Double Spend and Race Attacks on Cryptocurrencies
The double spend attack is the successful use of the same funds twice. Bitcoin is protected against a double spend attack because each transaction added to the blockchain is verified and the majority of the funds contained in that transaction cannot be spent beforehand.
Double spending is a potential flaw in a digital cash system where the same digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or counterfeited. As with counterfeit currency, such duplicate issuance leads to inflation by creating a new amount of fraudulent currency that did not previously exist. This devalues the currency relative to other monetary units and reduces user confidence as well as currency circulation and retention. Basic cryptographic techniques to avoid double spending while maintaining anonymity in a transaction are blind signatures and, especially in offline systems, secret sharing.
How Bitcoin Prevents Double Spending
Double spending is the result of multiple spending. Bitcoin users protect themselves from double-spend by waiting for confirmations when they receive payments over the blockchain; transactions become more irreversible as the number of confirmations increases. Other electronic systems prevent double-spend by having an authoritative source that follows business rules for authorizing each transaction. Bitcoin uses a decentralized system where consensus among nodes following the same protocol and proof of work is replaced by a central authority.
This means that Bitcoin has special properties that are not shared by centralized systems. If users keep a bitcoin’s private key secret and the transaction has enough confirmations, then no one can take the bitcoin away from them for any reason, no matter how good the excuse, no matter what.
Race Attack – when unconfirmed transactions are accepted
Merchants , who accept a payment immediately when they see “0/unconfirmed” are subject to the transaction being cancelled – a Race Attack. A race fraud attempt could work by the fraudster sending a conflicting transaction, which spends the coin on itself, to the rest of the network. Merchants can take precautions (e.g., disable incoming connections, connect only to well-connected nodes) to reduce the risk of a RaceAttack, but the Race risk cannot be eliminated. Therefore, the cost/benefit of the risk must be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.
Successful attacks in practice
In November 2013, the GHash.io mining pool was found to have apparently committed repeated payment fraud against BetCoin Dice, a gambling site. Dice sites use one transaction per bet and do not wait for confirmations. GHash.io claimed they found a rogue employee who made the double spending. However, no evidence of this was provided. Still, it didn’t seem to hurt their market share much: Most miners probably never heard about the incident.
What is a 51%
A 51% attack is an attack vector in proof-of-work-based networks. In it, attackers attempt to raise at least 51% of the hashrate. With the majority of the network hashrate, the attacker would thus be able to do something like double spends or reverse transactions.
This is what you need to know about the 51% attack definition:
- An attack vector is a strategy to attack a network.
- For example, a proof-of-work-based network is Bitcoin.
- This attack vector gets its name from the 51 percent hashrate needed for the attack to succeed.
- The network’s hashrate is made up of the processing power of all the mining computers. In other words, computers are trying to solve the proof-of-work puzzle for the next block.
- The 51% attack is also called the majority attack.
- A double spend is a transaction by which the same money can be spent more than once by the same person.
Alice doesn’t know what she’s in for and tells Eve her bitcoin receiving address. Eve then constructs a transaction TX1 to Alice and sends it to the network. Along the way, however, Eve has constructed another transaction TX2 with the same money to herself.
One of the main concerns of any cryptocurrency developer is to solve the problem of double-spending. This refers to the frequency with which an individual spends a certain amount of that cryptocurrency, creating a mismatch between the spending and the amount of that cryptocurrency available, as well as the way it is distributed.
Double-spending is a problem that cash does not have; if you pay for a sandwich with a 10-euro bill and hand that bill to the maker of the sandwich, you cannot turn around and spend the same 10 euros elsewhere. However, a transaction with a cryptocurrency like Bitcoin is entirely digital. This means that it is possible to copy and retransmit the transaction details, so the same Bitcoin could be spent multiple times by a single owner. Below, we explore how cryptocurrency developers have ensured that double spending cannot occur.
Understanding the Blockchain
The blockchain that underlies a digital currency like Bitcoin is not capable of preventing double-spending on its own. Rather, all of the various transactions involving the corresponding cryptocurrency are posted to the blockchain, where they are separately verified and protected through a confirmation process. In the case of Bitcoin and many other cryptocurrencies, transactions confirmed in this way become irreversible; they are publicly disclosed and kept in perpetuity.
Bitcoin was the first major digital currency to solve the double-spending problem. It did so by implementing this confirmation mechanism and maintaining a common, universal accounting system. In this way, the Bitcoin blockchain preserves records of time-stamped transactions dating back to the cryptocurrency’s inception in 2009.
In Bitcoin terms, a “block” is a file of permanently recorded data. All recent transactions are written to blocks, much like a transaction book on an exchange. Information from the blocks is added to the ledger every few minutes; all nodes on the network maintain a copy of the blockchain ledger. Users can browse the blockchain for bitcoin and review transactions in terms of quantity only. Details about the identity of the buyer and seller in each transaction are protected by high-level encryption, which also protects the ledger from tampering by external sources. When the blockchain is updated, all bitcoin wallets are updated as well.
Dealing with Double-Spending
Imagine having 1 BTC and trying to spend it twice in two separate transactions. You could try this by sending the same BTC to two different bitcoin addresses. Both transactions would then go into the pool of unconfirmed transactions. The first transaction would be approved through the confirmation mechanism and then verified into the subsequent block. However, the second transaction would be identified as invalid by the confirmation mechanism and would not be verified. If both transactions are pulled from the pool for confirmation at the same time, the transaction with the highest number of confirmations would be added to the blockchain, while the other would be discarded.
While this effectively solves the double-spending problem, it is not without its problems. For example, the intended recipient of the second (failed) transaction would have no stake in the failed transaction itself, and yet that person would not receive the bitcoin he or she was expecting. Many traders wait for at least 6 confirmations of a transaction (meaning that 6 consecutive transaction blocks were added to the blockchain after the transaction in question). At this point, the merchant can safely assume that the transaction is valid.
There are other vulnerabilities in this system that could allow double-spending attacks. For example, if an attacker is somehow able to control at least 51% of the dispositive power over the network, they can double spend. If an attacker were somehow able to gain control of this large computing power, they could reverse transactions and create a separate, private blockchain. However, Bitcoin’s rapid growth has ensured that this type of attack is virtually impossible.
Proof of Work & Mining Explained
Now it gets a little more technical. The way users in practice detect manipulations such as attempted double-spending is through hashes, long strings of numbers that serve as proof of work (PoW). Running a given record through a hash function (Bitcoin uses SHA-256) produces one hash at a time. However, due to the “avalanche effect,” even a tiny change to any part of the original data will result in a completely unrecognizable hash. Regardless of the size of the original data set, the hash generated by a given function has the same length. The hash is a one-way function: it cannot be used to obtain the original data, but only to verify that the data that generated the hash matches the original data.
Generating an arbitrary hash for a set of Bitcoin transactions would be trivial for a modern computer, so the Bitcoin network sets a certain “difficulty” level to turn the process into “work.” This setting is adjusted to “mine” a new block every 10 minutes or so, which is added to the blockchain by generating a valid hash. The difficulty setting is achieved by setting a “target” for the hash: the lower the target, the smaller the set of valid hashes and the more difficult it is to generate one. In practice, this means a hash that starts with a long string of zeros: for example, the hash for block #429818 is 0000000000000000000004dd3426129639082239efd583b5273b1bd75e8d78ff2e8d.
This block contains 2,012 transactions of just over 1,000 bitcoin, as well as the header of the previous block. If a user changed a transaction amount by 0.0001 bitcoin, the resulting hash would be unrecognizable, and the network would reject the fraud.
Since a given record can only generate one hash, how do miners ensure that they generate a hash below the target? They modify the input by adding an integer called a nonce (“number used once”). Once a valid hash is found, it is sent to the network, and the block is added to the blockchain.
Mining is a competitive process, but it is more of a lottery than a race. On average, someone will produce an acceptable proof of work every ten minutes, but who it will be is anyone’s guess. Miners band together to increase their chances of mining blocks, which generates transaction fees and, for a limited time, a reward in the form of newly created bitcoin.
Proof-of-work makes it extremely difficult to change any aspect of the blockchain, as such a change would require the re-mining of all subsequent blocks. It is also difficult for one user or group of users to monopolize the computing power of the network, as the machines and power required to complete the hash functions are expensive.