0

This is just to verify my understanding of Bitcoin double spend detection.

1) Use of UTXO indexes : This ensures that there as been no spend from that output (transferred to recipient in Block of height N) in any of the subsequent transactions, up till last confirmed Block in chain (from N till current height). So the binary search if UTXO indexes is necessarily done for all transactions, right?

2) A con could theoretically double spend by garnering enough (51%) computing power to generate longer blocks that don't include his first (legit) spend', and pay himself or partner with from same output (since smaller length with legit transaction would be rejected). But this is only a theoretical possibility. right?

2) A wait of 6 confirmed blocks is recommended for high value transactions, as it is less likely for your confirmed transaction to get dropped from chain after that, even if con has upto 10% computing power. right ?

RajCherla
  • 1

1 Answers1

1

  1. The Unspent Transaction Output (UTXO) set only includes valid transaction outputs that have not been spent yet. Once a TXO is used, it is removed from the UTXO set. So, to check if an output exists and is spendable, you see whether it is in the UTXO set.
    This actually makes discovering a double-spend attempt of "aged transactions" much easier than finding double-spend attempts in unconfirmed transactions.

  2. A majority attack is not only theoretical, unless you deem someone acquiring 51% of the hashing power a theoretical possibility. But it's really expensive and would probably disintegrate Bitcoin value, so one could argue that it is unlikely to happen.

  3. It puts the risk of reversal below 0.1% with an attacker that has 10% of the hashing power. Why is 6 the number of confirms that is considered secure?

Community
  • 1
Murch
  • 75,206
  • 34
  • 186
  • 622
  • thanks. Just a follow-up Q. In fork/longer length scenarios how far back can back-tracking be done, to discard shorter blocks? Is there a limit (imposed or settled to) ? – RajCherla Sep 02 '16 at 11:54
  • I don't think that there is a formal limit, but according to What is the longest blockchain fork that has been orphaned to date?, the longest natural reorganization was 4 blocks long (although the answer might be outdated now). There was a reorganization of 31 depth due to a bug that split the network once. – Murch Sep 02 '16 at 12:03
  • 51-attack is not extraordinary expensive. And it will happen when the profit (in fiat currency) will be more than expenses. Nobody would care about desintegrating crypto performing it :) – amaclin Sep 02 '16 at 14:51
  • 1
    amaclin: I disagree because it's against the interest of the major mining pools, so you'd have to compete with their hashpower. – Murch Sep 02 '16 at 15:00
  • A thought : Can the block chain be compacted by purging contiguous blocks from height 1 to N, having no transactions with unspent outputs. Replace N blocks with a single header Block. Maybe only miner nodes have complete block chain for and others get it if they want it. Saves space. Assumes there are no unused coins buried in the earlier blocks. – RajCherla Sep 02 '16 at 17:12
  • 1
    @RajCherla: What you're describing is called "Pruning mode" – Murch Sep 02 '16 at 17:57
  • Re-read Satoshi paper and it does cover pruning and role of Merkle Tree in it. – RajCherla Sep 03 '16 at 04:06