Double-spending prevention for Bitcoin zero-confirmation transactions

Zero-confirmation transactions, i.e. transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast payments are desirable in certain scenarios, for instance, when buying in vending machines, fast food restaurants, or withdrawing from an ATM. Despite being quickly propagated through the network, zero-confirmation transactions are not protected against double-spending attacks, since the double-spending protection Bitcoin offers relies on the blockchain and, by definition, such transactions are not yet included in it. In this paper, we propose a double-spending prevention mechanism for Bitcoin zero-confirmation transactions. Our proposal is based on exploiting the flexibility of the Bitcoin scripting language together with a well-known vulnerability of the ECDSA signature scheme to discourage attackers from performing such an attack

Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin

Bitcoin is a decentralized payment system that is based on Proof-of-Work. Bitcoin is currently gaining popularity as a digital currency; several businesses are starting to accept Bitcoin transactions. An example case of the growing use of Bitcoin was recently reported in the media; here, Bitcoins were used as a form of fast payment in a local fast-food restaurant. In this paper, we analyze the security of using Bitcoin for fast payments, where the time between the exchange of currency and goods is short (i.e., in the order of few seconds). We focus on double- spending attacks on fast payments and demonstrate that these attacks can be mounted at low cost on currently deployed versions of Bitcoin. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast transactions are not always effective in resisting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending attacks on Bitcoin will still be possible. Finally, we leverage on our findings and propose a lightweight countermeasure that enables the detection of double-spending attacks in fast transactions

Bitcoin Transaction Malleability and MtGox

In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox

Spending time with money: from shared values to social connectivity

This article has been made available through the Brunel Open Access Publishing Fund.There is a rapidly growing momentum driving the development of mobile payment systems for co-present interactions, using near-field communication on smartphones and contactless payment systems. The design (and marketing) imperative for this is to enable faster, simpler, effortless and secure transactions, yet our evidence shows that this focus on reducing transactional friction may ignore other important features around making payments. We draw from empirical data to consider user interactions around financial exchanges made on mobile phones. Our findings examine how the practices around making payments support people in making connections, to other people, to their communities, to the places they move through, to their environment, and to what they consume. While these social and community bonds shape the kinds of interactions that become possible, they also shape how users feel about, and act on, the values that they hold with their co-users. We draw implications for future payment systems that make use of community connections, build trust, leverage transactional latency, and generate opportunities for rich social interactions