What is double-spending?
Double-spending is a potential issue in a digital cash system where the same funds are spent to two recipients at the same time. Without any adequate countermeasures, a protocol that doesn’t resolve the problem is fundamentally undermined – users have no way to verify that the funds they’ve received have not already been spent elsewhere.
When it comes to digital cash, ensuring that specific units can’t be duplicated is of paramount importance. The entire system would be undermined if Alice could receive 10 units, copy-and-paste them 10 times, and find herself in possession of 100 units. Similarly, such a scheme can’t work if she can send the same 10 units to both Bob and Carol simultaneously. So, for digital money to function, there must be mechanisms in place to prevent this behavior.
How can double-spending be prevented?
The centralized approach
The centralized route is considerably easier to implement than decentralized alternatives. This typically involves one overseer managing the system and controlling the issuance and distribution of units. A good example of a centralized solution to the double-spend problem is that of David Chaum’s eCash.
In such a context, if a user (let’s call him Dan) wishes to receive $100 in digital cash, he is required to inform the bank first. Provided he has the balance in his account, he will then generate a random number (or many, for smaller denominations). Let’s suppose he produces five numbers, each to be assigned a value of $20. To prevent the bank from tracking specific units, Dan obfuscates the random numbers by adding a blinding factor to each one of them.
He then turns this data over to the bank, which debits his account for $100, and signs messages certifying that each of the five pieces of information is redeemable for $20. Dan can now spend the funds issued by the bank. He goes to Erin’s restaurant, and purchases a meal that costs him $40.
Dan can remove the blinding factor to expose the random number associated with each digital cash ”bill”, which serves as a unique identifier for each unit (much like a serial number). He reveals two of these to Erin, who must now redeem them immediately with the bank to prevent Dan from spending them with another merchant. The bank will check that the signatures are valid, and if everything appears correct, it will credit Erin’s account with $40.
The bills used are now essentially burned, and more must be issued if Erin wishes to spend her new balance in this same way.
The Chaumian eCash setup might be valuable for private transfers. But, it fails in resilience because the bank is a central point of failure. A bill issued is worth nothing in itself, as its value is derived solely from the bank’s willingness to exchange it for dollars. Customers are at the mercy of the bank, and must rely on its goodwill for money to function. This is precisely the problem that cryptocurrency aims to remedy.
The decentralized approach
Ensuring that funds can’t be double-spent in an ecosystem with no overseer is more challenging. Equally-powerful participants must coordinate around a set of rules that prevent fraud and incentivize all users to act honestly.
Let’s revisit the restaurant scenario. Dan returns to the restaurant, and this time notices a Bitcoin Accepted Here sticker on the window. He enjoyed the meal he had last time, so orders it again. It costs him 0.005 BTC.
As mentioned, though, the transaction is only valid if included in a block that gets confirmed. Accepting unconfirmed transactions is much like accepting the $40 in eCash from the previous example, without immediately cashing it in with the bank – it allows the sender to spend it elsewhere. So, it’s recommended that Erin waits for at least 6 block confirmations (roughly one hour) before accepting Dan’s payment.
Double-spending in Bitcoin
Bitcoin is carefully designed to prevent double-spending attacks, at least when the protocol is used as expected. That is, if individuals wait for transactions to be confirmed in a block, there is no easy way for the sender to undo it. To do so, they would need to “reverse” the blockchain, which requires an unrealistic amount of hashing power.
However, there are a handful of double-spending attacks that aim at parties that accept unconfirmed transactions. For low-value purchases, for instance, a merchant may not want to wait for transactions to be included in a block. A busy fast-food restaurant probably can’t afford to stand by as the network processes every purchase. So, if a business enables “instant” payments, they open themselves up to double-spends. Someone might order a burger, pay for it, then immediately send the same funds to their own address. With a higher fee, this new transaction is likely to be confirmed first, and will therefore invalidate the previous one.
There are three popular methods for performing a double-spend:
- 51% attacks: when a single entity or organization manages to control more than 50% of the hash rate, which allows them to exclude or modify the ordering of transactions. Such an attack is highly unlikely on Bitcoin, but has happened in other networks.
- Race attacks: two conflicting transactions are broadcast in succession, using the same funds – but only one transaction gets confirmed. The attacker's goal is to invalidate the payment by only validating the transaction that benefits him (e.g., sending the same funds to an address that he controls). Race attacks require the recipient to accept an unconfirmed transaction as payment.
- Finney attacks: an attacker pre-mines one transaction into a block without broadcasting it to the network immediately. Instead, he spends the same coins in another transaction and only then broadcasts his previously mined block, which may invalidate the payment. Finney attacks require a specific sequence of events to occur and are also contingent on the recipient’s acceptance of unconfirmed transactions.
As we can see, a merchant that waits for block confirmations will vastly reduce the risks of becoming a victim of double-spends.
A double-spend allows a user to game an electronic cash system for financial gain, making use of the same funds more than once. Traditionally, a lack of adequate solutions to the problem has stood in the way of progress in the area.