Double-spending prevention for Bitcoin zero-confirmation transactions

Zero-confirmation transactions, i.e. transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast payments are desirable in certain scenarios, for instance, when buying in vending machines, fast food restaurants, or withdrawing from an ATM. Despite being quickly propagated through the network, zero-confirmation transactions are not protected against double-spending attacks, since the double-spending protection Bitcoin offers relies on the blockchain and, by definition, such transactions are not yet included in it. In this paper, we propose a double-spending prevention mechanism for Bitcoin zero-confirmation transactions. Our proposal is based on exploiting the flexibility of the Bitcoin scripting language together with a well-known vulnerability of the ECDSA signature scheme to discourage attackers from performing such an attack.

[1]  Alex Biryukov,et al.  Deanonymisation of Clients in Bitcoin P2P Network , 2014, CCS.

[2]  Christian Decker,et al.  Have a snack, pay with Bitcoins , 2013, IEEE P2P 2013 Proceedings.

[3]  Andreas M. Antonopoulos,et al.  Mastering Bitcoin: Unlocking Digital Crypto-Currencies , 2014 .

[4]  Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security , 2014, CCS.

[5]  Tauseef Ibne Mamun,et al.  Android Security Vulnerabilities Due to User Unawareness and Frameworks for Overcoming Those Vulnerabilities , 2016 .

[6]  Alex Biryukov,et al.  Bitcoin over Tor isn't a Good Idea , 2014, 2015 IEEE Symposium on Security and Privacy.

[7]  Ghassan O. Karame,et al.  Misbehavior in Bitcoin: A Study of Double-Spending and Accountability , 2015, TSEC.

[8]  Mihir Bellare,et al.  "Pseudo-Random" Number Generation Within Cryptographic Algorithms: The DDS Case , 1997, CRYPTO.

[9]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[10]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[13]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[14]  Andrew Miller,et al.  Instantaneous Decentralized Poker , 2017, ASIACRYPT.

[15]  George Danezis,et al.  Proceedings of the 2012 ACM conference on Computer and communications security , 2012, CCS 2012.

[16]  Thomas Pornin Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) , 2013, RFC.

[17]  Ryan Stanley-Oakes Financial Cryptography and Data Security , 2016, Lecture Notes in Computer Science.

[18]  Ghassan O. Karame,et al.  Double-spending fast payments in bitcoin , 2012, CCS.

[19]  Jeremy Clark,et al.  CommitCoin: Carbon Dating Commitments with Bitcoin , 2011, IACR Cryptol. ePrint Arch..

[20]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .