I remember about the 51% attack, can they cancel a transaction that already has 1 confirmation?
Someone who owns 51% of the hashrate can reverse any transaction regardless of its confirmations, it's just be a matter of time. They decide what's the correct chain. If they own less than that, then the more the confirmations the more difficult it becomes to catch up.
This probability can be calculated using the C code displayed in the whitepaper:
#include <math.h>
double AttackerSuccessProbability(double q, int z)
{
double p = 1.0 - q;
double lambda = z * (q / p);
double sum = 1.0;
int i, k;
for (k = 0; k <= z; k++)
{
double poisson = exp(-lambda);
for (i = 1; i <= k; i++)
poisson *= lambda / i;
sum -= poisson * (1 - pow(q / p, z - k));
}
return sum;
}
Where z is the blocks you expect to be found, q the probability for an attacker to solve those blocks and p the probability for the honest nodes to solve those blocks. Set the proportion of the hash rate and the confirmations accordingly to what you want, here:
https://web.archive.org/web/20181231045818/https://people.xiph.org/~greg/attack_success.htmlHere's some noteworthy results:
- With 30% of the hash rate, you have a ~62% chance to reverse a transaction with 1 confirmation.
- With 40% of the hash rate, you have a ~55% chance to reverse a transaction with 5 confirmation.
- With 20% of the hash rate, you have a ~10% chance to reverse a transaction with 3 confirmation.
Everything drops off exponentially as confirmations (z) increase. The 6 confirmations have the best security:speed ratio. It takes 1 hour, but even for someone who owns one third of the hash rate, it's improbable for their attack to succeed. (~21% chance)