Real-Time Risk

In the last article we discussed how off-chain Bitcoin transaction systems can help the large number of corporations that rely on real-time payments. This is despite Bitcoin not being designed for real-time because it can often take an hour to be certain a transaction is genuine. However, we weren't quite telling the full story, as if you've used our system you will have noticed that our on-chain transactions are also processed instantly in most cases. This article describes how we manage to do this and the complexities associated with accepting Bitcoin transactions in real-time.

Reversing Transactions

A major risk of accepting unconfirmed bitcoin transactions is that they can be reversed using a method called double spending. I could walk into a shop and buy a TV using bitcoins. Once out, assuming I was quick and lucky enough, I could use a site like BitUndo to get most of my money back, effectively stealing the TV from the shop. 

Off-chain transaction systems can be particularly susceptible to this kind of fraud since they take the fraudsters bitcoins and mix them with their pot of legitimate bitcoins. By the time the system has realised the double spend the fraudster has already debited their account with legitimate bitcoins. If we're not careful, entire off-chain wallets can be drained in minutes without even being hacked in the conventional sense. 

Worse still, even confirmed transactions can be double-spent if there is a block chain reorganisation. It’s also possible that a transaction may never make it into a block in the first place because it’s just not desirable enough for Bitcoin miners to use.

As Bitcoin miners add blocks to the block chain, the probability of double spending decreases over time and tends to zero. We could, therefore, almost completely eradicate the chance of losing money by waiting until transactions are deep enough inside the block chain. However, this is at odds with our real-time aspiration.

Taking Risks

tiger.jpg

Instead, RTWire hides you from all these double spending, chain reorganisation and lost transaction peculiarities. Once a bitcoin is credited to an RTWire account it is there for good. How do we do this? We take on the risk of a transaction being reversed for you to help reduce the complexity of building products using Bitcoin. Fortunately double spending risk is not governed by the whims of people, as it is with credit card chargebacks, but by mathematical and computer science principles, that we model to evaluate inbound transactions. Every transaction we receive is put into a holding area, where most stay only for a couple of milliseconds before being credited to the target account. However, some will stay longer until we are satisfied the risk of double spending is acceptable. Our models use a number of indicators to create a risk profile of each transaction:

Indicator Action
Number of transactions detected on the network spending the same bitcoins. If there is more than one transaction on the network using the same bitcoins then it means someone has double spent. Wait until one of the transactions is included within a block to determine which transaction ‘wins’.
Number of bitcoin nodes on the block chain with our transaction. The more nodes that have our transaction, the less the risk of double spending.
Appeal of transaction to potential miners (indicators are fees, size and age of bitcoins used, saturation of network with other transactions). Unappealing transaction may never get confirmed within the block chain so wait for at least one block confirmation.
Our transaction is already in a block. Determine how valuable the transaction is compared to the risk of a block chain reorganisation.

It is impossible not to lose money to double spending fraud with most real-time off-chain transaction systems, so it’s key to deal with the potential loss of money in an appropriate way. RTWire maintains a small reserve fund of bitcoins to make up the balance of any bitcoins lost due to double spending activity. This pool is funded by the income made from optimising transactions debited from our system to decrease fees and increase the chance of being included within the block chain. We'll talk more on this in a future article.

To evaluate the risk, we start with the premise that an attempt will be made to double spend every transaction entering our system. We then calculate the probability that a double spend would succeed and, by taking into account how much we would have to pay if the transaction does turn out to be a double spend, decide how long the transaction should take to clear. Ultimately we ensure, to a high degree of certainty, that we always have enough money to recover from fraudulent transactions. This sometimes means larger, lower fee, transactions enter our system more slowly than higher fee, smaller value, transactions.

Further Reading

Images:
Playing 'Risk' - Tambako The Jaguar
tiger - Moni Sertel