Double-spending fast payments in bitcoin

Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the order of few seconds). While the Bitcoin payment verification scheme is designed to prevent double-spending, our results show that the system requires tens of minutes to verify a transaction and is therefore inappropriate for fast payments. An example of this use of Bitcoin was recently reported in the media: Bitcoins were used as a form of \emph{fast} payment in a local fast-food restaurant. Until now, the security of fast Bitcoin payments has not been studied. In this paper, we analyze the security of using Bitcoin for fast payments. We show that, unless appropriate detection techniques are integrated in the current Bitcoin implementation, double-spending attacks on fast payments succeed with overwhelming probability and can be mounted at low cost. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast payments are not always effective in detecting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending attacks on Bitcoin will still be possible. Finally, we propose and implement a modification to the existing Bitcoin implementation that ensures the detection of double-spending attacks against fast payments.

[1]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[2]  Philippe A. Janson,et al.  The State of the Art in Electronic Payment Systems , 1997, Computer.

[3]  Hugo Krawczyk Blinding of Credit Card Numbers in the SET Protocol , 1999, Financial Cryptography.

[4]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Hector Garcia-Molina,et al.  PPay: micropayments for peer-to-peer systems , 2003, CCS '03.

[6]  Ronald L. Rivest,et al.  Peppercoin Micropayments , 2004, Financial Cryptography.

[7]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[8]  Alptekin Küpçü,et al.  Making p2p accountable without losing privacy , 2007, WPES '07.

[9]  Angelos Stavrou,et al.  PAR: Payment for Anonymous Routing , 2008, Privacy Enhancing Technologies.

[10]  Issa Traoré,et al.  Double Spending Protection for E-Cash Based on Risk Management , 2010, ISC.

[11]  Moshe Babaioff,et al.  On Bitcoin and red balloons , 2011, SECO.

[12]  Jeremy Clark,et al.  (Short Paper) CommitCoin: Carbon Dating Commitments with Bitcoin ? , 2011 .

[13]  Matthew K. Elias Bitcoin: Tempering the Digital Ring of Gyges or Implausible Pecuniary Privacy , 2011 .

[14]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[15]  Ghassan O. Karame,et al.  Pay as you browse: microcomputations as micropayments in web-based services , 2011, WWW.

[16]  Elaine Shi,et al.  Bitter to Better - How to Make Bitcoin a Better Currency , 2012, Financial Cryptography.

[17]  Ghassan O. Karame,et al.  Double-Spending Fast Payments in Bitcoin due to Client versions 0.8.1 , 2013 .