contains that transaction, and mine fast enough to surpass with the honest chain.
This is a reasonably simple concept, but we can see some interesting things that involve confirmations.
The question you’re probably asking: how many confirmations does Rustie need before he feels confident about the finality of his transaction?
Well, let’s go back to the example with me and Rustie.
Rustie’s gotten wiser from the last time I double spent on him, so he’s now going to wait for some confirmations before sending the iPhone.
Let’s say he waits for “k” confirmations.
This means he waits for k blocks to be built on top of his transaction before deeming the transaction finalized.
From my perspective, I now needs to find a way for Rustie’s transaction to get k confirmations, but I then need to find a way to produce a longer chain containing the transaction spending from the exact same UXTO back to myself.
This longer chain will invalidate Rustie’s transaction.
The way I do this is by starting a private chain containing my own malicious transaction, mine k blocks, and then broadcast the chain after Rustie has sent the iPhone to me.
By doing so, I will have received the goods and have kept my own bitcoin.
A quick note: in this demonstration, I will mine k + 1 blocks on top of the block that contains my own transaction to myself.
If I mined just k blocks, I would have caught up with the rest of the network.
But if I want to invalidate the honest chain with the transaction from me to Rustie, my chain has to be longer.
Hence, the plus one.
Let’s go ahead and see a demonstration.