With the recent update of the Bitcoin SV Node software, a solution was reinforced that would prevent an actor in the Bitcoin network from spending the same transaction twice, including reversing payments—commonly referred to as double-spending. Simple as it sounds, it is the very mechanism that now allows merchants and consumers to be reassured that their exchange of goods and services, of any size or value, can take place in good faith, in near real-time, and at the cost of a fraction of a penny.
Yet, with such attempts at fraud having occurred over the last few months, the question becomes: at what cost, and with what end?
What It Means for Businesses
For an attempt at fraud to be successful, the attacker would, among other things, have to continuously sustain control of the majority of network nodes, which include transactions in blocks that are added onto the blockchain. Crucially, a majority in any blockchain network is determined not by the number of network clients or users, but by economic power, or more specifically, the ability of network nodes to create valid blocks and to do so faster than others. Even more crucially, then, a block is no sooner considered settled, than it affords the network for one hundred blocks succeeding the block in question—known as the maturity period.
While a lot may happen between such blocks, for businesses, the story ends here: because even if the intended transaction does not make it onto the blockchain, it will do so eventually. In other words, it does not matter whether a transaction is included straight away or down the line, as long as the transfer of value and the order of transactions are kept in check. To do so, merchants or businesses use what is called simplified payment verification (SPV).
In a commercial scenario, such as presented by the purchase of a cup of coffee, SPV clients, forming part of integrated payment solutions, can check the integrity and live status of a submitted transaction by solely using the respective block header and obtaining the Merkle path of the transaction. Such clients are thus ‘lightweight’ in nature, and allow the instant validation of one’s own transactions. If the transaction doesn’t meet the respective criteria or desired output, relevant parties would be alerted, and the exchange may not take place. Simply put, no coffee for the attacker.
What If: Consequences of a Majority Attack
The best outcome an attacker could, in fact, hope for is to reverse the payment they themselves initiated, in a non-commercial scenario and at a cost that is vastly disproportionate to the benefit it would bring.
The key question lies in the economics of an attack. Making the crime too expensive will also make it unfeasible. Are you going to spend millions of dollars to try to recoup an amount spent on coffee?
Suppose we were dealing with more significant amounts, far beyond the threshold of US$10,000, which is typically associated with anti-money laundering (AML) requirements.
Here, it becomes important to understand that the security mechanism of any blockchain network stems not from the process of hashing or computing power itself, but from making it public, culminating in the announcement of a hash and the creation of a block. Because such processes are computationally intensive and expensive, it is the very mechanism that allows a node operator to signal their investment and skin in the game. And it is the same mechanism that allows law enforcement agencies to easily identify network nodes and ensure the compliance with rules and regulations. We have already begun to see relevant proceedings, including the seizure of proceeds of crime as enforced by Scotland Yard.
The case for a successful attack seems improbable in any commercial environment, or futile at best. To make matters worse for an attacker, things are going to get more difficult at scale: while clients’ widespread adoption of SPV locks in the protocol of the system, and protects their privacy by obscurity, more transactions and bigger blocks mean more specialised efforts by node operators, removing any potential anonymity with respect to nodes. At the same time, illicit transactions leave a trail of evidence that cannot be changed or deleted.
In addition to providing the latest reference software implementation to node operators of the BSV blockchain, nChain offers node operators and merchants two other tools for countering malicious behaviour: the Miner ID and Merchant API (mAPI) reference implementations. Miner ID, holding node operators accountable, enables network nodes to build their reputation and be trusted more easily among network clients. mAPI allows a secure communication channel between a network node and relevant parties for exchange queries and responses.
nChain provides direct and ready access to the benefits of blockchain technology through its technology platform Kensei, allowing government and enterprise clients to verify the status of relevant data and make unauthorised editing of data easily detectable.
Kensei allows governance, risk management, and compliance (GRC) professionals and organisations in the financial and gaming industries to benefit from data consistency offerings and gain reassurance that they have discharged their duties—without having to undertake complex blockchain development or build an in-house team of experts.