Demo Time!
Who wants some bitcoin?
Double-Spending Made Easy
A practical guide to double-spending with Bitcoin
Inputs and Outputs
All bitcoin transactions contain inputs and outputs, where the inputs to one transaction are outputs from a previous transaction. There is one exception - coinbase transactions - which have no inputs and only have outputs.
Outputs that have not been spent yet are called unspent transaction outputs (UTXO).
What is a Double-Spend?
Using the exact same unspent output (UTXO) as an input for two different transactions. Alice broadcasts Transaction A where Bob is the recipient. Bob sees the transaction and thinks he has been paid. Alice attempts to broadcast Transaction B, but the transaction is rejected as a double-spend.
Race Attack
Alice creates Transaction A that pays Bob. Then Alice creates Transaction B using the exact same input, but the recipient is Alice. Finally, Alice broadcasts Transaction A followed quickly by Transaction B. The first transaction that is mined (confirmed) in a block is valid. The other will be invalid.
Finney Attack
Alice creates Transaction B that pays herself. Alice mines a block with this transaction included, but doesn't broadcast it. Alice creates and broadcasts Transaction A which pays Bob with the exact same input as Transaction B. Alice broadcasts the mined block.
Alternative History Attack
Alice creates and broadcasts Transaction A, while privately mining an alternative blockchain fork in which she has included Transaction B. Once her privately mined chain is longer than the public chain, she broadcasts her fork.
Replace-by-fee (RBF) Attack
RBF is a feature of the Bitcoin protocol that allows users to increase the fee paid by a stuck transaction, improving the odds that it will be confirmed. This feature can be abused to double-spend quite easily, but only for unconfirmed transactions.
Wallet Apps vs. Double-Spending
So how do wallet applications perform against double-spend attacks?
| RBF Flag | Double-spend Alert |
Intervention is possible (e.g "child pays for parent") |
Correct Balance |
|
|---|---|---|---|---|
| Bitcoin Core | ? | ? | ? | ? |
| Blockstream Green Wallet | no | no | no | partial |
| Coinomi | no | no | no | yes |
| Electrum | yes | partial | partial | yes |
| Mycelium | yes | no | partial | yes |
| Trezor Web | no | no | no | yes |
Test results from September 2019
Block Explorers vs. Double-Spending
And what about block explorers?
| RBF Flag | Double-spend Alert |
Both transactions visible |
Original tx preserved |
|
|---|---|---|---|---|
| bitaps.com | yes | partial | partial | yes |
| blockchain.info | no | partial | yes | yes |
| blockchair.com | no | no | no | no |
| blockcypher.com | yes | yes | yes | no |
| blockstream.info | yes | no | no | no |
| btc2.trezor.io | no | no | no | no |
| chain.so | no | no | no | no |
| insight | no | no | no | no |
| smartbit.com.au | no | yes | no | no |
Test results from September 2019
Root of the Problem
0-conf is fast but not trustless
Businesses and individual users want fast, trustless, censorship-free payments. This means that they are using zero-confirmation transactions and assuming the risk of being defrauded by their counter-parties.
Incomplete Information
Bitcoin nodes do not relay invalid (double-spend) transactions so there is no guarantee that your wallet application (or full-node) will see both the original payment and double-spend transactions. In other words - this cannot be solved with better interfaces alone.
The Solution is Clear
Wait for at least one confirmation - or more for high-value transactions.
For businesses such as cafes, restaurants, or bars - accepting unconfirmed Bitcoin transactions is just a bad idea. So if you require fast payments..
Use the Lightning Network!
A peer-to-peer, second-layer network that facilitates instant, trustless, low-fee payments. The ecosystem around LN is developing rapidly. Download and give a try to one of several Lightning-enabled wallet apps:
- Breez - Android and iOS
- Phoenix - Android and iOS
- WalletOfSatoshi - Android and iOS
Try to double-spend yourself
Don't trust, verify the payment systems which you depend on.
PayNoWay is available now in the PlayStore and F-Droid repository
Thanks!
degreesofzero.com/talks/double-spending-made-easy
Scan the QR code for a link to this presentation