Most exchanges only accept deposits of Bitcoins after 6 confirmations. What does this mean and why is 6 supposed to be such a magical number?
To understand this we first need to understand how a blockchain works. If you haven’t yet read the blockchain article it is recommended that you do so first. I will quickly repeat the relevant parts.
To understand what 6 confirmation means we will go through a practical example. Assume you are a merchant that is selling some goods online for bitcoin. Someone just bought an item from your shop for 1 bitcoin. He writes to you that he has sent you the payment to your address. You check the blockchain and see that the transaction was included in the last mined block – let us name it block 4. Our payment is now in the blockchain and being broadcast to all other nodes in the Bitcoin network. Sounds like it is safe to ship the item to the buyer?!
Not necessarily. Remember this scenario:
So our block – and with it our transaction that includes our payment – may yet become orphaned. But is this really an issue?
No. An orphaned block is really only an issue for the miner that created this block since he won’t be receiving his reward. Our transaction will simply be included in another block by a different miner.
Alright, let’s ship our item. Not so fast, there is still another issue we need to address.
We need to make sure that our buyer did not spend the same coins twice. This is also called a double-spend attack.
|The buyer (A) has sent us (B) 1 bitcoin. This transaction is included in block 4 which was mined on top of block 3. Both of these blocks have been mined by honest miners.|
|Assume our buyer wants to cheat us. He also sends the exact same bitcoin to a friend C. This transaction is mined by an attacker. We represent blocks mined by attackers with red.|
|The attacker now needs to ensure that block 5 becomes part of the longest chain. This would be as if the transaction from the buyer to us never happened. He therefore attempts to extend block 5 as quickly as possible. In this example he succeeds and creates block 6.|
|Unfortunately for the attacker honest miners manage to add block 7 and 8 on top of block 4. At this point our transaction from the buyer is part of the longest chain.|
|The attacker hasn’t given up yet and got lucky. He managed to add blocks 9 and 10 on top of block 6.|
|It seems a day for bad luck. An honest miner just extended the longest chain – which was created by the attacker – with block 11.
Note that the honest miner has no way of figuring out that the “red” chain was created by an attacker. He is simply following the rules, which state that he needs to extend the longest chain he has seen so far.
If we had shipped our item after first seeing our transaction in the blockchain we would have been cheated and not received our payment. But how long do we have to wait before we can safely ship our item?
The time we should wait is measured in confirmations. Each block that is mined on top of the block containing our transaction adds 1 confirmation for our transaction. Let us make an example:
Here our block has 0 confirmations as no block has been mined on top.
Here our block already has 2 confirmations since block 7 and 8 have been mined on top.
With each new confirmation the probability of an attacker creating a longer chain descreases. The chance of such a successful attack is very small when waiting for 6 confirmations. Also 6 confirmations should usually be equivalent to waiting 1 hour (we need to wait for 6 new blocks that take an average of 10 minutes to be mined).
Detail: For those that are a bit more interested in the mechanics of such an attack we would like to point out a few more details.
- An attacker needs to create the longest chain. So he needs to outpace honest miners.
- If a miner (or a few miners together) controls more than 50% of the hash power in the network they will eventually succeed. The hash rate indicates how many math calculations a miner can do in a certain time. If a miner can do more calculations in a certain time he has a higher chance of finding the “golden” nonce which solves the math puzzle for a specific block.
- If the attacking miner(s) controls less than 50% the chance of a successful attack decreases exponentially with the number of blocks he is behind. So the more confirmations a block has the less likely it is for an attacker to succeed.
- For small bitcoin values you won’t have to worry that someone would want to do a double-spend attack as its economically not profitable.
Here are a few statements from a paper by Meni Rosenfeld which was written in 2012.
If the attacker’s hashrate is 10% of the total network hashrate (0.1 on the horizontal axis), 2 confirmations are required to keep the success rate below 10%, 4 confirmations are needed to have it less than 1%, and 6 confirmations are necessary to decrease the probability of success below 0.1%.
There is nothing special about the default, often-cited figure of 6 confirmations. It was chosen based on the assumption that an attacker is unlikely to amass more than 10% of the hashrate, and that a negligible risk of less than 0.1% is acceptable. Both these figures are arbitrary, however; 6 confirmations are overkill for casual attackers, and at the same time powerless against more dedicated attackers with much more than 10% hashrate.
In this article we explained what a confirmation is and why confirmations are needed to protect yourself against attackers.