This page uses content from Wikipedia and is licensed under CC BY-SA.
Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. As with counterfeit money, such double-spending leads to inflation by creating a new amount of fraudulent currency that did not previously exist. This devalues the currency relative to other monetary units, and diminishes user trust as well as the circulation and retention of the currency. Fundamental cryptographic techniques to prevent double-spending while preserving anonymity in a transaction are blind signatures and particularly in offline systems, secret splitting.
The prevention of double-spending attack has taken two general forms: centralized and decentralized.
This is usually implemented using an online central trusted third party that can verify whether a token has been spent. This normally represents a single point of failure from both availability and trust viewpoints.
The cryptocurrency bitcoin implemented a solution in early 2009. It uses a cryptographic protocol called a proof-of-work system to avoid the need for a trusted third party to validate transactions. Instead, transactions are recorded in a public ledger called a blockchain. A transaction is considered valid when it is included in the blockchain that contains the most amount of computational work. This makes double-spending more difficult as the size of the overall network grows. Other cryptocurrencies also have similar features.
Decentralized currencies that rely on blockchain are vulnerable to the 51% attack, in which a malicious actor can rewrite the ledger if they control enough of the computational work being done. For example, one could theoretically spend cryptocurrency then erase the transaction so it appears it never happened. In May 2018 this double-spending technique was used against Bitcoin Gold, the 26th largest cryptocurrency, to defraud cryptocurrency exchanges of millions of dollars. In response, exchanges repeatedly raised the threshold needed to confirm a transaction, but the attacker had enough computing power to exceed those thresholds and continued double-spending for three days.
The network’s "nodes"—users running the bitcoin software on their computers—collectively check the integrity of other nodes to ensure that no one spends the same coins twice. All transactions are published on a shared public ledger, called the "block chain"