Irreversible Transactions: Difference between revisions
Add research on race attack double spending. |
Add sections for Attack vectors and Risk management. |
||
Line 5: | Line 5: | ||
Bitcoin has some exposure to fraudulent double-spending when a transaction is first made, with less and less risk as a transaction gains [[confirmation|confirmations]]. | Bitcoin has some exposure to fraudulent double-spending when a transaction is first made, with less and less risk as a transaction gains [[confirmation|confirmations]]. | ||
==Attack vectors== | |||
===Race attack=== | |||
Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring is there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. | |||
Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. | Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. | ||
Line 11: | Line 15: | ||
The [[research]] paper [http://eprint.iacr.org/2012/248.pdf Two Bitcoins at the Price of One] finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections<ref>[http://bitcointalk.org/index.php?topic=79090.msg881283#msg881283 BitcoinTalk Thread - Two Bitcoins at the Price of One]</ref>. | The [[research]] paper [http://eprint.iacr.org/2012/248.pdf Two Bitcoins at the Price of One] finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections<ref>[http://bitcointalk.org/index.php?topic=79090.msg881283#msg881283 BitcoinTalk Thread - Two Bitcoins at the Price of One]</ref>. | ||
===Finney attack=== | |||
Another attack the trader or merchant is exposed to when accepting payment on 0/unconfirmed. The Finney attack is a fraudulent double-spend that requires the participation of a miner once a block has been mined. The risk of a Finney attack cannot be eliminated regardless of the precautions taken by the merchant, but the participation of a miner is required and a specific sequence of events must occur. Thus the attack is not trivial nor inexpensive to perform and only makes sense for the attacker when the gains from the attack are significant. Just like with the race attack, a trader or merchant should consider the cost / benefit when accepting payment on just one confirmation when there is no recourse against the attacker. | |||
===Vector76 attack=== | |||
Also referred to as a one-confirmation attack, is a combination of the race attack and the Finney attack such that a transaction that even has one confirmation can still be dobule-spent. | |||
===51% attack=== | |||
A miner or cartel who controls more than fifty percent of the hashing capacity of the bitcoin mining network has the potential to fraudulently double-spend recent transactions. With majority of hashing power the attacker has the technical ability to mine blocks which do not include a previous spend transactions from the miner but instead include a double spend of the coin. With majority control the potential exists for this double spend even if the transaction had already seen confirmations as those blocks could be overtaken in the attack. | |||
The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack. | |||
==Risk management== | |||
There are third-party services to assist traders and merchants to help manage the risk or to insure against losses. | There are third-party services to assist traders and merchants to help manage the risk or to insure against losses. |
Revision as of 16:38, 18 June 2012
Double-spending is the result of successfully spending some money more than once. Bitcoin protects against double spending by verifying each transaction added to the block chain to ensure that the inputs for the transaction had not previously already been spent.
Other electronic systems prevent double-spending by having a master authoritative source that follows business rules for authorizing each transaction. Bitcoin uses a decentralized system, where a consensus among nodes following the same protocol is substituted for a central authority.
Bitcoin has some exposure to fraudulent double-spending when a transaction is first made, with less and less risk as a transaction gains confirmations.
Attack vectors
Race attack
Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring is there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.
Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.
The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections[1].
Finney attack
Another attack the trader or merchant is exposed to when accepting payment on 0/unconfirmed. The Finney attack is a fraudulent double-spend that requires the participation of a miner once a block has been mined. The risk of a Finney attack cannot be eliminated regardless of the precautions taken by the merchant, but the participation of a miner is required and a specific sequence of events must occur. Thus the attack is not trivial nor inexpensive to perform and only makes sense for the attacker when the gains from the attack are significant. Just like with the race attack, a trader or merchant should consider the cost / benefit when accepting payment on just one confirmation when there is no recourse against the attacker.
Vector76 attack
Also referred to as a one-confirmation attack, is a combination of the race attack and the Finney attack such that a transaction that even has one confirmation can still be dobule-spent.
51% attack
A miner or cartel who controls more than fifty percent of the hashing capacity of the bitcoin mining network has the potential to fraudulently double-spend recent transactions. With majority of hashing power the attacker has the technical ability to mine blocks which do not include a previous spend transactions from the miner but instead include a double spend of the coin. With majority control the potential exists for this double spend even if the transaction had already seen confirmations as those blocks could be overtaken in the attack.
The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack.
Risk management
There are third-party services to assist traders and merchants to help manage the risk or to insure against losses.