Title: Making double spending economically unattractive Post by: tholenst on May 05, 2013, 06:35:22 PM Dear All,
I was thinking about an approach to prevent double spending, and I think I found approach which I wondered about. The approach assumes that the miners are not trying to double spend. Nevertheless, I think the approach makes double spending attacks much harder. I want to set up a system with one goal in mind: If a user tries to double spend, then *both* transaction will land in the blockchain in a special way, which makes the user lose money. As a side goal: the vendor should get his money even if the user tries to double spend. More concretely, one could do this as follows: one would allow a new transaction format, in which each outgoing address gets two amounts; a "normal amount", and a "double spending amount". Such a transaction would be considered valid only under two conditions: (1) there are exactly two outgoing addresses, (2) the fee implied by the "double spending amounts" is *more* than two times the fee implied by the normal amounts. A miner can then include a transaction T in this new format in two different ways into a block. (A) Like a normal transaction, in which case the transaction is processed as normal; the amounts will be the "normal amount"s. (B) As a special "double spent transaction". In order to do this, the miner has to include another transaction T', which is not executed, but only serves as a proof that the creator of the transaction tried to double spend the money. Transaction T must be a transaction of the above kind here, but T' can be any transaction. In such a case, the transactions in T are executed with the "double spending amount". If there is money remaining, then it is split in 2 equal parts (up to some fixed rounding). Half goes to the miner, half goes to the address containing the *smallest* output in "normal amount" in T'. We will see in a moment why. Suppose now a vendor V with address <V> wants to accept bitcoins from a buyer B with address <B>. Suppose B wants to pay "val" to V, and add transaction fee "fee". Given a transaction, the vendor will watch the network for a few seconds, and check for double spendings. Then, the vendor accepts transaction T if it looks as follows: (1) An incoming amount of I, I >= 3*val + 3*fee (2) Two outgoing adresses; one is <V>, and another one, call it <B'>. There are no other outgoing addresses or entries. (3) The "normal amount" and the "double spending amount" to <V> are exactly equal to val. (4) The "normal amount" to <B'> is strictly bigger than val (5) The "double spending amount" to <B'> is at most I - 3*val - 2*fee In case a miner sees an attempt at double spending, he is supposed to do the following. First, pick the transaction Tmax with highest fee in the double spending values. Second, take as a proof of double spending the first alternative transaction Tfirst seen. Then, publish these two transactions, Tmax with proof Tfirst. Note that the system is set up such that this gives the miner the maximum profit. Suppose now that V accepts transaction T which a user tried to double spend, creating transactions T, T1, T2,... I claim that if transaction T was the first one sawn by the miner, then V gets the money. (A) Transaction T is processed as normal (B) Transaction Ti is processed as normal (C) Transaction T is a double spent transaction, Ti its proof (D) Transaction Ti is a double spent transaction, T its proof In case the miner uses (A), he gets fee. In case he uses (C), he gets at least val+fee, because the difference between the left over part in the double spending amounts of T is at least 2*val+2*fee. Thus, we can assume that he uses (B) or (D) only if he gets also at least 2*val+2*fee. Since (D) is always more valuable to the miner than (B) -- otherwise the transaction Ti isn't valid -- he will use (A), (D), or (C), in which case V gets his money. There is another case: Ti could be a transaction in old style format. In this case, the miner cannot use (D). So it might be advantageous for the miner to use (B), and V will not get his money -- however, B still spends at least val+fee in fees, so this should not happen too often (the vendor might want to increase the gap in T somewhat so that B spends even more). There would still be the issue what to do when some miners try to help double spending; this isn't trivial and might be a real problem, but still I think the system would be an improvement already: right now, a double spending attack is something I can run on my own, however, I don't have the computational power to do serious mining -- and besides, if I did I wouldn't try to cheat vendors for US$20. Also, maybe one can do something about that. tl;dr Why not make transactions which have two values for each outgoing address, where the second one can only be used if the user tried to double spend? Title: Re: Making double spending economically unattractive Post by: bukaj on May 05, 2013, 06:44:26 PM There are no users in bitcoin - only addressees and I'm not sure that all double spend attempts are malicious. Isn't it possible to attempt double spend during blockchain fork under "normal usage" - not willingly?
Title: Re: Making double spending economically unattractive Post by: tholenst on May 06, 2013, 05:21:21 AM There are no users in bitcoin - only addressees By "users" I simply mean people who use the system. While you cannot know what user knows what address, and not every address maps to a single user, nevertheless there are people using it. and I'm not sure that all double spend attempts are malicious. Isn't it possible to attempt double spend during blockchain fork under "normal usage" - not willingly? The old transactions would still be there, there would just be one more transaction type. Essentially, the idea allows you to say: "I promise not to double spend the input of this transaction. If you catch me doing it, please pay this large fee to the miner." Title: Re: Making double spending economically unattractive Post by: drawingthesun on May 06, 2013, 06:26:52 AM Is this an idea for a alternative coin or something? I only ask this because the amount of double spends under normal circumstances is zero. I think the only real double spend happened during the blockchain fork.
I might be wrong but Bitcoin is not suffering from any double spend issues and the developers are best focusing their efforts into fixing real problems with Bitcoin. However if your idea can be incorporated into a alternative coin that did not require massive amounts of useless work to support the security of the network, then you might be onto something... Title: Re: Making double spending economically unattractive Post by: tholenst on May 06, 2013, 09:32:26 PM Is this an idea for a alternative coin or something? I only ask this because the amount of double spends under normal circumstances is zero. I think the only real double spend happened during the blockchain fork. I wasn't thinking too much about alt coins: the idea was that currently we're telling people they cannot use bitcoins for immediate transactions, and I just wondered whether anything can be done about that. I might be wrong but Bitcoin is not suffering from any double spend issues and the developers are best focusing their efforts into fixing real problems with Bitcoin. However if your idea can be incorporated into a alternative coin that did not require massive amounts of useless work to support the security of the network, then you might be onto something... I think we should keep in mind that if double spending becomes an actual problem one might do something about it. An alternative coin for studying it would be interesting, but I personally don't plan to implement one now. Title: Re: Making double spending economically unattractive Post by: tholenst on November 07, 2013, 06:10:37 PM The following is an improvement on the above idea; the description here is self contained.
If I now want to double spend A, I will lose 100 BTC to the miners. |