Last Updated: 21st December 2018
Double-spending is a problem in which the same digital currency can be spent more than once. In other words, double-spending is an instance in which a transaction uses the same input as another transaction that has already been broadcast on the network. This is a flaw that is unique to digital currencies because digital information is something that can be reproduced rather easily. Digital currencies such as Bitcoin, can be thought of as being a digital file. If, for example, Bob has a file that has been saved locally to his computer. There is nothing preventing Bob from simply copying this file as many times as he wants and sharing the file with multiple individuals. This same principle can be applied to digital currencies. It is not ideal for the same digital currency to be spendable more than once, because it can result in inflation and a loss of trust in that currency, making it effectively worthless.
Physical currencies do not have the same double-spending issue that is faced by digital currencies, because everyone involved in the exchange of a physical currency has immediate visual access to that original physical currency. For example, Alice visits her local coffee shop in order to buy a $5 cup of coffee. In purchasing her coffee, Alice hands over a physical $5 bill to the service provider at the shop. The service provider, in accepting Alice’s $5 bill, can instantly and physically confirm that Alice has paid the correct amount for her coffee. Alice cannot now spend that same $5 bill elsewhere to make another purchase.
The prevention of double-spending can usually be dealt with in two ways: centralized or decentralized. With a centralized solution, a central and trusted third party will normally be responsible for verifying that a digital currency has not been double-spent. However, this method is faced with one significant drawback, that being the fact that it leaves behind a single point of failure. A centralized third party can be comprised by a malicious actor, which may then lead to the same digital currency being spent more than once.
A breakthrough in solving the double-spending problem came in the form of Bitcoin. The decentralized nature of Bitcoin meant that the issues concerning the centralized method mentioned above, such as a single point of failure, and having to trust that a third party was correctly preventing double-spends, were no longer present.
Bitcoin uses a consensus mechanism known as proof-of-work to avoid the need for a centralized party. Instead of requiring a trusted third party to verify that transactions are not double-spends, a decentralized group of individuals known as miners perform this task. All Bitcoin transactions are also included in a shared public ledger known as a blockchain, which ensures that it can be proven that any party wishing to spend bitcoins really is in possession of those bitcoins.
A transaction is regarded as valid once it has been grouped into a block and included in the blockchain. As more blocks are added to the blockchain (or as the transaction gains more block confirmations), it becomes increasingly difficult to go back and double-spend a transaction. This is because, for a block to be added to the blockchain, a tremendous amount of computational power is required. Thus, going back to a previous block, in order to double-spend a transaction, would require the same enormous amount of computing power to be used. With this system, confidence that a transaction cannot be double-spent is directly tied to the number of block confirmations that that transaction has received. The greater the number of block confirmations, the increased likelihood that the transaction cannot be double-spent.
0 confirmations: At this stage, the transaction has been broadcast across the network but has not yet been included in any block. Transactions with 0 confirmations (or unconfirmed transactions) should generally not be trusted, as the risk of a double-spend can be high at this point.
1 confirmation: The transaction has now been included in a block and added to the blockchain, thus, the double-spend risk decreases significantly. However, a double-spend of the transaction is still a possibility, and as such, one should wait for more block confirmations.
6 confirmations: With Bitcoin, the network has spent approximately one hour protecting the transaction against double-spends. With the transaction being buried under 6 blocks, an attacker would require a significant amount of network hashing power to revert those 6 blocks and double-spend the transaction.
However, it is theoretically possible in certain instances for a double-spend transaction to occur. For example, a race attack, Finney attack and 51% attack are all scenarios that could result in the same digital currency being spent more than once.
This type of attack can occur to merchants and other individuals who accept payment for a good or service with 0 block confirmations on the transaction. A malicious actor could carry out this attack by sending two conflicting transactions in rapid succession on the network. For example, this malicious actor could first send a transaction paying a merchant for a good or service, and then send a conflicting transaction spending those same coins to himself. It might be the case that the second conflicting transaction is mined into a block and accepted by the network nodes as the genuine transaction. This would be to the detriment of the merchant, who would have already provided his/her good or service in expectation of payment.
The Finney attack is another form of attack that can occur when payment for a good or service is accepted at 0 block confirmations. The execution of a Finney attack requires a miner to have already mined a block, but not yet broadcast that mined block to the rest of the network. With this type of attack, the miner could include a transfer of coins from address A to address B (both of which the miner owns) into the mined block, but not yet broadcast it. The miner could then purchase a good or service from a merchant, making payment from their address A to the merchant’s address C. The merchant, in expectation of payment, could then provide the good or service to the miner. However, the miner could then defraud the merchant of their good or service by broadcasting their previously mined block that includes the transfer of coins from address A to B. In this instance, the miner’s personal transaction could take precedence over the transaction with the merchant.
Also known as a majority attack, a malicious actor can make double-spends if they control more than half of a network’s hash rate. With a 51% attack, as the malicious actor can generate blocks faster than the rest of the network (as they have a higher hash rate), they could simply mine a private fork of the blockchain until it becomes longer than the blockchain being built by honest miners. The malicious actor could then spend funds on the blockchain being built by the honest miners, but then not include these transactions in the private blockchain. From here, the individual could then broadcast the longer private blockchain and be able to spend their funds again.