The Double Spend flowchart

17 774
Avatar for TomZ
Written by
4 years ago

A double spend attack is where a person tries to steal from another person or merchant by creating two transactions, one that pays himself and the other that pays the merchant. The idea is that the attacker makes the merchant see the one for him and then tries to get the transaction paying him to be mined.

More details in a longer post about this here.

One myth I definitely want to get rid of is that it is possible, even theoretically, for there to be innovations which eliminate the double spend attack. I see a lot of people have been convinced that this is part of the Avalanche or similar pre-consensus ideas. The truth is that the double spend attack can not be eliminated, even theoretically, for the simple reason that the network is not going to be able to determine which of the two transactions is the right one. Is it the first seen? Not always, because it takes up to 3 seconds before all nodes have seen a transaction. Basic limitation of the speed of light. And you can make some nodes see one before the other based on this too.

A merchant that gets notified that a double-spend attack has been made on an actual withdrawal has to realize that there is an actual attempt to steal from him. This is a basic fact. And the question is how do you recover from this? Do you call the police? Sounds like a sane thing to do. At minimum you make clear that you never want to do business with the person again.

I mean, if you see someone pick your pockets, do you just walk away being happy you caught it and he failed? Or do you want to make clear to yourself and society that this is wrong and attempts to steal should not be just dismissed?

So, imagine you have a guy that tries to buy something. Your wallet states you just got a double-spend proof. Which includes cryptographic proof that the guy tried to steal from you. Do you continue with the transaction and try to complete it, or not?

Because if you don't want to continue that transaction, then you don't need preconsensus because you never actually hit that part of the flow-chart.

What would you do? Would you follow the red path in case of a double spend attack?

57
$ 11.38
$ 5.00 from @JonathanSilverblood
$ 1.82 from @TheRandomRewarder
$ 1.00 from @im_uname
+ 9
Avatar for TomZ
Written by
4 years ago

Comments

This seems wrong. How long should I wait for the ds proof?

$ 0.00
4 years ago

The wait is based on the propagation time of a transaction around the network. This is regularly tested and the empirical evidence is shared. You can probably find that if you look for it.

But to make it easy, I recall that the last suggested waiting time I read about is that if no DSP has appeared within 3 seconds, you are good.

$ 0.00
4 years ago

This is great!

$ 0.00
4 years ago

Nice bro.

$ 0.00
4 years ago

Great chart..now i got to know how it works..Thanks..

$ 0.00
4 years ago

This does assume that a double-spend proof can be constructed in time. In case of a miner bribe, the double spend will happen after you already left the store, and so the double-spend proof will be too late. In this case presence of a "preconsensus confirmation" will be better than absence of a double-spend proof.

$ 0.10
4 years ago

This does assume that a double-spend proof can be constructed in time.

Every single peer can construct it, and it doesn't take any significant amount of time.

In case of a miner bribe

Miner bribe? You mean a miner that includes the double spend in a modified client to hide the presence? Yeah, people sometimes bring this up, it is a neat theoretical idea that is really not as easy as you make it sound :) And, really, it is just technically possible. This possibility is not economically sound behavior for any miner.

So, when we talk about double spending we typically talk about the stuff that the double spend proof actually catches. Which is what is actually used in attacks.

$ 0.00
4 years ago

Keep sharing

$ 0.00
4 years ago

Nice article

$ 0.00
4 years ago

Great article. Keep it up.

$ 0.00
4 years ago

Nice article

$ 0.00
4 years ago

Nice article. Keep it up. And don't forget to subscribe my profile

$ 0.00
4 years ago

keep posting have a good day

$ 0.00
4 years ago

U have a better idea of how to use it and how to use it on to the use of the app day or next to the server or something like that or it is a bit different from the 3 on the phone at the moment 3 it's just the first

$ 0.00
4 years ago

I have no idea what is going to be in London but I think we need a lot more to get more peace and more than we have in the UK and 3 in a few days and I have 5 and a few people who are now in a few weeks to

$ 0.00
4 years ago