skip to main content
research-article

Misbehavior in Bitcoin: A Study of Double-Spending and Accountability

Published:27 May 2015Publication History
Skip Abstract Section

Abstract

Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to resist double-spending through a distributed timestamping service. To ensure the operation and security of Bitcoin, it is essential that all transactions and their order of execution are available to all Bitcoin users.

Unavoidably, in such a setting, the security of transactions comes at odds with transaction privacy. Motivated by the fact that transaction confirmation in Bitcoin requires tens of minutes, we analyze the conditions for performing successful double-spending attacks against fast payments in Bitcoin, where the time between the exchange of currency and goods is short (in the order of a minute). We show that unless new detection techniques are integrated in the Bitcoin implementation, double-spending attacks on fast payments succeed with considerable probability and can be mounted at low cost. We propose a new and lightweight countermeasure that enables the detection of double-spending attacks in fast transactions.

In light of such misbehavior, accountability becomes crucial. We show that in the specific case of Bitcoin, accountability complements privacy. To illustrate this tension, we provide accountability and privacy definition for Bitcoin, and we investigate analytically and empirically the privacy and accountability provisions in Bitcoin.

References

  1. Elli Androulaki and Ghassan Karame. 2014. Hiding transaction amounts and balances in Bitcoin. In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST). Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Elli Androulaki, Ghassan Karame, and Srdjan Capkun. 2013. Evaluating user privacy in Bitcoin. In Proceedings of Financial Crypto 2013. http://eprint.iacr.org/2012/596.pdf.Google ScholarGoogle ScholarCross RefCross Ref
  3. Elli Androulaki, Mariana Raykova, Shreyas Srivatsan, Angelos Stavrou, and Steven M. Bellovin. 2008. PAR: Payment for anonymous routing. In Proceedings of the 8th International Symposium on Privacy Enhancing Technologies (PETS’08). 219--236. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Moshe Babaioff, Shahar Dobzinski, Sigal Oren, and Aviv Zohar. 2011. On Bitcoin and red balloons. ACM SIGecom Exhanges 10, 3, 5--9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Simon Barber, Xavier Boyen, Elaine Shi, and Ersin Uzun. 2012. Bitter to better—how to make Bitcoin a better currency. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7397. Springer, 399--414.Google ScholarGoogle Scholar
  6. Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Practical decentralized anonymous e-cash from Bitcoin. In Proceedings of the 2014 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bitcoin. 2013. Introduction. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Introduction.Google ScholarGoogle Scholar
  8. BitcoinCharts. 2013. Bitcoin Charts. Retrieved April 2, 2015, from http://bitcoincharts.com.Google ScholarGoogle Scholar
  9. BitcoinDoS. 2013. Weaknesses. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Weaknesses.Google ScholarGoogle Scholar
  10. BitcoinExplorer. 2013. Bitcoin Block Explorer. Retrieved April 2, 2015, from http://blockexplorer.com.Google ScholarGoogle Scholar
  11. BitcoinFAQ. 2013. FAQ. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/FAQ.Google ScholarGoogle Scholar
  12. BitcoinMyths. 2013. Myths. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Myths#Point_of_sale_with_bitcoins_isn.27t_possible_because_of_the_10_minute_wait_for_confirmation.Google ScholarGoogle Scholar
  13. BitcoinProtocol. 2013. Protocol Documentation. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Protocol_specification.Google ScholarGoogle Scholar
  14. BitcoinRules. 2012. Protocol Rules. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Protocol_rules.Google ScholarGoogle Scholar
  15. BitcoinTrade. 2013. Trade. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Trade.Google ScholarGoogle Scholar
  16. BitcoinWiki. 2014. Double-Spending. Retrieved April 2, 2015, from https://en.bitcoin.it/Double-spending.Google ScholarGoogle Scholar
  17. BitcoinXT. 2014. Bitcoin XT. Retrieved April 2, 2015, from https://github.com/bitcoinxt/bitcoinxt.Google ScholarGoogle Scholar
  18. BlockChain. 2013. 200 Double Spends. Retrieved April 2, 2015, from https://blockchain.info/double-spends.Google ScholarGoogle Scholar
  19. Joseph Bonneau, Arvind Narayanan, Andrew Miller, Jeremy Clark, Joshua A. Kroll, and Edward W. Felten. 2014. Mixcoin: Anonymity for Bitcoin with accountable mixes. In Proceedings of Financial Crypto 2014.Google ScholarGoogle Scholar
  20. Stefan Brands. 1995. Electronic cash on the Internet. In Proceedings of the Symposium on Network and Distributed System Security. 64--84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact e-cash. In Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, Vol. 3494. Springer, 302--321. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. David Chaum, Amos Fiat, and Moni Naor. 1990. Untraceable electronic cash. In Proceedings of Advances in Cryptology (CRYPTO’88). 319--327. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. CNN. 2011. CNN: Bitcoin’s Uncertain Future as Currency. Retrieved April 2, 2015, from https://www.youtube.com/watch?v=75VaRGdzMM0.Google ScholarGoogle Scholar
  24. CoinJoin. 2013. CoinJoin: Bitcoin Privacy for the Real World. Retrieved April 2, 2015, from https://bitcointalk.org/index.php?topic=279249.0.Google ScholarGoogle Scholar
  25. Connectivity. 2013. Satoshi Client Node Connectivity. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Satoshi_Client_Node_Connectivity.Google ScholarGoogle Scholar
  26. Christian Decker and Roger Wattenhofer. 2013. Information propagation in the Bitcoin network. In Proceedings of the 13th IEEE International Conference on Peer-to-Peer Computing.Google ScholarGoogle ScholarCross RefCross Ref
  27. Deepbit. 2011. Deepbit. Retrieved April 2, 2015, from https://deepbit.net.Google ScholarGoogle Scholar
  28. Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. 2002. Towards measuring anonymity. In Proceedings of the Privacy Enhancing Technologies Workshop (PET’02). Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. DoubleSpending. 2014. Observed Double-Spends. Retrieved April 2, 2015, from http://respends.thinlink.com.Google ScholarGoogle Scholar
  30. Elias. 2011. Bitcoin: Tempering the Digital Ring of Gyges or Implausible Pecuniary Privacy. Retrieved April 2, 2015, from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1937769.Google ScholarGoogle Scholar
  31. Finney. 2013. Weaknesses. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Weaknesses#The_.22Finney.22_attack.Google ScholarGoogle Scholar
  32. Matthias Franz, Bernd Meyer, and Andreas Pashalidis. 2007. Attacking unlinkability: The importance of context. In Privacy Enhancing Technologies. Lecture Notes in Computer Science, Vol. 4776. Springer, 1--16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Christina Garman, Matthew Green, Ian Meiers, and Aviel Rubin. 2014. Rational zero: Economic security for zerocoin with everlasting anonymity. In Proceedings of the Financial Cryptography and Data Security Conference.Google ScholarGoogle ScholarCross RefCross Ref
  34. Arthur Gervais, Srdjan Capkun, Ghassan O. Karame, and Damian Gruber. 2014a. On the privacy provisions of Bloom filters in lightweight Bitcoin clients. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC’14). 326--335. DOI:http://dx.doi.org/10.1145/2664243.2664267 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Arthur Gervais, Ghassan Karame, Srdjan Capkun, and Vedran Capkun. 2014b. Is Bitcoin a decentralized currency? IEEE Security and Privacy 12, 3, 54--60.Google ScholarGoogle Scholar
  36. Ghassan Karame, Aurelien Francillon, and Srdjan Čapkun. 2011. Pay as you browse: Microcomputations as micropayments in Web-based services. In Proceedings of the 20th International Conference on World Wide Web (WWW’11). 307--316. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Ghassan O. Karame, Elli Androulaki, and Srdjan Capkun. 2012. Double-spending fast payments in Bitcoin. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 906--917. DOI:http://dx.doi.org/10.1145/2382196.2382292 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in Bitcoin using p2p network traffic. In Proceedings of Financial Crypto 2014.Google ScholarGoogle ScholarCross RefCross Ref
  39. Bradley Malin. 2008. K-unlinkability: A privacy protection model for distributed data. Data and Knowledge Engineering 64, 1, 294--311. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. 2013. A fistful of Bitcoins: Characterizing payments among men with no names. In Proceedings of the Internet Measurement Conference (IMC’13). ACM, New York, NY, 127--140. DOI:http://dx.doi.org/10.1145/2504730.2504747 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. 2013. Zerocoin: Anonymous distributed e-cash from Bitcoin. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Mining. 2013. Comparison of Mining Pools. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Comparison_of_mining_pools.Google ScholarGoogle Scholar
  43. MiningHardware. 2013. Mining Hardware Comparison. Retrieved April 2, 2015, from https://en.bitcoin.it/wiki/Mining_hardware_comparison.Google ScholarGoogle Scholar
  44. Andreas Pfitzmann and Marit Hansen. 2008. Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management: A consolidated proposal for terminology. Fachterminologie Datenschutz und Datensicherheit 2008, 111--144. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.18.pdf.Google ScholarGoogle Scholar
  45. ProofWiki. 2013. Definition:Geometric Distribution/Shifted. Retrieved April 2, 2015, from https://proofwiki.org/wiki/Definition:Geometric_Distribution/Shifted.Google ScholarGoogle Scholar
  46. Fergal Reid and Martin Harrigan. 2011. An analysis of anonymity in the Bitcoin system. arXiv:1107.4524.Google ScholarGoogle Scholar
  47. Ronald Rivest. 2004. Peppercoin micropayments. In Financial Cryptography. Lecture Notes in Computer Science, Vol. 3110. Springer, 2--8.Google ScholarGoogle Scholar
  48. Dorit Ron and Adi Shamir. 2013. Quantitative analysis of the full Bitcoin transaction graph. In Proceedings of Financial Crypto 2013.Google ScholarGoogle ScholarCross RefCross Ref
  49. Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2014. CoinShuffle: Practical decentralized coin mixing for Bitcoin. In Computer Security—ESORICS 2014. Lecture Notes in Computer Science, Vol. 8713. Springer, 345--364.Google ScholarGoogle Scholar
  50. Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved April 2, 2015, from https://bitcoin.org/bitcoin.pdf.Google ScholarGoogle Scholar
  51. Sandra Steinbrecher and Stefan Koepsell. 2003. Modelling unlinkability. In Privacy Enhancing Technologies. Lecture Notes in Computer Science, Vol. 2760. Springer, 32--47.Google ScholarGoogle Scholar
  52. Syed and Syed 2011. Bitcoin Gateway, A Peer-to-Peer Bitcoin Vault and Payment Network. Retrieved April 2, 2015, from http://arimaa.com/bitcoin/.Google ScholarGoogle Scholar
  53. Nguyen Xuan Vinh, Julien Epps, and James Bailey. 2009. Information theoretic measures for clusterings comparison: Is a correction for chance necessary? In Proceedings of the 26th Annual International Conference on Machine Learning (ICML’09). Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Nguyen Xuan Vinh, Julien Epps, and James Bailey. 2010. Information theoretic measures for clusterings comparison: Variants, properties, normalization and correction for chance. Journal of Machine Learning Research 11, 2837--2854. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Znort987. 2013. Znort987/Blockparser. (2013). Retrieved April 2, 2015, from https://github.com/znort987/blockparser.Google ScholarGoogle Scholar

Index Terms

  1. Misbehavior in Bitcoin: A Study of Double-Spending and Accountability

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM Transactions on Information and System Security
                ACM Transactions on Information and System Security  Volume 18, Issue 1
                June 2015
                126 pages
                ISSN:1094-9224
                EISSN:1557-7406
                DOI:10.1145/2786062
                • Editor:
                • Gene Tsudik
                Issue’s Table of Contents

                Copyright © 2015 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 27 May 2015
                • Accepted: 1 February 2015
                • Revised: 1 December 2014
                • Received: 1 December 2013
                Published in tissec Volume 18, Issue 1

                Permissions

                Request permissions about this article.

                Request Permissions

                Check for updates

                Qualifiers

                • research-article
                • Research
                • Refereed

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!