Earn FREE Crypto While You Learn

Learn Now

Security Blockchain Tech

Home > Articles > Double Spending Explained

Double Spending Explained

Intermediate Published Feb 17, 2020 Updated Jan 31, 2023 7m

What is double-spending?
Double-spending is a potential issue in a digital cash system where the same funds are sent to
two recipients at the same time. Without any adequate countermeasures, a protocol that doesn’t
resolve the problem is fundamentally undermined – users have no way to verify that the funds
they’ve received have not already been spent elsewhere.

When it comes to digital cash, ensuring that specific units can’t be duplicated is of paramount
importance. The entire system would be undermined if Alice could receive 10 units, copy-and-
paste them 10 times, and find herself in possession of 100 units. Similarly, such a scheme can’t

Explore our developer-friendly HTML to PDF API Printed using PDFCrowd HTML to PDF
work if she can send the same 10 units to both Bob and Carol simultaneously. So, for digital
money to function, there must be mechanisms in place to prevent this behavior.

How can double-spending be prevented?

The centralized approach

The centralized route is considerably easier to implement than decentralized alternatives. This
typically involves one overseer managing the system and controlling the issuance and
distribution of units. A good example of a centralized solution to the double-spend problem is
that of David Chaum’s eCash.

To issue users with a digital asset mimicking cash (capable of anonymous and peer-to-peer
exchange), a bank can use blind signatures – as detailed by cryptographer David Chaum in his
1982 paper Blind Signatures for Untraceable Payments.

In such a context, if a user (let’s call him Dan) wishes to receive $100 in digital cash, he is
required to inform the bank first. Provided he has the balance in his account, he will then
generate a random number (or many, for smaller denominations). Let’s suppose he produces five
numbers, each to be assigned a value of $20. To prevent the bank from tracking specific units,
Dan obfuscates the random numbers by adding a blinding factor to each one of them.

He then turns this data over to the bank, which debits his account for $100, and signs messages
certifying that each of the five pieces of information is redeemable for $20. Dan can now spend
the funds issued by the bank. He goes to Erin’s restaurant, and purchases a meal that costs him
$40.

Dan can remove the blinding factor to expose the random number associated with each digital
cash ”bill”, which serves as a unique identifier for each unit (much like a serial number). He
reveals two of these to Erin, who must now redeem them immediately with the bank to prevent
Dan from spending them with another merchant. The bank will check that the signatures are
valid, and if everything appears correct, it will credit Erin’s account with $40.

The bills used are now essentially burned, and more must be issued if Erin wishes to spend her
new balance in this same way.

The Chaumian eCash setup might be valuable for private transfers. But, it fails in resilience
because the bank is a central point of failure. A bill issued is worth nothing in itself, as its value is

Explore our developer-friendly HTML to PDF API Printed using PDFCrowd HTML to PDF
derived solely from the bank’s willingness to exchange it for dollars. Customers are at the mercy
of the bank, and must rely on its goodwill for money to function. This is precisely the problem that
cryptocurrency aims to remedy.

The decentralized approach

Ensuring that funds can’t be double-spent in an ecosystem with no overseer is more challenging.
Equally-powerful participants must coordinate around a set of rules that prevent fraud and
incentivize all users to act honestly.

The greatest innovation presented in the Bitcoin white paper was a solution to the double-
spending problem. Though not referenced as such, Satoshi proposed the data structure now
widely known as a blockchain.

A blockchain is really just a database with some unique properties. Participants on the network
(referred to as nodes) run specialized software, which enables them to synchronize their copy of
the database with their peers. The result is that the entirety of the network can audit the history
of transactions dating back to the genesis block. By having the blockchain viewable publicly, it’s
easy to detect and prevent fraudulent activity, such as transactions that try to double-spend.

When a user broadcasts a transaction, it is not immediately added to the blockchain – it must
first be included in a block through mining. As such, the recipient should only consider the
transaction valid after its block is added to the chain. Otherwise, they risk losing the funds, as the
sender could spend the same coins elsewhere.

Once the transaction is confirmed, the coins can’t be double-spent, as ownership is assigned to a
new user – and the entire network can verify this. It is for this reason that many recommend
waiting for multiple confirmations before accepting a payment as valid. Each subsequent block
drastically increases the amount of effort required to modify or rewrite the chain (which may
occur during a 51% attack).

Let’s revisit the restaurant scenario. Dan returns to the restaurant, and this time notices a Bitcoin
Accepted Here sticker on the window. He enjoyed the meal he had last time, so orders it again. It
costs him 0.005 BTC.

Erin presents him with a public address to which he must send the funds. Dan broadcasts the
transaction, which is essentially a signed message stating that the 0.005 BTC that were in Dan’s
possession are now in Erin’s. Without going into too much detail, anyone presented with Dan’s

Explore our developer-friendly HTML to PDF API Printed using PDFCrowd HTML to PDF
signed transaction can verify that he was indeed in possession of the coins, and therefore had the
authority to send them.

As mentioned, though, the transaction is only valid if included in a block that gets confirmed.
Accepting unconfirmed transactions is much like accepting the $40 in eCash from the previous
example, without immediately cashing it in with the bank – it allows the sender to spend it
elsewhere. So, it’s recommended that Erin waits for at least 6 block confirmations (roughly one
hour) before accepting Dan’s payment.

Double-spending in Bitcoin
Bitcoin is carefully designed to prevent double-spending attacks, at least when the protocol is
used as expected. That is, if individuals wait for transactions to be confirmed in a block, there is
no easy way for the sender to undo it. To do so, they would need to “reverse” the blockchain,
which requires an unrealistic amount of hashing power.

However, there are a handful of double-spending attacks that aim at parties that accept
unconfirmed transactions. For low-value purchases, for instance, a merchant may not want to
wait for transactions to be included in a block. A busy fast-food restaurant probably can’t afford
to stand by as the network processes every purchase. So, if a business enables “instant”
payments, they open themselves up to double-spends. Someone might order a burger, pay for it,
then immediately send the same funds to their own address. With a higher fee, this new
transaction is likely to be confirmed first, and will therefore invalidate the previous one.

There are three popular methods for performing a double-spend:

51% attacks: when a single entity or organization manages to control more than 50% of the
hash rate, which allows them to exclude or modify the ordering of transactions. Such an
attack is highly unlikely on Bitcoin, but has happened in other networks.

Race attacks: two conflicting transactions are broadcast in succession, using the same
funds – but only one transaction gets confirmed. The attacker's goal is to invalidate the
payment by only validating the transaction that benefits him (e.g., sending the same funds
to an address that he controls). Race attacks require the recipient to accept an unconfirmed
transaction as payment.

Finney attacks: an attacker pre-mines one transaction into a block without broadcasting it
to the network immediately. Instead, he spends the same coins in another transaction and
only then broadcasts his previously mined block, which may invalidate the payment. Finney

Explore our developer-friendly HTML to PDF API Printed using PDFCrowd HTML to PDF
 attacks require a specific sequence of events to occur and are also contingent on the
recipient’s acceptance of unconfirmed transactions.

As we can see, a merchant that waits for block confirmations will vastly reduce the risks of
becoming a victim of double-spends.

Closing thoughts
A double-spend allows a user to game an electronic cash system for financial gain, making use of
the same funds more than once. Traditionally, a lack of adequate solutions to the problem has
stood in the way of progress in the area.

Fortunately, however, the use of blind signatures proposed an interesting solution for centralized
financial schemes. Later, the creation of Proof of Work mechanisms and blockchain technology
gave birth to Bitcoin as a powerful form of decentralized money – which, in turn, inspired
thousands of other cryptocurrency projects.

Explore all of our content

Explore our developer-friendly HTML to PDF API Printed using PDFCrowd HTML to PDF