Ghassan O. Karame
Elli Androulaki
ABSTRACT
Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the order of few seconds). While the Bitcoin payment verification scheme is designed to prevent double-spending, our results show that the system requires tens of minutes to verify a transaction and is therefore inappropriate for fast payments. An example of this use of Bitcoin was recently reported in the media: Bitcoins were used as a form of \emph{fast} payment in a local fast-food restaurant. Until now, the security of fast Bitcoin payments has not been studied. In this paper, we analyze the security of using Bitcoin for fast payments. We show that, unless appropriate detection techniques are integrated in the current Bitcoin implementation, double-spending attacks on fast payments succeed with overwhelming probability and can be mounted at low cost. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast payments are not always effective in detecting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending attacks on Bitcoin will still be possible. Finally, we propose and implement a modification to the existing Bitcoin implementation that ensures the detection of double-spending attacks against fast payments.
- Bitcoin -- Wikipedia, Available from https://en.bitcoin.it/wiki/Introduction.Google Scholar
- Trade - Bitcoin, Available from https://en.bitcoin.it/wiki/Trade.Google Scholar
- Bitcoin Charts, Available from http://bitcoincharts.com/.Google Scholar
- Bitcoin ATM, Available from http://bitcoinatm.com/.Google Scholar
- CNN: Bitcoin's uncertain future as currency, Available from http://www.youtube.com/watch?v=75VaRGdzMM0.Google Scholar
- FAQ - Bitcoin, Available from https://en.bitcoin.it/wiki/FAQ.Google Scholar
- Double Spending Fast Payments in Bitcoin , Available from http://www.syssec.ethz.ch/research/Bitcoin.Google Scholar
- Bitcoin Block 80000, Available from http://blockexplorer.com/b/80000.Google Scholar
- Protocol Rules -- Bitcoin, Available from https://en.bitcoin.it/wiki/Protocol_rules.Google Scholar
- Protocol Specifications -- Bitcoin, Available from https://en.bitcoin.it/wiki/Protocol_specification.Google Scholar
- Difficulty -- Bitcoin, Available from https://en.bitcoin.it/wiki/Difficulty.Google Scholar
- Block hashing algorithm -- Bitcoin, Availabe from https://en.bitcoin.it/wiki/Block_hashing_algorithm.Google Scholar
- Myths - Bitcoin, Available from https://en.bitcoin.it/wiki/Myths#Point_of_sale_with_bitcoins_isn.27t_po%ssible_because_of_the_10_minute_wait_for_confirmation.Google Scholar
- Casascius Bitcoin POS system, Available from https://en.bitcoin.it/wiki/Casascius_Bitcoin_POS_system.Google Scholar
- Satoshi Client Node Connectivity, Available from https://en.bitcoin.it/wiki/Satoshi_Client_Node_Connectivity.Google Scholar
- Bitcoin Block Explorer, Available from http://blockexplorer.com/.Google Scholar
- The Finney Attack, Available from https://en.bitcoin.it/wiki/Weaknesses#The_.22Finney.22_attack.Google Scholar
- Comparison of Mining Pools, Available from https://en.bitcoin.it/wiki/Comparison_of_mining_pools.Google Scholar
- Comparison of Mining Hardware, Available from https://en.bitcoin.it/wiki/Mining_hardware_comparison.Google Scholar
- Bitcoin Gateway, A Peer-to-peer Bitcoin Vault and Payment Network, 2011. Available from http://arimaa.com/bitcoin/.Google Scholar
- Bitcoin: Tempering the Digital Ring of Gyges or Implausible Pecuniary Privacy, 2011. Available from http://ssrn.com/abstract=1937769 or doi:10.2139/ssrn.1937769.Google Scholar
- Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, 2009.Google Scholar
- Androulaki, E., Raykova, M., Stavrou, A., and Bellovin, S. M. PAR: Payment for Anonymous Routing. In Proceedings of PETS (2008). Google ScholarDigital Library
- Asokan, N., Janson, P., Steiner, M., and Waidner, M. State of the Art in Electronic Payment Systems. IEEE Computer (1999). Google ScholarDigital Library
- Babaioff, M., Dobzinski, S., Oren, S., and Zohar, A. On Bitcoin and Red Balloons. CoRR (2011).Google Scholar
- Barber, S., Boyen, X., Shi, E., and Uzun, E. Bitter to Better - How to Make Bitcoin a Better Currency. In Proceedings of Financial Cryptography and Data Security (2012).Google ScholarCross Ref
- Belenkiy, M., Chase, M., Erway, C., Jannotti, J., Küpçü, A., Lysyanskaya, A., and Rachlin, E. Making P2P Accountable without Losing Privacy. In Proceedings of WPES (2007). Google ScholarDigital Library
- Bellare, M., Garay, J., Hauser, R., Krawczyk, H., Steiner, M., Herzberg, A., Tsudik, G., van Herreweghen, E., and Waidner, M. Design, Implementation and Deployment of the iKP Secure Electronic Payment System. IEEE Journal on Selected Areas in Communications (2000). Google ScholarDigital Library
- Camenisch, J., Hohenberger, S., and Lysyanskaya, A. Compact E-Cash. In Proceedings of Advances in Cryptology - EUROCRYPT (2005). Google ScholarDigital Library
- Chaum, D., Fiat, A., and Naor, M. Untraceable electronic cash. In Proceedings on Advances in Cryptology - CRYPTO (1990). Google ScholarDigital Library
- Clark, J., and Essex, A. (Short Paper) CommitCoin: Carbon Dating Commitments with Bitcoin. In Proceedings of Financial Cryptography and Data Security (2012).Google ScholarCross Ref
- Everaere, P., Simplot-Ryl, I., and Traore, I. Double Spending Protection for E-Cash Based on Risk Management. In Proceedings of Information Security Conference (2010). Google ScholarDigital Library
- Karame, G., Francillon, A., andvCapkun, S. Pay as you Browse: Microcomputations as Micropayments in Web-based Services. In Proceedings of WWW (2011). Google ScholarDigital Library
- Krawczyk, H. Blinding of Credit Card Numbers in the SET Protocol. In Proceedings of the International Conference on Financial Cryptography (1999). Google ScholarDigital Library
- Reid, F., and Harrigan, M. An Analysis of Anonymity in the Bitcoin System. CoRR (2011).Google Scholar
- Rivest, R. Peppercoin Micropayments. In Proceedings of Financial Cryptography (2004).Google Scholar
- Yang, B., and Garcia-Molina, H. PPay: micropayments for peer-to-peer systems. In Proceedings of the ACM Conference on Computer and Communication Security (2003). Google ScholarDigital Library
Index Terms
- Double-spending fast payments in bitcoin
Recommendations
Double-spending prevention for Bitcoin zero-confirmation transactions
Zero-confirmation transactions, i.e. transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast ...
Misbehavior in Bitcoin: A Study of Double-Spending and Accountability
Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to resist double-spending through a distributed timestamping service. To ensure the operation and security of Bitcoin, it is essential that all transactions and their order of ...
Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityBitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity. While Bitcoin requires clients to be online to perform transactions and a certain amount of time to verify them, there are many real ...
Comments