Bitcoin is a payment system that generates a decentralized digital currency without ensuring temporal constraints in its transactions; therefore, it is vulnerable to double-spending attacks. Karame has proposed a formalization for a successful double-spending attack based on meeting three requirements. This focuses on fast payment scenarios where the product is delivered immediately after the payment is announced in the mempool, without waiting for transaction confirmation. This scenario is key in Bitcoin to increase the probability of a successful double-spending attack. Different approaches have been proposed to mitigate these attacks by addressing one or more of Karame’s three requirements. These include the following: flooding every transaction without restrictions, introducing listeners/observers, avoiding isolation by blocking incoming connections, penalizing malicious users by revealing their identity, and using machine learning and bio-inspired techniques. However, to our knowledge, no proposal deterministically avoids double-spending attacks in fast payment scenarios. In this paper, we introduce DiFastBit: a distributed transaction differentiation scheme that shields Bitcoin from double-spending attacks in fast payment scenarios. To achieve this, we modeled Bitcoin from a distributed perspective of events and processes, reformulated Karame’s requirements based on Lamport’s happened-before relation (HBR), and introduced a new theorem that consolidates the reformulated requirements and establishes the necessary conditions for a successful attack on fast Bitcoin payments. Finally, we introduce the specifications for DiFastBit, formally prove its correctness, and analyze DiFastBit’s confirmation time.
Read full abstract