A Beginner's Guide to Double Spending

Contents

• What is double spending?

• How to prevent double spending?

  • central approach

  • Decentralized approach

• Double spending in Bitcoin

• latest ideas

What is double spending?

Double spending is a potential problem with digital currency systems and means the same funds are spent to two different recipients at the same time. If adequate precautions are not taken, a protocol that cannot solve this problem will be damaged at its core because it is not possible for users to verify whether the funds they receive have been spent elsewhere.

When it comes to digital currency systems, ensuring that certain units cannot be copied is of great importance. If Alice buys 10 units, copies and pastes these units 10 times, and eventually has 100 units, the system will fundamentally collapse. Similarly, if Alice could send the same 10 units to both Bob and Carol simultaneously, the system would still not work. Therefore, for digital money to work, mechanisms are required to prevent such movements.

How to prevent double spending?

central approach

The centralized approach is easier to implement than decentralized alternatives. This usually requires an administrator to manage the system and control the publishing and distribution of units. One example of a centralized solution to the double-spending problem is David Chaum's eCash.

Banks can use blind signatures to deliver cash-like digital assets (which are anonymous and peer-to-peer exchangeable) to users. These signatures are described in detail in cryptographer David Chaum's 1982 paper Blind Signatures for Untraceable Payments.

In such a case, if a user (let his name be Dan) wants to buy 100 USD of digital money, he must first inform the bank. If there is a balance in your account, it will generate a random number (or multiple numbers for smaller amounts). Let's say it creates five numbers and each of them is assigned a value of $20. To prevent the bank from being able to track specific units, Dan hides them by adding a blinding factor to each of the random numbers.

He then returns this data to the bank, which debits $100 from Dan's account and signs messages confirming that $20 worth of spending can be made with each of the five pieces of information. Dan can now spend the funds given by the bank. He goes to Erin's restaurant and orders a meal worth $40.

By removing the blinding factor of digital money “bills,” Dan can make visible the random number that is each unit's unique identifier (similar to a serial number). He shares two of these numbers with Erin. Erin must now withdraw the money from the bank immediately before Dan spends it at another vendor. The bank checks if the signatures are valid and if everything is correct, it deposits $40 into Erin's account.

The bills are thus burned, and if Erin wants to spend her new balance in the same way, new bills must be created.

The Chaumian eCash scheme can be useful for confidential transfers. However, it fails in terms of resistance because the bank is the only point of failure. The issued banknote has no value in itself because this value depends entirely on whether the bank agrees to convert the banknote into dollars. Customers remain dependent on the bank and the functioning of the money depends on the goodwill of the bank. This is exactly the problem that cryptocurrencies aim to solve.

Decentralized approach

In a managerless ecosystem, ensuring there is no double spending of funds is more challenging. Participants with equal power must coordinate within a set of rules that prevent fraud and encourage all users to act honestly.

The most important innovation presented in the Bitcoin white paper is the solution to the double spending problem. Although not named as such in the white paper, Satoshi introduced the data structure now commonly known as blockchain.

A blockchain is essentially a database with its own characteristics. Participants in the network (called nodes) run special software that allows them to synchronize their database copies with other peers. As a result, transaction history up to the genesis block (first block) can be audited by the entire network. Thanks to the public visibility of the blockchain, fraudulent activity, such as transactions that attempt to double-spend, can be easily identified and prevented.

When users publish transactions, they are not immediately added to the blockchain, they must first be added to a block through mining. Therefore, the receiver should only accept a transaction as valid if it has been added to the blockchain in which it takes place. Otherwise, there is a risk of losing funds as the sender may spend the same coins elsewhere.

Once the transaction is confirmed, there can be no double spending with coins because the coins now belong to a new user and this can be verified by the entire network. This is why many people recommend waiting for multiple confirmations before the payment is considered valid. With each added block, the effort required to change or rewrite the chain (as can be seen in the 51% attack) increases significantly.

Let's go back to the restaurant scenario. Dan returns to the restaurant and this time sees the sign Bitcoin Accepted Here on the window. Since he liked the food he had last time, he orders the same one. This meal costs 0.005 BTC.

Erin shares with Dan the exact address where the funds will be sent. Dan publishes the transaction. This published transaction is basically a signed message saying that the 0.005 BTC owned by Dan now belongs to Erin. Without going into too much detail, anyone who sees Dan's signed transaction can verify that he indeed has these coins and is authorized to send them.

But as we mentioned before, the transaction is only valid as long as it is added to a confirmed block. Accepting unverified transactions is like taking $40 of eCash in the previous example and not immediately withdrawing it from the bank, allowing the sender to spend the money elsewhere. Therefore, it is recommended that Erin wait at least 6 blocks of confirmation (about 1 hour) before accepting Dan's payment.

Double spending in Bitcoin

Bitcoin has been carefully designed to prevent double-spending attacks, at least when the protocol is used as expected. So if individuals wait for transactions to be verified through a block, there is no easy way for the sender to reverse this. To do this, they need to “reverse” the blockchain, which requires an incredibly high amount of hashing power.

However, there are several types of double-spending attacks that target people who accept unconfirmed transactions. For example, the seller may not want to wait for the transaction to be added to the block for low-amount expenses. A busy fast-food restaurant may not be able to wait for the network to verify every purchase. Therefore, if a business accepts “instant” payments, it runs the risk of double spending. A person can order a hamburger, pay for it, and then immediately send the same funds to his or her own address. With a higher transaction fee, this new transaction is more likely to be confirmed, thus rendering the previous transaction invalid.

There are three popular methods for double spending:

• 51% attack: a single entity or organization manages to gain control of more than 50% of the hash rate so that it can change the order of transactions or exclude some transactions. Such an attack is unlikely to happen on Bitcoin, but it has been seen before on other networks.

• Race attacks: two conflicting transactions using the same funds are published consecutively, but only one transaction is confirmed. The attacker's goal is to invalidate the initial payment by only confirming the payment that will benefit him (e.g., sending the same funds to an address he controls). Race attacks require the recipient to accept an unconfirmed transaction as payment.

• Finney attacks: the attacker pre-adds a transaction to a block and does not immediately broadcast it to the network. Instead it spends the same coins in another transaction and only then publishes the previously mined block, thus making the initial payment invalid. Finney attacks require a specific sequence of events to occur and are also dependent on the recipient accepting unverified transactions.

As can be seen, the risk of a merchant waiting for block confirmations to become a victim of double spending is greatly reduced.

Latest Ideas

Double spending makes it possible for a user to spoof the electronic money system by using the same funds more than once. The lack of adequate solutions to the problem to date has prevented progress in this field.

But fortunately, the use of blind signatures offers an interesting solution for centralized financial structures. Later, the creation of the Proof of Work mechanism and blockchain technology gave birth to Bitcoin, a powerful form of decentralized money, which in turn inspired thousands of other cryptocurrency projects that came after it.