Publication Type

Journal Article

Version

acceptedVersion

Publication Date

6-2019

Abstract

In Bitcoin network, the distributed storage of multiple copies of the block chain opens up possibilities for doublespending, i.e., a payer issues two separate transactions to two different payees transferring the same coins. While Bitcoin has inherent security mechanism to prevent double-spending attacks, it requires a certain amount of time to detect the doublespending attacks after the transaction has been initiated. Therefore, it is impractical to protect the payees from suffering in double-spending attacks in fast payment scenarios where the time between the exchange of currency and goods or services is shorten to few seconds. Although we cannot prevent double-spending attacks immediately for fast payments, decentralized non-equivocation contracts have been proposed to penalize the malicious payer after the attacks have been detected. The basic idea of these contracts is that the payer locks some coins in a deposit when he initiates a transaction with the payee. If the payer double-spends, a cryptographic primitive called accountable assertions can be used to reveal his Bitcoin credentials for the deposit. Thus, the malicious payer could be penalized by the loss of deposit coins. However, such decentralized nonequivocation contracts are subjected to collusion attacks where the payer colludes with the beneficiary of the depoist and transfers the Bitcoin deposit back to himself when he double-spends, resulting in no penalties. On the other hand, even if the beneficiary behaves honestly, the victim payee cannot get any compensation directly from the deposit in the original design. To prevent such collusion attacks, we design fair time-locked deposits for Bitcoin transactions to defend against doublespending. The fair deposits ensure that the payer will be penalized by the loss of his deposit coins if he double-spends and the victim payee's loss will be compensated within a locked time period. We start with the protocols of making a deposit for one transaction. In particular, for the transaction with single input and output and the transaction with multiple inputs and outputs, we provide different designs of the deposits. We analyze the performance of deposits made for one transaction and show how the fair deposits work efficiently in Bitcoin. We also provide protocols of making a deposit for multiple transactions, which can reduce the burdens of a honest payer. In the end, we extend the fair deposits to non-equivocation contracts for other distributed systems.

Keywords

Time-locked, Collusion attacks, Bitcoin, Fair deposit, Double-spending

Discipline

Finance and Financial Management | Information Security

Research Areas

Cybersecurity

Publication

Journal of Computer Security

Volume

27

Issue

3

First Page

375

Last Page

403

ISSN

0926-227X

Identifier

10.3233/JCS-191274

Publisher

IOS Press

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.3233/JCS-191274

Share

COinS