I want to support ethereum payments in a coffee shop. The constraint here is that when a customer wants to pay, the period of waiting on the confirmations should not take more than 30 seconds.
I know that 1 ethereum confirmation takes around 15 seconds, which would be totally acceptable. But I want to know what I'm risking with accepting payments at only one confirmation. Does that mean that one in every X transactions will be invalidated? How much can I expect X to be? 1000? 10000?
Do you know where I could possibly get a plot of the probability of the transaction ending up invalidated as a function of number of confirmations?
Vitalik Buterin wrote a blog post on block generation times vs finality. In it, you will find graphs illustrating the number of confirmations (and, total time) it takes for the transaction to be secure plotted against the average block times.
From the post:
...the 17-second blockchain will likely require ten confirmations (~three minutes) to achieve a [99.99% probability] of security
Adjusting for the fact that Ethereum is more in the range of 15 second average block generation times, the rule of thumb has been that it takes about 12 confirmations for finality.