Abstract
Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to resist double-spending through a distributed timestamping service. To ensure the operation and security of Bitcoin, it is essential that all transactions and their order of execution are available to all Bitcoin users.
Unavoidably, in such a setting, the security of transactions comes at odds with transaction privacy. Motivated by the fact that transaction confirmation in Bitcoin requires tens of minutes, we analyze the conditions for performing successful double-spending attacks against fast payments in Bitcoin, where the time between the exchange of currency and goods is short (in the order of a minute). We show that unless new detection techniques are integrated in the Bitcoin implementation, double-spending attacks on fast payments succeed with considerable probability and can be mounted at low cost. We propose a new and lightweight countermeasure that enables the detection of double-spending attacks in fast transactions.
In light of such misbehavior, accountability becomes crucial. We show that in the specific case of Bitcoin, accountability complements privacy. To illustrate this tension, we provide accountability and privacy definition for Bitcoin, and we investigate analytically and empirically the privacy and accountability provisions in Bitcoin.
- Elli Androulaki and Ghassan Karame. 2014. Hiding transaction amounts and balances in Bitcoin. In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST). Google Scholar
Digital Library
- Elli Androulaki, Ghassan Karame, and Srdjan Capkun. 2013. Evaluating user privacy in Bitcoin. In Proceedings of Financial Crypto 2013. http://eprint.iacr.org/2012/596.pdf.Google Scholar
Cross Ref
- Elli Androulaki, Mariana Raykova, Shreyas Srivatsan, Angelos Stavrou, and Steven M. Bellovin. 2008. PAR: Payment for anonymous routing. In Proceedings of the 8th International Symposium on Privacy Enhancing Technologies (PETS’08). 219--236. Google Scholar
Digital Library
- Moshe Babaioff, Shahar Dobzinski, Sigal Oren, and Aviv Zohar. 2011. On Bitcoin and red balloons. ACM SIGecom Exhanges 10, 3, 5--9. Google Scholar
Digital Library
- Simon Barber, Xavier Boyen, Elaine Shi, and Ersin Uzun. 2012. Bitter to better—how to make Bitcoin a better currency. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7397. Springer, 399--414.Google Scholar
- Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Practical decentralized anonymous e-cash from Bitcoin. In Proceedings of the 2014 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.Google Scholar
Digital Library
- Bitcoin. 2013. Introduction. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Introduction.Google Scholar
- BitcoinCharts. 2013. Bitcoin Charts. Retrieved April 2, 2015, from http://bitcoincharts.com.Google Scholar
- BitcoinDoS. 2013. Weaknesses. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Weaknesses.Google Scholar
- BitcoinExplorer. 2013. Bitcoin Block Explorer. Retrieved April 2, 2015, from http://blockexplorer.com.Google Scholar
- BitcoinFAQ. 2013. FAQ. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/FAQ.Google Scholar
- BitcoinMyths. 2013. Myths. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Myths#Point_of_sale_with_bitcoins_isn.27t_possible_because_of_the_10_minute_wait_for_confirmation.Google Scholar
- BitcoinProtocol. 2013. Protocol Documentation. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Protocol_specification.Google Scholar
- BitcoinRules. 2012. Protocol Rules. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Protocol_rules.Google Scholar
- BitcoinTrade. 2013. Trade. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Trade.Google Scholar
- BitcoinWiki. 2014. Double-Spending. Retrieved April 2, 2015, from https://en.bitcoin.it/Double-spending.Google Scholar
- BitcoinXT. 2014. Bitcoin XT. Retrieved April 2, 2015, from https://github.com/bitcoinxt/bitcoinxt.Google Scholar
- BlockChain. 2013. 200 Double Spends. Retrieved April 2, 2015, from https://blockchain.info/double-spends.Google Scholar
- Joseph Bonneau, Arvind Narayanan, Andrew Miller, Jeremy Clark, Joshua A. Kroll, and Edward W. Felten. 2014. Mixcoin: Anonymity for Bitcoin with accountable mixes. In Proceedings of Financial Crypto 2014.Google Scholar
- Stefan Brands. 1995. Electronic cash on the Internet. In Proceedings of the Symposium on Network and Distributed System Security. 64--84. Google Scholar
Digital Library
- Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact e-cash. In Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, Vol. 3494. Springer, 302--321. Google Scholar
Digital Library
- David Chaum, Amos Fiat, and Moni Naor. 1990. Untraceable electronic cash. In Proceedings of Advances in Cryptology (CRYPTO’88). 319--327. Google Scholar
Digital Library
- CNN. 2011. CNN: Bitcoin’s Uncertain Future as Currency. Retrieved April 2, 2015, from https://www.youtube.com/watch?v=75VaRGdzMM0.Google Scholar
- CoinJoin. 2013. CoinJoin: Bitcoin Privacy for the Real World. Retrieved April 2, 2015, from https://bitcointalk.org/index.php?topic=279249.0.Google Scholar
- Connectivity. 2013. Satoshi Client Node Connectivity. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Satoshi_Client_Node_Connectivity.Google Scholar
- Christian Decker and Roger Wattenhofer. 2013. Information propagation in the Bitcoin network. In Proceedings of the 13th IEEE International Conference on Peer-to-Peer Computing.Google Scholar
Cross Ref
- Deepbit. 2011. Deepbit. Retrieved April 2, 2015, from https://deepbit.net.Google Scholar
- Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. 2002. Towards measuring anonymity. In Proceedings of the Privacy Enhancing Technologies Workshop (PET’02). Google Scholar
Digital Library
- DoubleSpending. 2014. Observed Double-Spends. Retrieved April 2, 2015, from http://respends.thinlink.com.Google Scholar
- Elias. 2011. Bitcoin: Tempering the Digital Ring of Gyges or Implausible Pecuniary Privacy. Retrieved April 2, 2015, from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1937769.Google Scholar
- Finney. 2013. Weaknesses. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Weaknesses#The_.22Finney.22_attack.Google Scholar
- Matthias Franz, Bernd Meyer, and Andreas Pashalidis. 2007. Attacking unlinkability: The importance of context. In Privacy Enhancing Technologies. Lecture Notes in Computer Science, Vol. 4776. Springer, 1--16. Google Scholar
Digital Library
- Christina Garman, Matthew Green, Ian Meiers, and Aviel Rubin. 2014. Rational zero: Economic security for zerocoin with everlasting anonymity. In Proceedings of the Financial Cryptography and Data Security Conference.Google Scholar
Cross Ref
- Arthur Gervais, Srdjan Capkun, Ghassan O. Karame, and Damian Gruber. 2014a. On the privacy provisions of Bloom filters in lightweight Bitcoin clients. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC’14). 326--335. DOI:http://dx.doi.org/10.1145/2664243.2664267 Google Scholar
Digital Library
- Arthur Gervais, Ghassan Karame, Srdjan Capkun, and Vedran Capkun. 2014b. Is Bitcoin a decentralized currency? IEEE Security and Privacy 12, 3, 54--60.Google Scholar
- Ghassan Karame, Aurelien Francillon, and Srdjan Čapkun. 2011. Pay as you browse: Microcomputations as micropayments in Web-based services. In Proceedings of the 20th International Conference on World Wide Web (WWW’11). 307--316. Google Scholar
Digital Library
- Ghassan O. Karame, Elli Androulaki, and Srdjan Capkun. 2012. Double-spending fast payments in Bitcoin. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 906--917. DOI:http://dx.doi.org/10.1145/2382196.2382292 Google Scholar
Digital Library
- Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in Bitcoin using p2p network traffic. In Proceedings of Financial Crypto 2014.Google Scholar
Cross Ref
- Bradley Malin. 2008. K-unlinkability: A privacy protection model for distributed data. Data and Knowledge Engineering 64, 1, 294--311. Google Scholar
Digital Library
- Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. 2013. A fistful of Bitcoins: Characterizing payments among men with no names. In Proceedings of the Internet Measurement Conference (IMC’13). ACM, New York, NY, 127--140. DOI:http://dx.doi.org/10.1145/2504730.2504747 Google Scholar
Digital Library
- Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. 2013. Zerocoin: Anonymous distributed e-cash from Bitcoin. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
- Mining. 2013. Comparison of Mining Pools. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Comparison_of_mining_pools.Google Scholar
- MiningHardware. 2013. Mining Hardware Comparison. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Mining_hardware_comparison.Google Scholar
- Andreas Pfitzmann and Marit Hansen. 2008. Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management: A consolidated proposal for terminology. Fachterminologie Datenschutz und Datensicherheit 2008, 111--144. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.18.pdf.Google Scholar
- ProofWiki. 2013. Definition:Geometric Distribution/Shifted. Retrieved April 2, 2015, from https://proofwiki.org/wiki/Definition:Geometric_Distribution/Shifted.Google Scholar
- Fergal Reid and Martin Harrigan. 2011. An analysis of anonymity in the Bitcoin system. arXiv:1107.4524.Google Scholar
- Ronald Rivest. 2004. Peppercoin micropayments. In Financial Cryptography. Lecture Notes in Computer Science, Vol. 3110. Springer, 2--8.Google Scholar
- Dorit Ron and Adi Shamir. 2013. Quantitative analysis of the full Bitcoin transaction graph. In Proceedings of Financial Crypto 2013.Google Scholar
Cross Ref
- Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2014. CoinShuffle: Practical decentralized coin mixing for Bitcoin. In Computer Security—ESORICS 2014. Lecture Notes in Computer Science, Vol. 8713. Springer, 345--364.Google Scholar
- Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved April 2, 2015, from https://bitcoin.org/bitcoin.pdf.Google Scholar
- Sandra Steinbrecher and Stefan Koepsell. 2003. Modelling unlinkability. In Privacy Enhancing Technologies. Lecture Notes in Computer Science, Vol. 2760. Springer, 32--47.Google Scholar
- Syed and Syed 2011. Bitcoin Gateway, A Peer-to-Peer Bitcoin Vault and Payment Network. Retrieved April 2, 2015, from http://arimaa.com/bitcoin/.Google Scholar
- Nguyen Xuan Vinh, Julien Epps, and James Bailey. 2009. Information theoretic measures for clusterings comparison: Is a correction for chance necessary? In Proceedings of the 26th Annual International Conference on Machine Learning (ICML’09). Google Scholar
Digital Library
- Nguyen Xuan Vinh, Julien Epps, and James Bailey. 2010. Information theoretic measures for clusterings comparison: Variants, properties, normalization and correction for chance. Journal of Machine Learning Research 11, 2837--2854. Google Scholar
Digital Library
- Znort987. 2013. Znort987/Blockparser. (2013). Retrieved April 2, 2015, from https://github.com/znort987/blockparser.Google Scholar
Index Terms
Misbehavior in Bitcoin: A Study of Double-Spending and Accountability
Recommendations
Double-spending fast payments in bitcoin
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityBitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the ...
Double-spending prevention for Bitcoin zero-confirmation transactions
Zero-confirmation transactions, i.e. transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast ...
Collusion attacks and fair time-locked deposits for fast-payment transactions in Bitcoin1
In Bitcoin network, the distributed storage of multiple copies of the block chain opens up possibilities for double-spending, i.e., a payer issues two separate transactions to two different payees transferring the same coins. While Bitcoin has inherent ...






Comments