Double spend proof just got real, a first implementation of proof-of-concept now exists as merge request to Flowee the Hub

2019-07-29T09:49:00.000Z Honest Cash

In Bitcoin Cash the miners and nodes use a 'first seen' principle of receiving transactions, which means that accepting unconfirmed transactions (aka instant transactions) is generally speaking safe as any double spend will be rejected by the entire network.

But when we actively try to attack a merchant, there still are cases where the double spend can be the one mined. And here is the important part, vendors never get notified of that person in their store trying to double spend.

The problem then is that an attacker may try to double spend a merchant with no detection if he fails, until he succeeds...

The solution we came up with is double-spend-proofs. A relatively small (constant size) message with actual proof that the spender signed two different transactions spending the money you were hoping to receive. An important part of this work was to make sure the original double spending transaction can not be reconstructed. So we don't make it easier for the double spend to propagate.

Double spend proofs have been an idea for years, with lots of people talking about it and we had some initial specs and even a conference about this last year.

So, the last weeks I sat down and actually did the design work and wrote the core code on how this is supposed to work as part of the Flowee central Hub.

You can see the pull request here and the spec is in progress here. Though naturally the spec will only be made useful after a successful test of the implementation has finished.

Who benefits?

The idea of a double spend proof is to inform people receiving funds. The design allows both full nodes and SPV wallets to receive this message and it can be cryptographically checked to make sure that the double spend proof is legit (people can't lie about someone else double spending funds).

The main point is that we don't expect miners to change what they mine based on this message (Avalanche can do that), this is purely to inform people receiving money that the payer tried to cheat them. And provide actual proof that justice could use to prosecute this person.

The point, therefor, is not to avoid the stealing, the point is to inform and protect the merchants. And thus lower the risk of accepting instant-transactions.

ps. this will not work on BTC, as we improved the signing method in BCH.