MultiversX Tracker is Live!

Why does the longest chain rule make the most sense to deter double spending?

Bitcoin Stack Exchange

Bitcoin News / Bitcoin Stack Exchange 156 Views

What's exactly the double-spending problem? How does Bitcoin deal with it?

In one word: already-spent money should not magically come back to be spent yet again.

  1. You may already know that Bitcoin's ledger, called a blockchain, is public, which keeps track of the transacting history of all bitcoins ever existed, up to where it was initially generated. (in other words, "mined", in a special type of transaction, aka "coinbase transaction") Obviously we (actually, everyone - again, the blockchain ledger is public) can verify whether a miner is following rules, like, the rule which disallows generating arbitrary amount of new bitcoins out of thin air. Or in other words, everyone can validate the content of the blockchain ledger, from the genesis block to the latest chain tip. It's clear that every coin has its own origin.

  2. With the help of digital signature, we (same as above, everyone actually) can verify whether a transaction, which essentially transfers the ownership of coins (UTXOs), is valid.

  3. In the blockchain ledger, it's easy to spot an invalid transaction which spends a nonexistent coin, no matter it's already spent or just never existed at all. Practically full node software generally maintains a database called "UTXO set" which essentially stores the ownership of every currently existing bitcoin. Determining whether an UTXO exists in the UTXO set is almost instant. (There once were software bugs like CVE-2018-17144 which erroneously allows spending an already-spent coin once again, however it had been quickly fixed as soon as it was discovered and reported to the developers.)

Yes, blockchain data is gigantic - however full node software actually does not need to deal with old blocks at all, because, you just need to take good care of the UTXO set (which is just the "current balances"), instead of the whole gigantic history. A brand new full node does still needs to download and verify all blocks, but this only needs to happen for one time, after which the UTXO set will be established and kept up-to-date.

  1. Here we meet the real "double spending" problem. What if a malicious party creates an alternative (and dishonest) version of blockchain ledger, which includes the malicious/dishonest (but valid according to the consensus rules!) transaction which says "Alice paid 3 BTC to herself" (or other people - which is equivalent to the case that Alice paid herself because Alice still essentially "gets her already-spent money back to spend again"), but not the original/honest (also valid) transaction which says "Alice paid 3 BTC to Bob"? How does one tell which version of the blockchain ledger is the "correct" one? That's the real problem Bitcoin faces - instead of the trivial case mentioned above.

Here comes the alleged "longest chain rule"

  1. To address the problem mentioned above, Bitcoin just takes the simple and effective approach: choose the chain with the most accumulated proof-of-work (yes, actually it's not "the longest", that was a mistake even Satoshi Nakamoto himself had once made and then corrected) as the "correct" one.

  2. If every honest node follows the protocol to always find and follow the chain with the most accumulated work in their own view, they will finally converge to work on one single commonly accepted chain, which is the "consensus" to make Bitcoin actually exist.

Why Proof-of-Work

Just as the name suggests, mining a block has considerable costs in real world (which makes the miners think twice), which is also resistant to fakery. It's trivial to verify, as easy as calculate the hash (for only one time - while mining a new block requires billions of calculations) and count how many leading zeroes are there.

Why are the miners willing to do the boring transaction validation job? Why aren't miners themselves cheating (ignoring/breaking the rules)?

As a miner you have to invest considerable resource to mine a block. A miner is supposed to be "greedy" - make as much money with as little cost as possible. Then, as an individual miner what you faces is a prisoners' dilemma: although the transaction validation job is not hard, obviously not doing this at all takes even less effort, doesn't it? However, as a rational miner (who is also supposed to consist of just negligible part of bitcoin hashpower) you can almost certainly realize the fact that you cannot overwhelm the whole rest part of bitcoin hashpower (which is also not supposed to cooperate with you). If you as a negligible individual decide to skip the validation job (or even include invalid transactions on purpose), other miners who does this job will soon find invalidity in your block (if your block has any invalidity), then all your invested resources are now worth zero because other miners keep extending on valid blockchain, instead of your invalid one. After all, just as mentioned above, validating the blockchain ledger is not hard. Not only miners, but also users, can do this - just run a full node.

Are miners also verifying that the block that is solved is correct once it's solved?

  1. An honest miner extends only the valid most PoW chain in his view. In other words, he always make his best efforts to find such valid most PoW chain, all the time.

  2. Due to the "memoryless" nature of mining, it costs nothing to "give up work on previous base" - there's actually no "previous work" to give up.

  3. For him to win the reward of newly generated bitcoins (plus transaction fees collected within a block), he obviously does not need to verify the transactions which his new block will include over and over again. With the UTXO set he can instantly know whether a transaction is valid (rule-compliant) and then eligible for inclusion. In practice, full node software typically maintains a pool which contains such eligible (and valid of course) transactions, as known as "mempool".

  4. Actually the mining "rigs" don't have to deal with the full block data at all - all the validation job is supposed to be done by the mining pool (which is also a full node of Bitcoin network - also, in principle technically anyone can run a pool, however in reality running a public pool is also related to engineering and economics) already. All the included transactions finally yields a Merkle root in the block header, then the block header (which contains the nonce field) is theoretically the only thing the mining rigs needs to deal with. (In practice the nonce of Bitcoin block header quickly runs out, therefore the coinbase transaction is also fed to the "rig" machine.) However, on the other hand, this is also the long blamed (re)centralizing problem of Bitcoin in reality - after all, just as mentioned above, the mining rigs themselves do not validate (the whole) block, and, a miner who does not rely on his own full node also (blindly) trusts the public mining pool operators. To address (or relieve, at least) this problem, new mining protocols which enable the miners (who in reality trust/rely on public pool operators) to also validate blocks like StratumV2 have been proposed.

What if a malicious miner chooses to mine a "valid (rule-compliant) but dishonest" (double-spending) alternative chain, instead of an "invalid (rule-breaking) chain" which is always apparent & easy to spot?

Finally, we meet the real double-spending problem and the so-called 51% attack.

Since the dishonest chain is also compliant with rules, for any bystander who hasn't witnesses the whole genuine history (which is also not practical/possible due to reasons like network latency), it's hard/impossible to tell which chain should be the "correct" one.

However, with the most-accumulated-proof-of-work rule, at least the payee can choose to wait for more confirmations (how many later blocks has been appended to the block which includes the payment) to make his risks lower, as long as the supposed attacker does not control > 50% of all bitcoin hashpower. Just as the calculations in the Bitcoin whitepaper by Satoshi Nakamoto, the chance/probability for the double-spending attacker to succeed will drop dramatically as the confirmation number grows, as long as the attacker only controls < 50% of hashpower.

What if the double spending attack finally succeeds?

Technically, the payee obviously loses the payment he was originally supposed to gain - no new coins will be created out of thin air, of course.

However, there will be much more subtle implications once a double spending attack succeeds, which are hard to tell.


Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments