Double Spending

2 August 2023

6m read

What does double spending mean?

When the same monies are delivered to two recipients at once in a digital cash system, double-spending is a potential problem. A protocol that doesn't tackle the issue is fundamentally compromised in the absence of suitable countermeasures because users have no way to confirm that the money they've received hasn't already been spent elsewhere.

It is crucial to prevent the duplication of certain units when it comes to digital currency. If Person A (she) could acquire 10 units, copy and paste them 10 times, and end up with 100 units, the entire system would be compromised. The same logic applies if she can transmit the same 10 units to Person B and Person C at the same time. Therefore, safeguards against this conduct must be in place for digital money to work.

How is duplicate expenditure avoided?

Using a centralized strategy

Compared to decentralized options, the centralized approach is far simpler to deploy. Usually, a single administrator is responsible for overseeing the system and regulating the issuance and distribution of units. David Chaum's eCash is a nice illustration of a centralized solution to the double-spend issue.

As described by the cryptographer, a bank can utilize blind signatures to provide consumers with a digital asset that resembles currency and is capable of anonymous and peer-to-peer exchange.

In this situation, a user (let's call him Person D) must first notify the bank if he wants to get $100 in virtual currency. He will then generate a random number (or many, for lesser denominations), assuming he has enough money in his account. Let's say he generates five numbers, each of which is to be valued at $20. Person D clouds the random numbers by adding a blinding factor to each one of them, preventing the bank from being able to track particular units.

The bank debits his account for $100 when he gives them this information, and he signs documents attesting that each of the five pieces of information is redeemable for $20. The money that the bank has issued to him can now be used. He visits Person E's restaurant and spends $40 on supper there.

The random number that is linked to each digital cash "bill" acts as a unique identification for each unit (much like a serial number), and he can remove the blinding element to reveal it. Person E (she) learns about two of these from him, and she now needs to redeem them right away at the bank to stop Person D from using them at another retailer. The bank will validate the signatures, and if everything seems good, it will add $40 to Person E's account.

The bills that were used have already been effectively burnt, therefore fresh ones must be printed if Person E wants to use her new balance in the same way.

Private transfers might be advantageous with the Chaumian eCash configuration. But because the bank is a major point of failure, it lacks resilience. A bill that has been issued has no intrinsic value because it only has value in terms of the bank's readiness to exchange it for money. Customers depend on the bank's goodwill and are at its mercy in order for their money to work. This is the very issue that cryptocurrency seeks to solve.

The decentralized strategy

It is more difficult to ensure that money cannot be spent twice in an ecosystem where there is no watchdog. Participants with equal influence must cooperate around a set of regulations that deter fraud and encourage all users to behave honorably.

A blockchain is basically a database with some special characteristics. Running specialist software, network participants (also known as nodes) can synchronize their copies of the database with their peers. As a result, the entire network may examine the history of transactions going all the way back to the genesis block. It is simple to spot and stop fraudulent behavior, like transactions that attempt to double-spend when the blockchain is publicly available.

A transaction must first be included in a block through mining before it is posted to the blockchain when a user broadcasts it. Therefore, the transaction should only be regarded as genuine by the beneficiary when its block has been included in the chain. Otherwise, they run the risk of losing money because the sender might use the same currency somewhere else.

Coins cannot be double-spent after the transaction is validated since ownership is transferred to a new user, and the entire network can confirm this. For this reason, experts advise waiting for several confirmations before recognizing a payment as legitimate. The difficulty of changing or rewriting the chain (as might happen during a 51%) attack) dramatically increases with each succeeding block.

Let's go back to the restaurant example. Person D visits the establishment once more and this time sees a sticker on the window that reads "Crypto Accepted Here." He places another order of the dinner because he liked it the first time. He has to pay 0.010 ETH.

Person E gives him a public address where he needs to send the money. A signed message announcing that the 0.010 ETH that was in his possession is now in hers is what he broadcasts as the transaction. Without going into great detail, anyone in possession of his signed transaction may confirm that he was in fact in charge of the coins and thus qualified to send them.

As previously stated, the transaction is only legitimate if it is part of a block that is confirmed. Similar to taking the $40 in eCash from the prior example and not immediately paying it in at the bank, accepting unconfirmed transactions let the sender use the funds elsewhere. Therefore, it is advised that Person E (in this case, the receiver) hold off receiving Person D's (in this case, the sender's) payment until at least six block confirmations have occurred, or around an hour.

Concluding remarks

By using the same funds more than once, a person can manipulate an electronic cash system to their financial advantage. The absence of suitable solutions to the issue has historically impeded advancement in the field.

Latest Releases