Skip to main content

Double-spending prevention for Bitcoin zero-confirmation transactions

Abstract

Zero-confirmation transactions, i.e. transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast payments are desirable in certain scenarios, for instance, when buying in vending machines, fast food restaurants, or withdrawing from an ATM. Despite being quickly propagated through the network, zero-confirmation transactions are not protected against double-spending attacks, since the double-spending protection Bitcoin offers relies on the blockchain and, by definition, such transactions are not yet included in it. In this paper, we propose a double-spending prevention mechanism for Bitcoin zero-confirmation transactions. Our proposal is based on exploiting the flexibility of the Bitcoin scripting language together with a well-known vulnerability of the ECDSA signature scheme to discourage attackers from performing such an attack.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Notes

  1. Although it can be argued that Bitcoin transactions are not final since blockchain forks may always occur, throughout this paper, to simplify the discussion, we assume that once a transaction appears in the blockchain it is final.

  2. Notice inputs do not contain any value. The whole value of an output is consumed when it is used as an input of a new transaction. The difference between the amount claimed by the inputs and the ones specified in the new outputs is the fee collected by the miner.

  3. An interested reader could refer to [14] for additional information about Bitcoin smart contracts and script types.

  4. See [14] for all the validation details.

  5. Notice that this only affects transactions in the mempool, since transactions included in the blockchain are final and thus not replaceable.

  6. https://www.blocktrail.com/tBTC/tx/8e27cae62d1df357b65b634a8482672d85f71804a5c7fc392050517a5bfeb04f.

  7. Here we assume that the price of the goods is equal to the value of the goods. If the price paid is higher than the cost, B’s payoff is positive and reflects the benefit obtained from the sale.

  8. Note, however, that Bob may also act as an observer himself, being able to create a penalty transaction and trying to gain the observer’s payoff.

  9. Since \(\hbox {Pr}[\tau _{f} \in \mathcal {B} ]+ \hbox {Pr}[\tau _{d} \in \mathcal {B} ] + \sum _j \hbox {Pr}[\tau _{p_j} \in \mathcal {B}] = 1\), fixing the first two probabilities uniquely determines the third operand.

  10. https://web.archive.org/web/20180522080137/https://blockchain.info/pools.

References

  1. Karame, G.O., Androulaki, E., Capkun, S.: In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)

  2. Karame, G.O., Androulaki, E., Roeschlin, M., Gervais, A., Čapkun, S.: Misbehavior in Bitcoin: a study of double-spending and accountability. ACM Trans. Inf. Syst. Secur. 18(1), 21 (2015). https://doi.org/10.1145/2732196

    Article  Google Scholar 

  3. GAP600: Gap600 bitcoin transactions guaranteed. http://gap600.com/ (2017). Accessed 12 Nov 2018

  4. Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., Welten, S.: In: Proceedings of the IEEE International Conference on Peer-to-Peer Computing (P2P). Trento (2013)

  5. Biryukov, A., Khovratovich, D., Pustogarov, I.: In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29. ACM (2014)

  6. Biryukov, A., Pustogarov, I.: Security and Privacy (SP), 2015 IEEE Symposium on, pp. 122–134. IEEE (2015)

  7. Kroll, J.A., Davey, I.C., Felten, E.W.: In: The Twelfth Workshop on the Economics of Information Security (WEIS, 2013) (2013)

  8. Bentov, I., Kumaresan, R.: In: International Cryptology Conference, pp. 421–439. Springer (2014)

  9. Poon, J., Dryja, T.: The Bitcoin Lightning Network: Scalable Off-chain Instant Payments. Technical Reports. https://lightning.network (2015). Accessed 12 Nov 2018

  10. Bentov, I., Kumaresan, R., Miller, A.: In: Theory and Application of Cryptology and Information Security, pp. 410–440. Springer (2017)

  11. David, B., Dowsley, R., Larangeira, M.: In: Proceedings of the 2018 International Conference on Financial Cryptography and Data Security (2018)

  12. Park, S., Kwon, A., Fuchsbauer, G., Gazi, P., Alwen, J., Pietrzak, K.: In: Proceedings of the 2018 International Conference on Financial Cryptography and Data Security (2018)

  13. Ruffing, T., Kate, A., Schröder, D.: In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pp. 219–230. ACM (2015)

  14. Antonopoulos, A.M.: In: Mastering Bitcoin: Unlocking Digital Cryptocurrencies, Chap. 5. O’Reilly Media, Inc. (2014)

  15. Certicom Research: Sec 2: Recommended Elliptic Curve Domain Parameters. Technical Reports, Certicom Corp (2010)

  16. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    MATH  Google Scholar 

  17. Paar, C., Pelzl, J.: Understanding Cryptography: A Textbook for Students and Practitioners. Springer, Berlin (2009)

    MATH  Google Scholar 

  18. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptol. 15(3), 151 (2002)

    MathSciNet  Article  MATH  Google Scholar 

  19. Bellare, M., Goldwasser, S., Micciancio, D.: In: Annual International Cryptology Conference, pp. 277–291. Springer (1997)

  20. Schneider, N.: Recovering Bitcoin private keys using weak signatures from the blockchain. Retrieved from https://web.archive.org/web/20180201164531/ http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html (2013)

  21. Valsorda, F.: Exploiting ECDSA failures in the Bitcoin blockchain (2014). http://conference.hitb.org/hitbsecconf2014kul/materials/D1T1%20-%20Filippo%20Valsorda%20-%20Exploiting%20ECDSA%20Failures%20in%20the%20Bitcoin%20Blockchain.pdf

  22. Bitcoin.org.: Android security vulnerability. https://bitcoin.org/en/alert/2013-08-11-android (2013). Accessed 12 Nov 2018

  23. Pornin, T.: Deterministic usage of the digital signature algorithm (DSA) and elliptic curve digital signature algorithm (ECDSA). In: RFC 6979, Internet Request for Comments, The Internet Society (2013)

  24. Clark, J., Essex, A.: In: Keromytis A.D. (eds) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 7397, pp. 390–398. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-32946-3_28

  25. Decker, C.: Data propagation: How fast does information move in the network? http://bitcoinstats.com/network/propagation/ (2017). Accessed 12 Nov 2018

Download references

Funding

This work is partially supported by the Spanish ministry under grant number TIN2014-55243-P and the Catalan Agència de Gestió d’Ajuts Universitaris i de Recerca (AGAUR) Grant 2014SGR-691.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Cristina Pérez-Solà.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Pérez-Solà, C., Delgado-Segura, S., Navarro-Arribas, G. et al. Double-spending prevention for Bitcoin zero-confirmation transactions. Int. J. Inf. Secur. 18, 451–463 (2019). https://doi.org/10.1007/s10207-018-0422-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-018-0422-4

Keywords

  • Double-spending
  • Bitcoin
  • Cryptocurrency
  • Blockchain
  • ECDSA

Mathematics Subject Classification

  • 68M14