Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. Unlike physical cash, a digital token consists of a digital file that can be duplicated or falsified. As with counterfeit money, such double-spending leads to inflation by creating a new amount of copied currency that did not previously exist. This devalues the currency relative to other monetary units or goods and diminishes user trust as well as the circulation and retention of the currency. Fundamental cryptographic techniques to prevent double-spending, while preserving anonymity in a transaction, are blind signatures and, particularly in offline systems, secret splitting.
A double-spending attack is a potential attack against cryptocurrencies that has happened to several cryptocurrencies, e.g. due to the 51% attack. While it hasn't happened against many of the largest cryptocurrencies, such as Bitcoin (with even the capability arising for it in 2014), it has happened to one of its forks, Bitcoin Gold, then 26th largest cryptocurrency.
The prevention of double-spending attack has taken two general forms: centralized and decentralized.
This is usually implemented using an online central trusted third party that can verify whether a token has been spent. This normally represents a single point of failure from both availability and trust viewpoints.
In a decentralized system, the double-spending problem is significantly harder to solve. To avoid the need for a trusted third party, many servers must store identical up-to-date copies of a public transaction ledger, but as transactions (requests to spend money) are broadcast, they will arrive at each server at slightly different times. If two transactions attempt to spend the same tokens, each server will consider the first transaction it sees to be valid, and the other invalid. Once the servers disagree, there is no way to determine true balances, as each server's observations are considered equally valid.
The cryptocurrency bitcoin implemented a solution in early 2009. Its cryptographic protocol used a proof-of-work consensus mechanism where transactions are batched into blocks and chained together using a linked list of hash pointers (blockchain). Any server can produce a block by solving a computationally difficult puzzle (specifically finding a partial hash collision) called mining. The block commits to the entire history of bitcoin transactions as well as the new set of incoming transactions. The miner is rewarded some bitcoins for solving it.
The double-spending problem persists however, if two blocks (with conflicting transactions) are mined at the same approximate time. When servers inevitably disagree on the order of the two blocks, they each keep both blocks temporarily. As new blocks arrive, they must commit to one history or the other, and eventually a single chain will continue on, while the other(s) will not. Since the longest (more technically "heaviest") chain is considered to be the valid dataset, miners are incentivised to only build blocks on the longest chain they know about, in order for it to become part of that dataset (and for their reward to be valid).
Transactions in this system are therefore never technically "final" as a conflicting chain of blocks can always outgrow the current canonical chain, however as blocks are built on top of a transactions, it becomes increasingly unlikely/costly for another chain to overtake it.
Decentralized currencies that rely on blockchain are vulnerable to the 51% attack, in which a malicious actor can rewrite the ledger if they control enough of the computational work being done.
- The Double Spending Problem and Cryptocurrencies. Banking & Insurance Journal. Social Science Research Network (SSRN). Accessed 24 December 2017.
- Mark Ryan. "Digital Cash". School of Computer Science, University of Birmingham. Retrieved 2017-05-27.
- Jaap-Henk Hoepman (2008). "Distributed Double Spending Prevention". arXiv:0802.0832v1 [cs.CR].
- Osipkov, I.; Vasserman, E. Y.; Hopper, N.; Kim, Y. (2007). "Combating Double-Spending Using Cooperative P2P Systems". 27th International Conference on Distributed Computing Systems (ICDCS '07). p. 41. CiteSeerX 10.1.1.120.52. doi:10.1109/ICDCS.2007.91.
- Varshney, Neer (2018-05-24). "Why Proof-of-work isn't suitable for small cryptocurrencies". Hard Fork | The Next Web. Retrieved 2018-05-25.