What is double spending?

Double spending is a potential problem in a digital money system where the same funds are sent to two recipients at the same time. In the absence of adequate countermeasures, a protocol that does not address the problem is fundamentally doomed to failure. Users have no way to verify that the funds they received have not already been spent elsewhere.

When it comes to digital money, it is essential to ensure that specific units cannot be duplicated. The entire system would be compromised if Alice could receive 10 units, copy and paste them 10 times, and end up with 100 units. Likewise, such a system cannot work if it can send the same 10 units to Bob and Carol simultaneously. For digital money to work, there must be mechanisms in place to prevent this behavior.


How to avoid double spending?

The centralized approach

The centralized approach is considerably easier to implement than decentralized alternatives. This usually involves a supervisor who manages the system and controls the issuance and distribution of units. A good example of a centralized solution to the double spending problem is David Chaum's eCash.

To issue users a digital asset imitating money (usable to conduct anonymous, peer-to-peer exchanges), a bank can use blind signatures, as detailed by cryptographer David Chaum in his 1982 paper Blind Signatures for Untraceable Payments .

In such a context, if a user (let's call him Dan) wants to receive 100 dollars in digital money, he must first inform the bank. If they have the balance in their account, they will then generate a random number (or several, for small denominations). Suppose he produces five numbers, each of which is assigned a value of $20. To prevent the bank from spotting specific units, Dan scrambles the random numbers by adding a blinding factor to each one.

He then gives this data to the bank, which debits his account for 100 dollars and signs messages certifying that each of the five coins is exchangeable for 20 dollars. Dan can now spend the funds issued by the bank. He goes to Erin's restaurant and buys a meal that costs him $40.

Dan can remove the blinding factor to expose the random number associated with each digital money “note,” which serves as a unique identifier for each unit (much like a serial number). He reveals two to Erin, who now must exchange them immediately with the bank to prevent Dan from spending them at another merchant. The bank will verify that the signatures are valid, and if everything looks good, they will credit Erin's account for $40.

The used tickets are now essentially useless, and more must be issued if Erin wishes to spend her new balance in the same way.

Chaumian's eCash system could be useful for private transfers. But it fails on resilience because the bank is a central point of failure. An issued note is worth nothing in itself, because its value comes solely from the bank's willingness to exchange it for dollars. Customers are at the mercy of the bank, and must rely on its goodwill for the money to work. This is precisely the problem that cryptocurrencies want to solve.


The decentralized approach

It is more difficult to ensure that funds cannot be spent twice in an ecosystem without an overseer. Equally powerful participants must coordinate around a set of rules that prevent fraud and incentivize all users to act honestly.

The biggest innovation presented in the Bitcoin white paper was a solution to the double spending problem. Although not mentioned as such, Satoshi proposed the data structure now known as blockchain.

A blockchain is actually just a database with certain unique properties. Network participants (called nodes) run specialized software, which allows them to synchronize their copy of the database with their peers. The result is that the entire network can check transaction history and trace it back to the genesis block. Because blockchain is publicly available, it is easy to detect and prevent fraudulent activity, such as transactions that attempt to double spend.

When a user broadcasts a transaction, it is not immediately added to the blockchain, it must first be included in a block through mining. Therefore, the recipient should only consider the transaction valid after their block is added to the chain. Otherwise, they risk losing the funds, as the sender could spend the same units elsewhere.

Once the transaction is confirmed, units cannot be spent twice, because ownership is assigned to a new user, and the entire network can verify this. It is for this reason that many recommend waiting for several confirmations before considering a payment as valid. Each subsequent block significantly increases the effort required to modify or rewrite the string (which can happen in a 51% attack).

Let’s return to the restaurant scenario. Dan returns to the restaurant, and this time, there is a Bitcoin Accepted sticker on the window. He enjoyed the meal he had last time, so he orders it again. It costs him 0.005 BTC.

Erin shows him a public address to which he should send the funds. Dan broadcasts the transaction, which is essentially a signed message stating that the 0.005 BTC that was in Dan's possession is now Erin's. Without much detail, anyone presented with Dan's signed transaction can verify that he was in fact in possession of the funds, and therefore had the authority to send them.

As mentioned, however, the transaction is only valid if it is included in a block that is confirmed. Accepting unconfirmed transactions is a bit like accepting the $40 in eCash from the previous example, without cashing it out immediately from the bank which allows the sender to spend it elsewhere in the meantime. It is therefore recommended that Erin waits at least 6 block confirmations (about an hour) before accepting payment from Dan.


Double spending and Bitcoin

Bitcoin is carefully designed to prevent double spending attacks, at least when the protocol is used as intended. That is, if people are waiting for transactions to be confirmed in a block, there is no easy way for the sender to cancel them. To do this, they would have to “invert” the blockchain, which requires an unrealistic amount of hashing power.

However, a handful of double-spend attacks target parties who accept unconfirmed transactions. For low-value purchases, for example, a trader may not want to wait for transactions to be included in a block. A busy fast food restaurant probably can't afford to wait for the network to process every purchase. So, if a business allows “instant” payments, it opens itself up to double spending. Someone can order a hamburger, pay for it, and then immediately send the same funds to their own address. With higher fees, this new transaction risks being confirmed first, and therefore invalidating the previous one.

There are three popular methods for double spending:

  • 51% attacks: When a single entity or organization gains control of more than 50% of the hash rate, allowing it to exclude or change the order of transactions. Such an attack is very unlikely on Bitcoin, but has occurred on other networks.

  • Race attacks: two conflicting transactions are broadcast in succession, using the same funds, but only one transaction is confirmed. The attacker's goal is to invalidate the payment by validating only the transaction that benefits them (for example, sending the same funds to an address they control). Race attacks force the recipient to accept an unconfirmed transaction as payment.

  • Finney attacks: an attacker premines a transaction in a block without immediately broadcasting it to the network. Instead, he spends the same coins in another transaction and broadcasts only his previously mined block, which may invalidate the payment. Finney attacks require a specific sequence of events and are also subject to the recipient accepting unconfirmed transactions.

As we can see, a merchant who waits for block confirmations will significantly reduce the chances of becoming a victim of double spending.


To conclude

Double spending allows a user to manipulate an electronic money system for their own purposes, using the same funds more than once. Traditionally, a lack of adequate solutions to the problem has prevented further progress.

Fortunately, however, the use of blind signatures offers an attractive solution for centralized financial systems. Later, the creation of proof-of-work mechanisms and blockchain technology gave rise to Bitcoin, a form of decentralized currency which, in turn, inspired thousands of other cryptocurrency projects.