tholenst (OP)
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 05, 2013, 06:35:22 PM |
|
Dear All,
I was thinking about an approach to prevent double spending, and I think I found approach which I wondered about. The approach assumes that the miners are not trying to double spend. Nevertheless, I think the approach makes double spending attacks much harder.
I want to set up a system with one goal in mind: If a user tries to double spend, then *both* transaction will land in the blockchain in a special way, which makes the user lose money. As a side goal: the vendor should get his money even if the user tries to double spend.
More concretely, one could do this as follows: one would allow a new transaction format, in which each outgoing address gets two amounts; a "normal amount", and a "double spending amount". Such a transaction would be considered valid only under two conditions: (1) there are exactly two outgoing addresses, (2) the fee implied by the "double spending amounts" is *more* than two times the fee implied by the normal amounts. A miner can then include a transaction T in this new format in two different ways into a block.
(A) Like a normal transaction, in which case the transaction is processed as normal; the amounts will be the "normal amount"s.
(B) As a special "double spent transaction". In order to do this, the miner has to include another transaction T', which is not executed, but only serves as a proof that the creator of the transaction tried to double spend the money. Transaction T must be a transaction of the above kind here, but T' can be any transaction.
In such a case, the transactions in T are executed with the "double spending amount". If there is money remaining, then it is split in 2 equal parts (up to some fixed rounding). Half goes to the miner, half goes to the address containing the *smallest* output in "normal amount" in T'. We will see in a moment why.
Suppose now a vendor V with address <V> wants to accept bitcoins from a buyer B with address <B>. Suppose B wants to pay "val" to V, and add transaction fee "fee". Given a transaction, the vendor will watch the network for a few seconds, and check for double spendings. Then, the vendor accepts transaction T if it looks as follows:
(1) An incoming amount of I, I >= 3*val + 3*fee (2) Two outgoing adresses; one is <V>, and another one, call it <B'>. There are no other outgoing addresses or entries. (3) The "normal amount" and the "double spending amount" to <V> are exactly equal to val. (4) The "normal amount" to <B'> is strictly bigger than val (5) The "double spending amount" to <B'> is at most I - 3*val - 2*fee
In case a miner sees an attempt at double spending, he is supposed to do the following. First, pick the transaction Tmax with highest fee in the double spending values. Second, take as a proof of double spending the first alternative transaction Tfirst seen. Then, publish these two transactions, Tmax with proof Tfirst. Note that the system is set up such that this gives the miner the maximum profit.
Suppose now that V accepts transaction T which a user tried to double spend, creating transactions T, T1, T2,... I claim that if transaction T was the first one sawn by the miner, then V gets the money.
(A) Transaction T is processed as normal (B) Transaction Ti is processed as normal (C) Transaction T is a double spent transaction, Ti its proof (D) Transaction Ti is a double spent transaction, T its proof
In case the miner uses (A), he gets fee. In case he uses (C), he gets at least val+fee, because the difference between the left over part in the double spending amounts of T is at least 2*val+2*fee. Thus, we can assume that he uses (B) or (D) only if he gets also at least 2*val+2*fee. Since (D) is always more valuable to the miner than (B) -- otherwise the transaction Ti isn't valid -- he will use (A), (D), or (C), in which case V gets his money.
There is another case: Ti could be a transaction in old style format. In this case, the miner cannot use (D). So it might be advantageous for the miner to use (B), and V will not get his money -- however, B still spends at least val+fee in fees, so this should not happen too often (the vendor might want to increase the gap in T somewhat so that B spends even more).
There would still be the issue what to do when some miners try to help double spending; this isn't trivial and might be a real problem, but still I think the system would be an improvement already: right now, a double spending attack is something I can run on my own, however, I don't have the computational power to do serious mining -- and besides, if I did I wouldn't try to cheat vendors for US$20. Also, maybe one can do something about that.
tl;dr Why not make transactions which have two values for each outgoing address, where the second one can only be used if the user tried to double spend?
|