What is the double spending problem?
The double-spending problem is a potential problem in digital cash systems, which means that the same funds are paid to two recipients at the same time. Without appropriate countermeasures, the protocol alone cannot completely solve this problem, after all, users have no way to verify whether the funds they received have been paid to others.
In the digital cash world, it is imperative that a specific unit of currency cannot be duplicated. If Alice can receive 10 units of currency, copy and paste them 10 times, and then have 100 units of currency, then the entire system will fall apart. Similarly, if she can send the same 10 units of currency to Bob and Carol at the same time, then the system will also not work. Therefore, there must be a mechanism in place to prevent this from happening in order to ensure the normal operation of digital currency.
How to prevent double spending?
Centralized approach
Centralized approaches are easier to implement than decentralized solutions, which usually require an overseer to manage the system and control the issuance and distribution of currency units. David Chaum's eCash solves the double-spending problem through a centralized approach.
Banks can use blind signatures to issue cash-like digital assets to users (which can be traded anonymously peer-to-peer). Cryptographer David Chaum published a paper in 1982 titled "Blind Signatures for Untraceable Payments" which detailed this.
In this case, if user Dan wants to receive $100 in digital cash, he must first notify the bank. If he has a balance in his account, a random number is generated (or multiple for smaller denominations). Suppose five random numbers are generated, each with a value of $20. To prevent the bank from tracking specific currency units, Dan obfuscates the information by adding a blinding factor to each random number.
He then gives this data to the bank, which deducts the $100 balance from his account and signs the message, proving that each of the five messages is redeemable for $20. At this point, Dan can use the digital cash issued by the bank. He goes to Erin's restaurant for a meal, which costs $40.
Dan can eliminate the blinding factor and reveal the random numbers associated with each digital cash "note", which is a unique identifier for each unit of currency (roughly equivalent to a serial number). He reveals two of these random numbers to Erin, who must immediately redeem the funds at the bank to prevent Dan from paying to other merchants. The bank verifies that the signature is valid and, if it is, deposits $40 into Erin's account.
The used "banknotes" are then destroyed, and if Erin wants to use the account balance in the same way, more banknotes must be issued.
The Chaumian eCash mechanism is extremely valuable for private money transfers. However, the eCash mechanism itself is defenseless, and since banks are centralized nodes, if the system fails, everyone loses. The banknotes issued by the bank have no value in themselves, and their value comes entirely from the bank's willingness to exchange the banknotes for US dollars. Customers are at the mercy of the bank and must rely on the bank's reputation to operate their funds. This is exactly the problem that cryptocurrency is designed to solve.
Decentralized approach
Avoiding double spending in an ecosystem without oversight is even more challenging. Participants with equal power must coordinate with each other according to the same set of rules to prevent fraud and incentivize all users to act in good faith.
The biggest innovation presented in the Bitcoin white paper is the solution to the double-spending problem. Satoshi Nakamoto proposed an unprecedented data structure, which is now widely known as the blockchain.
A blockchain is really just a database with some unique properties. Network participants, called nodes, run specialized software that synchronizes their copies of the database with each other. This allows the entire network to audit the transaction history back to the genesis block. Because the blockchain is publicly viewable, it is easier to detect and prevent fraud, such as identifying transactions that attempt to double spend.
When a user publishes a transaction, it is not immediately added to the blockchain and must first be mined before it can be included in the block. Therefore, only when the block is included in the chain can the recipient confirm that the transaction is valid. Otherwise, if the sender pays the same token to other places, the recipient will face the risk of losing funds.
Once a transaction is confirmed, the ownership of the tokens is assigned to the new user and is verified by the entire network, so the tokens cannot be double-spent. For this reason, many recommend waiting for multiple confirmations before accepting a valid payment. Each subsequent block significantly increases the amount of work required to modify or rewrite the chain (such as in the case of a 51% attack).
Let’s go back to the restaurant. Dan returns to the restaurant and notices a sticker on the window that says “We accept Bitcoin payments.” He still remembers his last meal and orders the same food again, spending 0.005 bitcoins.
Erin shows Dan the public address, which is the transfer address. Dan publishes the transaction, which is essentially a signed message announcing that the 0.005 bitcoins he owned are now owned by Erin. Without going into too much detail, anyone who sees Dan's signed transaction can verify that the coins are indeed his, and therefore Dan has the right to send them.
However, as mentioned earlier, the transaction is only valid once it is confirmed in a block. Receiving an unconfirmed transaction is like receiving $40 in eCash before. If it is not immediately cashed out through a bank, the sender can spend the funds elsewhere. Therefore, Erin should wait at least 6 blocks (about an hour) before accepting Dan's payment.
Bitcoin's double-spending problem
Bitcoin is carefully designed to prevent double-spending attacks, at least when the protocol is used as intended. That is, if someone is waiting for a transaction to be confirmed, the sender cannot easily reverse the transaction. The only way to reverse the transaction is to "reverse" the blockchain, which requires an enormous amount of hashing power.
However, some double-spend attacks are designed to target users who receive unconfirmed transactions. For example, for small purchases, merchants don't want to wait for the transaction to be included in the block. A busy fast food restaurant may not be able to wait as long as the network takes to process each transaction. Therefore, if a merchant has "instant" payments enabled, they may face a double-spend problem. Someone can order a burger, pay for it, and then immediately send the same funds back to their own address. As long as the later transaction has a higher fee, it may be confirmed first, thus invalidating the earlier transaction.
There are three common double-spending attacks:
51% attack: A single entity or organization manages to control more than 50% of the hash rate, thereby deleting or modifying the order of transactions. This attack is extremely rare on the Bitcoin network, but has occurred on other networks.
Race attack: Two conflicting transactions are published in succession using the same funds, but only one transaction is confirmed. The attacker's goal is to invalidate the other payment by validating a transaction that is in his favor. For example, by sending funds to an address he controls. A race attack generally causes the recipient to accept an unconfirmed transaction as payment.
Finney attacks: The attacker pre-mines a transaction and puts it into a block, but does not publish it to the network immediately. Instead, he pays the same token into another transaction before publishing the previously mined block, thus invalidating the payment. Finney attacks require that events occur in a specific order, and their success also depends on whether the recipient accepts unconfirmed transactions.
As we can see, as long as merchants patiently wait for block confirmation, they can greatly reduce the risk of becoming double-spending victims.
Summarize
Users can use double-spending attacks to tamper with the peer-to-peer electronic cash system and use the same funds multiple times to gain improper benefits. In the past, this problem had to be solved well, and the development of this field has been stagnant.
Fortunately, the use of blind signatures became a compelling solution to centralized finance. Subsequently, the development of proof-of-work and blockchain technology gave rise to Bitcoin, a powerful form of decentralized currency, which in turn provided inspiration for thousands of cryptocurrency projects.
