How consensus mechanism influence the transaction safety level?
Along with many industries are considering to accept cryptocurrency payment, especially on e-commerce business section. What should they must concern on choosing the crypto payment gateway? You may find this article is long and dull. But there are some important matters you should know about blockchain before selecting payment gateway.
Double spending means the digital asset is able to be spent twice. Anyone who know the loophole on the consensus mechanism of the network and with certain computation power on it is allow to attack. In fiat currency world we do not hear any double spending case. But in blockchain network it is not rare to happen.
In 2013, a user double-spent $9800 worth of Bitcoin through the payment service provider called OKPAY.
2013 年，用户通过名为 OKPAY 的支付服务提供商，双花了价值 9800 美元的比特币。
In May 2018, an unknown party with access to substantial amounts of hashpower was able to 51% attack Bitcoin Gold in order to pull of successful double-spend attacks against exchanges, worth approximately $17.5 million in total.
2018 年 5 月，一个拥有大量算力的匿名方，对比特币黄金进行 51% 的攻击，从而成功地对所发起总价值约为 1750 万美元双花攻击。
In June 2018, ZenCash was the target of a successful 51% attack with multiple double-spend transactions.
2018 年 6 月，ZenCash 成为51% 攻击的目标并多次成功双花交易。
In mid of 2020, the attacker tried to double-spend 465,444 ethereum classic (ETC), worth approximately $3.3 million, but only successfully double-spent 238,306 ETC, worth $1.68 million, according to the report.
2020年中，攻击者试图双花价值约330 万美元 的ETC，价值约330万美元，但仅成功双花价值2168万美元的ETC。
How does double spending attack happen?
Double spending attack is mostly happened by exploiting the transaction verification mechanism. As we know all transactions on blockchain network are required validation by validators / nodes. most of the common attack is by using the time of validation ‘s loophole.
Below are the different forms of double spending attack examples.
Race attack :
Attacker sends two transactions to the network at the same time, one transaction is sent to himself — Tx1, (in order to increase the success rate of the attack, he is gave higher network fee on the transaction), and one transaction is sent to the merchant Tx2. Since the transaction sent to himself is with a higher fee, the probability of being mined is relatively high. If the merchant lose the purchased product before the transaction confirmation. Due to Tx2 will be turned to be invalided after broadcast Tx1 block on the network. Which means the merchant can received any payment.
攻击者同时向网络发送两笔交易，一笔交易发送给自己-Tx1，（为了提高攻击的成功率，对交易给予较高的网络费用），并将一笔交易发送给商家 Tx2。由于交易发送给自己的费用较高，被挖矿的概率相对较高。如果商家在交易确认之前发送购买的产品将丢失。由于在网络上广播 Tx1 块后 Tx2 将变为无效。这意味着商家可以收到任何付款。
Alternative history attack
This attack has a chance to work even if the merchant waits for some confirmations, but requires relatively high hashrate and risk of significant expense in wasted electricity to the attacking miner.
The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining an alternative blockchain fork in which a fraudulent double-spending transaction is not included instead. After waiting for n confirmations, the merchant sends the product. If the attacker happened to find more than n blocks at honest chain, he releases his fork chain and regains his coins by the longest chain rules ; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the honest one. If he never manages to do this then the attack fails, the attacker has wasted a significant amount of electricity and the payment to the merchant will not be reversed.
攻击者向商家 / 网络提交向商家付款的交易，同时私下挖掘替代的支链，其中不包含欺诈性双花交易。等待交易n次确认后，商家发送产品。与此同时，攻击者不断的挖矿，打包交易，出块。支链上的交易都是真实的交易，并没有问题，只是少了它花费的交易。当这个支链的长度长于主链时，攻击者广播该支链。网络中的其他矿工，收到了这条支链，且发现该链长度更长。根据
When attackers are able to get 51% of the hashing power or more, they will be in a position to drive the longest chain by persuading the network nodes to follow their chain. Which mean attackers able by using their private fork chain which not include their transaction block to replace the honest chain.
After the replacement, merchants will found the transaction between with attacker was disappear.
当攻击者能够获得 51% 或更多的全网算力时，他们将能够通过说服网络节点跟随他们的链来驱动最长的链。这意味着攻击者可以更快的打包出块，最终允许创建一条更长的支链，从而利用
Above attacks are mostly target on the PoW and PoS consensus mechanism, In fact, PoS is more secure than PoW against those attacks. However, for the relatively small computing power network, PoS as the consensus algorithm are also vulnerable to 51% attacks especially at the initial stage.
以上攻击主要针对 PoW 和 PoS 共识机制，实际上 PoS 比 PoW 更安全。但是，对于算力相对较小的网络，PoS作为共识算法也容易受到51%的攻击，尤其是在初始阶段。
But PoS also facing other potential double spending attack such like:
但是 PoS 还面临其他潜在的双花攻击，例如
Long range attack:
Attacker goes back to the genesis block and forks their private chain which similar with 51% attack to make change on the honest chain completely (or partially) on the network. Different with 51% attack they are not required the hashing power but by collecting or purchase a stake accounts that were valid at a certain point in time at the past, so as to initiate the fork from an earlier point in time.
There have three possible methods to implemented the long range attack.
攻击者回到创世块并分叉他们的支链，这与 51% 攻击相似，以完全（或部分）在网络上对主链进行更改。与 51% 攻击不同，它们不需要算力，而是通过收集或购买过去某个时间点有效的权益账户，以便从更早的时间点发起分叉。
Simple: Attacker back to the genesis block then produce blocks ahead of time at same rate and forge timestamps. When the nodes do not take into consideration timestamps, both honest and private chain are valid. And none of node will discover the potential double spending risk.
When forging timestamps is no longer possible, Posterior Corruption” Is the other way to work on the double spending attack to PoS network is by using the retired validator account, Attacker will hack to get the private key of the retired validator or just simply operate with him to resign the block to the attacker ‘s fork chain to increase the chance won on the longest chain rules.
当伪造时间戳不再可能时，对 PoS 网络进行双花攻击的另一种方法是变节侵犯， 通过使用旧的验证人私钥签署以前的旧区块，支链验证人通过购买，纳贿或许破解的方法获得旧验证人的私钥，或只需简单地与他一起操作，将区块交给攻击者的支链，以增加在最长链规则下成功的机会。
Eurus network are designed to solve align the tradition e-commence environment with blockchain, the most we are concern is how to prevent the cheat payment transaction. And it is the result why we applied PoA and IBFT 2.0. algorithm, which is an environment where all validators can be trusted, accountability for actions is present and a reliable transactions throughput can be achieved fulfilling business needs while tolerating byzantine faults and securing system operability enhance.
Eurus 网络旨在解决传统电子商务环境与区块链的对接，我们最关心的是如何防止欺诈支付交易。这就是我们应用 PoA 和 IBFT 2.0 算法。IBFT 2.0算法是一个可以信任所有验证器的环境，存在对操作的责任，并且可以实现可靠的交易吞吐量，满足业务需求，同时容忍拜占庭故障和保护系统可操作性增强。
(Source: Enhancing the performance of the blockchain consensus algorithm using multithreading technology; Hossam Samy , Ashraf Tammam , Ahmed Fahmy, Bahaa Hasan)
Stay ahead for our latest updates. Follow Eurus on: