Double Spending - How To?

[rbscebu]

To keep this simple, let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone. I go into a coffee shop and buy using my bitcoin wallet. I understand that it is going to take about 5 to 10 minutes before the transaction is first registered on the Blockchain.

How can I then "double spend" my bitcoin?

[mexxer-2]

Double spending doesn't work as you need more than 2 confs for the btc to be credited in any shop, at any rate are you asking how to scam?

[rbscebu]

Double spending doesn't work as you need more than 2 confs for the btc to be credited in any shop, at any rate are you asking how to scam?

I am definitely not asking "how to scam". Knowing how it could be done gives one knowledge on how to minimise the risk if handing over goods before any confirmations are received.

The reason I am asking is because a coffee shop owner I am helping (gratis) to set up a system for accepting bitcoin as payment has asked me this. He is concerned that a bitcoin paying customer may "double spend" if he passes over goods before he has received at least one confirmation.

He does not want to have to keep the customer waiting until he has received at least one confirmation. An average sale would be less than USD10 but this is in a country where his shop staff get paid that for a full day's work.

[mexxer-2]

Double spending doesn't work as you need more than 2 confs for the btc to be credited in any shop, at any rate are you asking how to scam?

I am definitely not asking "how to scam". Knowing how it could be done gives one knowledge on how to minimise the risk if handing over goods before any confirmations are received.

The reason I am asking is because a coffee shop owner I am helping (gratis) to set up a system for accepting bitcoin as payment has asked me this. He is concerned that a bitcoin paying customer may "double spend" if he passes over goods before he has received at least one confirmation.

He does not want to have to keep the customer waiting until he has received at least one confirmation. An average sale would be less than USD10 but this is in a country where his shop staff get paid that for a full day's work.

So here is a simple answer to your question: https://bitcointalk.org/index.php?topic=231309.0
All in all double spending is a bit time consuming.
P.S: So the seller doesn't want to wait for 2 confs or can't wait because of customer pressure? I'm sure customers would understand that the seller needs to have 2 confs before handing out the good

[OnkelPaul]

Double spending means to create two transactions using the same output(s) from a previous transaction, and presenting one of these transactions to a seller as payment, while transferring the funds to another address using the other transaction. Only one of these transactions will eventually make it into the blockchain. If you want to scam the coffee shop, you'd need to control a substantial share of the mining pools so that you can get them to accept your second transaction after the first one has already propagatesd through the network.
There are basically two cases:
- you spend a small amount (for a coffee or a pretzel), and the seller accepts a zero-confirmation transaction (with sufficient fees) as "good enough", risking a small percentage of failed payments. In this case, the cost of doing a double spend far exceeds the possible gain in coffee or pretzels, even though determined crooks could probably pull this one off.
- you spend a large amount (for a house or a Lamborghini), and the seller will wait for 6 or more confirmations (which takes about one hour). Performing a double spend in such a situation requires you to control more than 50% of the mining power for a considerable time to effectively orphan the part of the chain that contains your first transaction and create an alternate blockchain that will be accepted by the rest of the bitcoin world. The cost of doing this far exceeds the value of a house or a Lamborghini, so this case, too, is economically infeasible. And in the case of the house, you can't simply drive away with the stolen goods...
One possible exception might be a trade that involves highly illegal stuff that both parties want to finalize very quickly. But if a drug dealer sells you drugs for several thousand bitcoins and accepts a zero-conf payment, I'm pretty convinced that he has means to find you after you've perfomed a double spend... For you as a buyer, this wouldn't be economically feasible either, and probably pretty painful.

Executive summary: Double spending does not work in reality (as has been discussed to death already)

Onkel Paul

[shorena]

Firstly the coffee shop owner should not wait for a confirmation as it can sometimes take longer than the time I need to drink a large coffee. I would not pay with bitcoin if I had to wait for a confirmation, unless I pay for a fancy car (THX OnkelPaul)

I think the question is how to defend against a double spend in this case and the answer is not as simple as you might like, assuming the owner wants to avoid using a service like bitpay. Most payment services will do one or more of the counter measures I present later.

Lets get some basic understand what we want to understand as a double spend here, how it works and what needs to be done for it to work.

A double spend would be if you create TX A, the shop owner sees the transaction, you get your coffee and any time later before TX A is confirmed you create another TX B that uses the same inputs as A and gets confirmed before A, thus making A invalid. The result is free coffee and possible problems with law enforcement and/or the owner the next time you try to buy a coffee at the same shop.

What do we need?
In order for this to work with a mobile phone you would need wallet software that allows you to set the fee for a transaction yourself. It must also be possible that you make the wallet forget about the transaction A and you have to be able to select individual inputs when creating a transaction. Alternatively you must ensure that you only have a single input you can spend.

How do we get it to work?
You create the transaction A with 0 fee and a low priority. 0 Fee is set via the wallet, low priority comes with either a high size in bytes, a lower amount of bitcoin used or a combination. E.g. a single input worth 1 BTC with 144 confirmations (~a day) should be easily confirmed without a fee because it has a high enough priority (aka the bitcoin day). Considering we talk about coffee it should be easy enough to set up an input for a coffee worth of bitcoin a few hours in advance. E.g. 0.05 with 12 (~2 hours) confirmations should have a low enough priority to require a fee to be confirmed fast.

Now that we are at the shop we broadcast this planned transaction to the shop owners address, the network propagates it and the shop owners wallet shows an unconfirmed transaction. we get coffee.

Here the owner can manually check the transaction (unlikely I know, but its possible) for fee, size (in bytes) and the size of the used inputs. Someone with a good knowledge about bitcoin could detect a possible double spend attempt right here and manually initiate counter measures (more about them later).

Lets assume the owner misses this or the person handling the wallet has no idea (usual case) about the finer details of bitcoin.

We can not enjoy our coffee though as now a race starts. We need to reset the wallet app on the phone to issue an competing transaction that pays a higher than normal fee. Why do we need to be fast? Because any node that already knows about TX A will reject the new TX B. Thus we have a small chance to reach a miner. The best thing we can hope for is that TX A is forgotten over time. Thus we rebroadcast TX B every 1-2 hours in the hopes that more and more nodes forgot about A and we finally reach a miner that does not know about TX A and finds a block. Due to our high fee B will be in the next block.

How can the shop owner defend against this?

Firstly, as you can see from what has to be done for a free stolen coffee, I would not worry. I suspect they have higher loss from fake bills or stolen credit cards. A bitcoin double spend is a race condition and with all the manipulations you can do to shift the odds in your favor its still highly likely to lose the race and have paid for the coffee anyway.

Now countermeasures:

#1 Rebroadcast TX A. If you keep rebroadcasting the transactions you receive (e.g. via a small script) you significantly reduce the chances for TX B to reach anyone. Transactions without fee and low priority can and will be confirmed over time. To ensure that TX A is known throughout the network is the best defense against a double spend. This is also the basis for #2, because it assume that A is known to miners.

#2 CPFP - child pays for parent. A transaction (e.g. A) that was received without fee can be used as input in another transaction (lets call it C) that pays a high fee. In order for C to get confirmed, A must be confirmed either in advance or in the same block. Some miners have implemented CPFP and will give A a higher priority for the next block based on the fee of C.

#3 Get buddy buddy with a mining pool. Some miners have a direct interface that allow you to directly send them a TX and they confirm it in the next block they find. No matter the fees, as long as its valid and not a double spend.

There are certainly more, but those are the major ones that came to me.

slightly Edited after reading OnkelPauls reply.

[Mickeyb]

You can tell your friend that he will be perfectly fine and safe accepting payments with zero confirmations for a cup of coffee or a cookie, or both which value is about $5. Nobody will go through the trouble to scam on a daily base and to double spend for a cup of coffee, that's ridiculous.

As explained above, this is doable but not easy. You need certain wallets, etc. And people who know how to do this will not waste time for such a small amounts anyways.

Of course, I would not let Lambo out of the door with 0 confirmations, I would wait 6, but a cup of coffee is no problem at all.

[ranochigo]

To keep this simple, let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone. I go into a coffee shop and buy using my bitcoin wallet. I understand that it is going to take about 5 to 10 minutes before the transaction is first registered on the Blockchain.

How can I then "double spend" my bitcoin?

In theory, double spending is possible but it is not feasible and it is quite hard for you. The reference client only relay the first transaction with input A it sees and ignores any other transaction that spends input A. In order to double spend the transaction, majority of the network would need to forget about your transaction for them to relay it or you must find a pool which can accept your double spend transaction into a block. Precautions can be made however, the merchant can connect to different geographical peers, ensure that the transaction is well propagated, includes a good fees-per-kilobyte and the inputs are already confirmed.

[Betwrong]

To keep this simple, let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone. I go into a coffee shop and buy using my bitcoin wallet. I understand that it is going to take about 5 to 10 minutes before the transaction is first registered on the Blockchain.

How can I then "double spend" my bitcoin?

You just can't. Satoshi Nakomoto took care of this. You may try though, but there were no successful double-spend in the whole history of BTC as far as I know.

[mexxer-2]

To keep this simple, let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone. I go into a coffee shop and buy using my bitcoin wallet. I understand that it is going to take about 5 to 10 minutes before the transaction is first registered on the Blockchain.

How can I then "double spend" my bitcoin?

You just can't. Satoshi Nakomoto took care of this. You may try though, but there were no successful double-spend in the whole history of BTC as far as I know.

There was one, you may have missed it: https://bitcointalk.org/index.php?topic=152348.0 and several double spends have happened when sellers gave the goods before at least 2 confs

[shorena]

To keep this simple, let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone. I go into a coffee shop and buy using my bitcoin wallet. I understand that it is going to take about 5 to 10 minutes before the transaction is first registered on the Blockchain.

How can I then "double spend" my bitcoin?

You just can't. Satoshi Nakomoto took care of this. You may try though, but there were no successful double-spend in the whole history of BTC as far as I know.

There was one, you may have missed it: https://bitcointalk.org/index.php?topic=152348.0 and several double spends have happened when sellers gave the goods before at least 2 confs

This the exact reason why I put a "what do we understand as double spend here" in my longer post above. A double spend on a confirmed transaction is almost impossible and only possible at all if you can either pull off an >50% attack or if the block (or even blocks) the confirmed the TX was orphaned for some reason (e.g. durring a fork).

This is even rarer than the unconfirmed double spend I think OP refers to.

[rbscebu]

Thank you all who have replied.

As I said previously, an average sale could be a day's pay for an average (Filipino) worker. Not an insignificant amount. The shop employee handling the transaction would have just a basic (Filipino) high school education. This would mean that he/she can do no more than follow basic instructions - if your lucky.

Neither the sales person or the customer are going to wait for even the first confirmation. The merchant (shop) cannot set or easily check the transaction fee. Let's assume that the customer makes the purchase with zero transaction fee. (I know, Bitcoin Wallet does not allow this.)

So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?

What is "another spend that uses the same inputs"?

[ranochigo]

Thank you all who have replied.

As I said previously, an average sale could be a day's pay for an average (Filipino) worker. Not an insignificant amount. The shop employee handling the transaction would have just a basic (Filipino) high school education. This would mean that he/she can do no more than follow basic instructions - if your lucky.

Neither the sales person or the customer are going to wait for even the first confirmation. The merchant (shop) cannot set or easily check the transaction fee. Let's assume that the customer makes the purchase with zero transaction fee. (I know, Bitcoin Wallet does not allow this.)

So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?

What is "another spend that uses the same inputs"?

Any Bitcoin wallet should allow 0 fees for transactions. Given that no POS is used, no insurance can be provided. To double spend his Bitcoin, he need a mining pool who uses RBF patch and another transaction spending the same input to another address with a higher fee. The pool would then accept the higher fee transaction. Alternatively, he can get a mining pool to mine the double spending transaction for him and the over transaction would be invalidated. If he's lucky and no pools want to accept it, assuming that it isn't rebroadcasted, he can craft another transaction and relay it to he network with a fee and the pools would accept it after the node has forgotten about the transaction or the pool has forgotten about it.

Another transaction spending the same input (UXTO) means that the alternate transaction would be spending the same input as the first transaction.

[Mickeyb]

Thank you all who have replied.

As I said previously, an average sale could be a day's pay for an average (Filipino) worker. Not an insignificant amount. The shop employee handling the transaction would have just a basic (Filipino) high school education. This would mean that he/she can do no more than follow basic instructions - if your lucky.

Neither the sales person or the customer are going to wait for even the first confirmation. The merchant (shop) cannot set or easily check the transaction fee. Let's assume that the customer makes the purchase with zero transaction fee. (I know, Bitcoin Wallet does not allow this.)

So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?

What is "another spend that uses the same inputs"?

Let me try and explain and somebody will correct me if I write anything wrong. The simplest double spend attack is called race attack. There are other more complicated double spend attacks but we don't need to talk about them at the moment.

So in the race attack buyer walks in in a coffee shop, buys a cup of coffee and pays with bitcoins. He walks out and gets on his computer immediately where he spends the same coins again, makes another transaction, but tries to broadcast them to more nodes than the first transaction which paid for the cup of coffee. Then he hopes that second, double spent transaction will get in a block before the first (real) transaction.

Don't ask how this is done because I don't know, I am not a scammer so I never initiated double spend. Once I did double spend my coins because I have forgotten to include a tx fee so my transaction was stuck. Then I sent the same coins again with go higher fee and this transaction got confirmed before the first one.

Now in order to do above you must have a computer. I am pretty sure that mobile wallets don't allow double spending. Also not all of the desktop wallets allow people to double spend, only some. And you have to know what you are doing very well. And even if you do it well, the block can come 1 minute after you paid your coffee in the coffee shop and not let you even try to double spend. That's why it's called a race attack, since you essentially are racing to get the second, fraudulent transaction confirmed before the first one. So yes, you have to be lucky as well, to do a successful double spend.

[DannyHamilton]

- snip -
let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone.
- snip -
How can I then "double spend" my bitcoin?

If the user is using properly written wallet software that includes a proper transaction fee, and isn't running any custom software of their own or colluding with anyone else, then they won't be able to "double spend" the bitcoin.  The transaction will confirm eventually, and the the shop owner has a larger risk of their employees simply giving free food to their friends and family.

- snip -
So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?

With zero transaction fee, there is a bit more risk that the transaction will never confirm (and that the customer will spend those bitcoins elsewhere either intentionally or accidentally).  There are some steps that the merchant can take to reduce his risk in this situation.

To start with, the merchant can make sure to use software that identifies when a high risk transaction has occurred (such as a transaction with no fee).  They can train their employees that if the software indicates a "high risk" transaction, then the customer must wait for 1 confirmation.  If the customer is unhappy about waiting, then they shouldn't send without a fee.  The can send a new transaction with a proper fee to receive their product immediately, and the merchant can use software that will refund the zero-fee transaction back to the customer.

Assuming that the merchant is unwilling (or unable) to train their employees to recognize and handle high risk transactions, they can use software that will pay the fee for the customer when the customer fails to include a fee.  The sofware would need to recognize that a transaction has been recieved without a fee, and would need to immediately re-spend that transaction and include a large enough fee on the new transaction.  This new transaction would provide incentive for miners to confirm both transactions at the same time (since the fee paying transaction can't be confirmed without the free transaction being confirmed).  The miners that have implemented "Child-Pays-For-Parent" in their transaction selection algorithms will then work to confirm both, so that the risk is significantly reduced.  The merchant can also use software that will re-braodcast transactions that they have received which have not been confirmed within a day or so.  This will prevent the transactions from being dropped from the memory pool of nodes before it confirms.  The merchant may need to write (or pay someone to write) some of this software.  I'm not sure how much of it already exists.

As for your question about "How does this customer "double spend" his/her bitcoin"...

Double spending they way you are thinking about it really comes down to the following scenario. It can be either intentional or if the transaction has no fee it can be accidental:

• Customer creates two transactions that spend the same bitcoins.
• One of those transactions is broadcast in such a way that the merchant receives a copy of it, but most miners either don't receive a copy or they ignore the copy they receive.
• The other transaction is broadcast in such a way that most miners receive a copy and attempt to confirm it, but the merchant either doesn't receive a copy or they ignore the copy they receive
• The first transaction pays the bitcoins to the merchant's address, so they think they've been paid
• The second transaction pays the bitcoins to an address controlled by the customer.
• One of the miners that are processing the second transaction confirms it before the first transaction becomes confirmed

In this situation, the second transaction becomes the "real" transaction (since it got confirmed), and the first transaction becomes invalid.

Properly written wallet software won't allow a user to do this, but nothing is preventing an attacer from writing their own software that attempts to connect directly to the merchant's wallet and send them the first transaction while simultaneously connecting directly to many mining pools and sending them the second transaction.

The merchant can further reduce their risk if they use software (which they may need to create or pay someone to create) that connects directly to (and only to) some of the largest mining pools, listens for any competing transactions, and alerts the employee immediately of the fraud attempt.

[spazzdla]

Thank you all who have replied.

As I said previously, an average sale could be a day's pay for an average (Filipino) worker. Not an insignificant amount. The shop employee handling the transaction would have just a basic (Filipino) high school education. This would mean that he/she can do no more than follow basic instructions - if your lucky.

Neither the sales person or the customer are going to wait for even the first confirmation. The merchant (shop) cannot set or easily check the transaction fee. Let's assume that the customer makes the purchase with zero transaction fee. (I know, Bitcoin Wallet does not allow this.)

So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?

What is "another spend that uses the same inputs"?

It's not as simple as you're expecting. 

Do you understand what the blockchain is?  That is the first question.

[CIYAM]

Bitcoin is not ready for "purchasing coffees" would be my answer.

Unfortunately it is actually quite simple to configure software to pay no fee at all and if the UTXOs are not old and the tx is small (and perhaps made up from many micro payments like most ad-sig posters wallets would likely do) then there is a good chance such a tx would not confirm before being actually dropped from the memory pool (restoring the funds to the purchaser - there are many topics created here about txs not confirmed after 2 days, etc.).

So you don't even need to "double spend" you just spend without enough fees to ever confirm!
(note that this will especially be true at times when people are purposely spam attacking the network to try and fill up blocks)

I guess the only chance for the vendor is if their Bitcoin payment processor identifies that the tx doesn't have enough of a fee to realistically confirm.

[pandacoin]

Since 51% attack too expensive for the coffe.
You can use; "Replace by Fee" https://bitcointalk.org/index.php?topic=179612.0

[UserVVIP]

I just say make the drink and do not give it to the custom until 1 conf.

If customer asks, just explain that you would like a conf. first, as anyone who uses bitcoin should at least understand why the shop owner would need a conf. in the first place.

[rbscebu]

The merchant, in this case, is hoping to just use an Android smartphone/tablet with say the Bitcoin Wallet ap installed to accept bitcoin payments. At the end of the day (or week) the merchant would use a Philippines bitcoin exchange to convert the received bitcoin into PHP and have it deposited directly into his bank account.

Initially, bitcoin sales are likely to be only one or two a month so capital outlay has to be kept very low. I can not see him investing even one centavo in anything more complicated.

From the replies that I have received in this thread, it looks like my response to the merchant's "double spend" concerns will be:

There is a very slight risk of a double spend, however you have a greater risk of one of your staff giving free food/coffee to their friend than you have of experiencing a double spend.

A double spend generally requires a customer to spend the exact same amount of bitcoin again within about 10 minutes of the first transaction and that second transaction must be confirmed on the blockchain ledger before the first transaction. None of this is easy to do in the current environment.

I need to keep my response fairly simple. Would this response be reasonable?