[...]
Like you say, with the existing rule set zero-conf requires trust. As it stands "commitments not to double spend" can themselves be double spent. So they aren't credible.
An altchain could bend the rules and create a simple fix for this. We need "general purpose seeding contracts". These "seeding contracts" would be deposits supporting zero-conf txns to arbitrary payees. The Buyer is the sole party to a "general purpose seeding contract." Buyers precommit to zero-conf payments long in advance, but designate the payee and the amount at the time of sale. The "general purpose seeding contract" enters the blockchain long before the sale occurs, so it is credible. Payees could safely accept anonymous zero-conf payments issued from such contracts.
How could this work?
Suppose there is a new address type. Inputs originating from this address type obey the following txn rules:
1) 4/5 of inputs must be sent to the signing public key (I.e. you can only transfer 20% of any input to a new public key)
2) txn outputs are never spendable until 10 blocks have passed. Provided 3 does not occur, inputs become spendable after 10 blocks.
3) if the signing public key appears twice within a ten block interval, a contract violation is detected. The miner of the second txn receives 1/5 of the inputs as a txn fee. The other inputs are destroyed (i.e. the payee(s) receive nothing at all).
There are just two possible outcomes.
1) Payee receives their money. Buyer does not lose any money.
2) Payee receives nothing. Miner receives buyers payment. Buyer loses at least 4x the value of the payment.
Rational buyers never chose outcome 2, so payment are assured even with 0 confirms. It seems bad that the payee doesn't get paid in outcome 2, but this is unavoidable. You can never know who the legitimate payee is, so all you can do is take money hostage and destroy it.
Darn, the last two nights I pondered about something I thought was all new and now you are faster than me with this post. Like you say, with the existing rule set zero-conf requires trust. As it stands "commitments not to double spend" can themselves be double spent. So they aren't credible.
An altchain could bend the rules and create a simple fix for this. We need "general purpose seeding contracts". These "seeding contracts" would be deposits supporting zero-conf txns to arbitrary payees. The Buyer is the sole party to a "general purpose seeding contract." Buyers precommit to zero-conf payments long in advance, but designate the payee and the amount at the time of sale. The "general purpose seeding contract" enters the blockchain long before the sale occurs, so it is credible. Payees could safely accept anonymous zero-conf payments issued from such contracts.
How could this work?
Suppose there is a new address type. Inputs originating from this address type obey the following txn rules:
1) 4/5 of inputs must be sent to the signing public key (I.e. you can only transfer 20% of any input to a new public key)
2) txn outputs are never spendable until 10 blocks have passed. Provided 3 does not occur, inputs become spendable after 10 blocks.
3) if the signing public key appears twice within a ten block interval, a contract violation is detected. The miner of the second txn receives 1/5 of the inputs as a txn fee. The other inputs are destroyed (i.e. the payee(s) receive nothing at all).
There are just two possible outcomes.
1) Payee receives their money. Buyer does not lose any money.
2) Payee receives nothing. Miner receives buyers payment. Buyer loses at least 4x the value of the payment.
Rational buyers never chose outcome 2, so payment are assured even with 0 confirms. It seems bad that the payee doesn't get paid in outcome 2, but this is unavoidable. You can never know who the legitimate payee is, so all you can do is take money hostage and destroy it.
Anyway, the key seems to be a possibility to impede double spends even after they are in a block because only then they have to be public. See my less sophisticated but also simpler suggestion below.
Quote
[Edit: Thieves could try to spend at 6 or more different zero-conf accepting merchants simultaneously, but I bet this is much too difficult and risky to be practical. If not, you could increase the escrow requirement (e.g. 10-fold instead of 5-fold, so at least 11 simultaneous purchases must occur before theft is profitable).]
If a merchant waits for 10 seconds after receiving the TX and then broadcasts it to plenty of nodes this can not happen.