Double-spendingThis is the approved revision of this page, as well as being the most recent.
Double-spending problem is the successful use of the same funds twice. Double-spending of Bitcoin is not possible as Bitcoin is protected against a double-spending problem thanks to each transaction which is added to the blockchain being verified, and the majority of funds contained in this transaction cannot have been previously spent.
Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. As with counterfeit money, such double-spending leads to inflation by creating a new amount of fraudulent currency that did not previously exist. This devalues the currency relative to other monetary units, and diminishes user trust as well as the circulation and retention of the currency. Fundamental cryptographic techniques to prevent double-spending while preserving anonymity in a transaction are blind signatures and particularly in offline systems, secret splitting.
Other numerical systems inhibit double-spending problem with the help of the authorized master source which follows certain trade rules for authorizing each transaction. In the case of Bitcoin, it uses a decentralized system where a large number of nodes following the same rules confirm the transaction without a central control node.
Bitcoin is vulnerable to double-spending problem during the initial period where a transaction is located on the network. The more transaction confirmations there are, the less risk there is that it will be used for fraud.
Double-spending in BlockchainEdit
The following steps are required to perform a successful double-spending problem:
- To execute a transaction that attacks carried out before payment.
- Secretly mining using the block that includes this last transaction.
- Wait for the transaction sending the money to the seller to receive enough confirming blocks, and the seller will hand over his goods, sure that the money is finally appropriated to him.
- Continue to mine the secret alternative branch until it becomes more than public, after which it is broadcast to the network. Since the new branch is longer than all other known, it will be considered valid, and the btc transfer to the seller will be replaced by sending coins to the attacker.
(a) - network State prior to the attacker's actions. (b) - the branch On the left includes a transaction to send btc to the seller. Has 2 confirmations. As a result, the seller handed over his product. At this time, the attacker generated a block that includes the attacking transaction. (c) if the attacker succeeds in creating a longer chain, he / she posts it to the network and the bitcoins are returned to him / her. The question arises: what is the probability that an attacker will be able to generate a branch that will be longer than the branch that is mined by everyone else.
To simulate the situation, let's make a few simplifying assumptions, which we will use in the subsequent analysis:
The total speed of mining in the General network and the attacker remains constant. The total mining speed will be H, of which part of
pH refers to honest miners, and
qH – to the attacker. At the same time:
p + q = 1. That is, the probability that the block will find an honest network is
p, and that the attacker is
The complexity of mining remains constant.
z = n – m the number of blocks in which an honest network has an advantage over an attacker. After each discovery of a new block, z changes, increasing by 1 if it is found by an honest network, and decreasing by 1 if the attacker. Mathematically, this is a Markov chain.
If z reaches the value -1, then the attack fails. If this never happens, the attack is failed. Since we are interested in whether z=-1 will ever become, and when it will happen, we can use Markov's chain theory to solve the problem, where each step represents the fact of finding the block by someone.
zi + 1 can be either
(zi+ 1) with probability
(zi - 1) with probability
Prevention of the double-spendEdit
The prevention of double-spending has taken two general forms: centralized and decentralized.
The value of the "double-spending" problem is that bitcoin or parts of it can be spent more than once, that is, it is possible to carry out a theoretically impossible operation. A transaction verification mechanism has been developed to combat this problem. Confirmation occurs in the following sequence:
- Carrying out the transaction.
- The inclusion of transactions in the block.
- Confirmation of the transaction. The status of a" legitimate " transaction is assigned after six confirmations. This number of confirmations is based on the probability theory, according to which the risk of such an operation is insignificant (less than 0.1%). Founders of the developed mechanism of protection considered that one person won't be able to own more than ten percent of miners of a network. As you know, miners store all information about the network and confirm transactions.
- The transaction is recognized as legitimate.
This is usually implemented using an online central trusted third party that can verify whether a token has been spent. This normally represents a single point of failure from both availability and trust viewpoints.
By 2007, a number of distributed systems for double-spending prevention had been proposed.
The cryptocurrency Bitcoin implemented a solution in early 2009. It uses a cryptographic protocol called a proof-of-work to avoid the need for a trusted third party to validate transactions. Instead, transactions are recorded in a public ledger called a blockchain. A transaction is considered valid when it is included in the blockchain that contains the most amount of computational work. This makes double-spending impossibly difficult, and more infeasible as the size of the overall network grows. Other cryptocurrencies also have similar features.
Types of Bitcoin attacksEdit
If the transaction has no confirmations, shops and services which accept payment can be exposed to a so-called ‘race attack’. For example, two transactions are created from the same funds and are then sent to different shops/services. In this case, only one of those shops will receive the funds – a transaction from this shop will appear first in the blockchain.
Shops can take numerous precautions to reduce this type of attack but it is always good to remember should you accept transactions without any confirmation.
Another type of attack. Shops or services which accept transactions without any confirmation are affected. “Finney Attack” is an attack which requires the participation of the mining expert to add repeated transactions to the block. The risk of such an attack cannot be reduced to nothing regardless of the preventative measures taken by shops or services, but it does require the participation of a mining expert and an ideal combination of contributing factors. It costs a lot of money and is no mean feat. Just as with the other type of attack, the shop or service must seriously consider its politics concerning transactions without any confirmation.
Also called an “attack with confirmation”. This is a combination of the 2 aforementioned attacks which gives the perpetrator the ability to spend funds twice simply with a confirmation.
Brute Force AttackEdit
This attack is possible even if the shop or service is expecting several transaction confirmations. It requires the attacker to be in possession of relatively high-performance hardware (hash frequency).
The perpetrator sends a transaction to the shop paying for a product/service and at the same time continues looking for a connection in the blockchain (blockchain fork) which recognizes this transaction. After a certain number of confirmations, the shop sends the product. If the perpetrator has found more than n blocks at this point, he breaks his blockchain fork and regains his money, but if the perpetrator has not succeeded in doing this, the attack can be deemed a failure and the funds are sent to the shop, as should be the case.
The success of this attack depends on the speed (hash frequency) of the attacker and the number of confirmations for the shop/service. For example, if the attacker possesses 10% of the calculation power of the Bitcoin network and the shop expects 6 confirmations for a successful transaction, the probability of success of such an attack will be 0.1%.
If the perpetrator controls more than 50% of the Bitcoin network power, the probability of success of the aforementioned attack will be 100%. By virtue of the fact that the perpetrator can generate blocks more often than the other part of the network, he can create his own blockchain until it becomes longer than the “integral” part of the network.