If you delve into the history of cryptocurrency creation, you will find that even before Bitcoin appeared, many enthusiasts made attempts to create a decentralized payment medium, but all of them were stymied by the inability to prevent double-spending within the system. The solution to this problem was found only years later. Read ProstoCoin’s guide to understand the risks of double spending and find a solution.
What is double-spending and how does it happen
The main problem in creating a sustainable decentralized payment system was the ability to copy payment transactions, which causes the risk of re-spending. Centralized payment systems prevent the re-spending of funds by the existence of a controlling server, which checks all transactions according to a certain mechanism.
Double spending or double spending – re-spending of funds. Often, double spending in decentralized systems occurs when one sender sends an identical amount of funds to multiple recipients – in the time span before the first transaction is included in the block.
Let’s say in real life a person decides to buy a $1 cup of coffee at a coffee shop. When paying, the money is handed over to the cash desk of the establishment and it is impossible to spend it again. And digital currencies differ in that they are not physically transmitted, so before the transaction is verified and executed, the money remains in the wallet, which means that between the time the transaction is sent and the time it is executed after verification, repeat payments are possible.
In real life, there can also be double spending. For instance, unscrupulous realtors may sell one object many times, and this possibility is created by the fact that the re-registration of the property to a new owner may take quite a long time, and until the title is registered to the buyer, the property remains in the possession of the previous owner.
What are the dangers of double spending
Double spending damages the seller, who sent the item and did not receive the funds. It discredits cryptocurrencies as a means of payment and prevents widespread use. Also, the problem of double spending leads to a decrease in the value of the digital asset as investors lose confidence in the security of the system.
Types of attacks
If a merchant cooperates on payments that have zero validation, they can fall victim to a Race attack, where two transactions for the same amount are created and sent to different stores. Thus, only one of the recipients will actually receive the funds. The coins will be transferred by the first transaction to be added to the blockchain.
Also at risk for a Finney attack are services that accept payments with zero confirmations, only in such an attack it would also require the complicity of a miner to send a copied transaction to the blockchain.
A Finney attack is a false double-spend, the essence of which is that the miner sends a second transaction after his first payment is received by the network for verification, in which case a fork is created whereby only one transaction will be accepted by the collective decision of the miners. In this case, the seller, having waited for the first transaction to appear, has already sold the item.
This is a combined attack consisting of the two attacks described above. Vector76 is based on deliberate branching of transaction blocks and allows double-spending with a single confirmation. It takes advantage of the fact that when different transactions are staggered into blocks, part of the network will see the transactions as valid and another part as invalid. The attack lasts only 10 minutes and during that time the attacker can have time to receive services or cash out two transactions.
Brute force attack
A brute force attack is also possible if the merchant sends the goods only after receiving multiple confirmations, but it requires a high power of the attacker’s equipment. Its essence is that the attacker sends a transaction to pay for goods, while continuing to check the blocks that will include his transaction.
After the store receives the required number of confirmations, it ships the goods, and the attacker by that point branched the chain if he finds more confirmations and gets the funds back. If more confirmations for another transaction fail, the attack fails and the funds are transferred to the recipient’s account.
The success of this attack directly depends on the power of the attacker’s equipment and the number of confirmations requested. For example, if the attacker’s power is 10% of the total network capacity and the recipient waits for 6 confirmations, the success rate of the attack is 0.01%.
If the attacker holds a large portion of the network’s power, then a double coin expenditure is possible according to the scheme described above, only with a hundred percent guarantee of success. The attacker gains the ability to generate blocks faster than the rest of the network, and create his chains of blocks for dishonest transactions longer than the correct ones.
How to commit double-spending
The information in the blockchain registry is open to everyone. Anyone can copy digital coins and try to pay with them twice. Miners can only check the availability of funds in the sender’s account at a specific time interval, so taking advantage of the moment, the same coins can be sent twice before the funds are debited from the previous transaction.
In unsecured systems, double spending is reduced to sending a second transaction in a time slot while the previous transaction is still validated. In this case, the recipient whose transaction was first included in the block will receive the coins.
For more secure systems, the attacker would also need to have enough power to find more confirmations for the wrong transaction and get his funds back after the first transaction is rejected.
How to prevent double spending
Blockchain-based payment systems currently have two ways to prevent double spending:
- An open transaction registry;
- A special verification mechanism.
- Blockchain keeps a chronological registry of all payment registrations and each new block contains information about all previous transactions since inception. All transactions are assigned a transaction time and it helps to find out which transaction is the main one and which is a copied one.
For example, a sender wants to make a double spend with 1 VTC in his account. He sends that coin to the first seller, and exploiting the fact that the funds haven’t been debited yet, he wants to cheat the second seller by sending him the same coin again.
Both transactions are broadcast into the pool of unconfirmed transactions and are submitted for verification, whereby only the first transaction will be executed and the second transaction will be invalidated because it does not receive the required number of confirmations.
Therefore, to avoid being cheated, a merchant needs to ship items only after receiving confirmation from the network, not after sending payment from the buyer. Transactions with six confirmations are considered safe before double spending.
Double spending of digital coins is possible because funds remain in the sender’s account until the transaction is confirmed. In this case, the creation of decentralized payment systems is made possible by the fact that only transactions with more confirmations are recorded in blocks, and the second branch with double spending is recognized as incorrect and rejected.
Nevertheless, it remains possible to double-spend in the blockchain, but this requires quite high capacities. Without them, it is only possible to cheat the seller if he sends goods on payments with zero confirmations.