UNIT -1

Introduction to Cryptography: Need of Cryptography, Traditional and Modern techniques,

Hash function, Distributed Hash Table, Digital Signatures, Symmetric and Asymmetric Key
Cryptography, Zero Knowledge Proof, Double Spending problem.

Cryptography is technique of securing information and communications through use of

codes so that only those people for whom the information is intended can understand it and
process it. Thus, preventing unauthorized access to information. The prefix “crypt” means
“hidden” and suffix graphy means “writing”. In Cryptography the techniques which are use to
protect information are obtained from mathematical concepts and a set of rule-based
calculations known as algorithms to convert messages in ways that make it hard to decode it.
These algorithms are used for cryptographic key generation, digital signing, verification to
protect data privacy, web browsing on internet and to protect confidential transactions such as
credit card and debit card transactions.

Techniques used For Cryptography: In today’s age of computers cryptography is

often associated with the process where an ordinary plain text is converted to cipher text
which is the text made such that intended receiver of the text can only decode it and
hence this process is known as encryption. The process of conversion of cipher text to
plain text this is known as decryption.

Features Of Cryptography are as follows:

1. Confidentiality: Information can only be accessed by the person for whom it
is intended and no other person except him can access it.
2. Integrity: Information cannot be modified in storage or transition between
sender and intended receiver without any addition to information being
detected.
3. Non-repudiation: The creator/sender of information cannot deny his
intention to send information at later stage.
 4. Authentication: The identities of sender and receiver are confirmed. As well
as destination/origin of information is confirmed.

Types Of Cryptography: In general, there are three types of cryptography:

1. Symmetric Key Cryptography: It is an encryption system where the sender

and receiver of message use a single common key to encrypt and decrypt
messages. Symmetric Key Systems are faster and simpler but the problem is
that sender and receiver have to somehow exchange key in a secure manner.
The most popular symmetric key cryptography system is Data Encryption
System (DES).

2. Hash Functions: There is no usage of any key in this algorithm. A hash

value with fixed length is calculated as per the plain text which makes it
impossible for contents of plain text to be recovered. Many operating systems
use hash functions to encrypt passwords.
 3. Asymmetric Key Cryptography: Under this system a pair of keys is used to
encrypt and decrypt information. A public key is used for encryption and a
private key is used for decryption. Public key and Private Key are different.
Even if the public key is known by everyone the intended receiver can only
decode it because he alone knows the private key.

Applications Of Cryptography:
1. Computer passwords
2. Digital Currencies
3. Secure web browsing
4. Electronic Signatures
5. Authentication
6. Cryptocurrencies
7. End-to-end encryption
Symmetric Key Cryptography

Symmetric key cryptography is a type of encryption scheme in which the similar key is used
both to encrypt and decrypt messages. Such an approach of encoding data has been largely used
in the previous decades to facilitate secret communication between governments and militaries.

Symmetric-key cryptography is called a shared-key, secret-key, single-key, one-key and

eventually private-key cryptography. With this form of cryptography, it is clear that the key
should be known to both the sender and the receiver that the shared. The complexity with this
approach is the distribution of the key.

Symmetric key cryptography schemes are usually categorized such as stream ciphers or block
ciphers.

Stream ciphers work on a single bit (byte or computer word) at a time and execute some form
of feedback structure so that the key is repeatedly changing.

A block cipher is so-called because the scheme encrypts one block of information at a time
utilizing the same key on each block. In general, the same plaintext block will continually
encrypt to the same ciphertext when using the similar key in a block cipher whereas the same
plaintext will encrypt to different ciphertext in a stream cipher.

Block ciphers can operate in one of several modes which are as follows −

 Electronic Codebook (ECB) mode is the simplest application and the shared key
can be used to encrypt the plaintext block to form a ciphertext block. There are
two identical plaintext blocks will always create the same ciphertext block.
Although this is the most common mode of block ciphers, it is affected to multiple
brute-force attacks.
 Cipher Block Chaining (CBC) mode insert a feedback structure to the
encryption scheme. In CBC, the plaintext is exclusively-ORed (XORed) with the
prior ciphertext block prior to encryption. In this mode, there are two identical
blocks of plaintext not encrypt to the similar ciphertext.
  Cipher Feedback (CFB) mode is a block cipher implementation as a self-
synchronizing stream cipher. CFB mode enable data to be encrypted in units lower
than the block size, which can be beneficial in some applications including
encrypting interactive terminal input. If it is using 1-byte CFB mode.
Each incoming character is located into a shift register the similar size as the
block, encrypted, and the block transmitted. At the receiving side, the ciphertext is
decrypted and the more bits in the block are discarded.
 Output Feedback (OFB) mode is a block cipher implementation conceptually
same to a synchronous stream cipher. OFB avoids the similar plaintext block from
making the same ciphertext block by using an internal feedback structure that is
independent of both the plaintext and ciphertext bitstreams.

Cryptographic Hash Function :

Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.
Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function −
  Features of Hash Functions
The typical features of hash functions are −
 Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length to a fixed length. This
process is often referred to as hashing the data.
o In general, the hash is much smaller than the input data, hence hash
functions are sometimes called compression functions.
o Since a hash is a smaller representation of a larger data, it is also
referred to as a digest.
o Hash function with n bit output is referred to as an n-bit hash
function. Popular hash functions generate values between 160 and
512 bits.
 Efficiency of Operation
o Generally for any hash function h with input x, computation of h(x)
is a fast operation.
o Computationally hash functions are much faster than a symmetric
encryption.
  Properties of Hash Functions
In order to be an effective cryptographic tool, the hash function is desired to possess following
properties −
 Pre-Image Resistance
o This property means that it should be computationally hard to
reverse a hash function.
o In other words, if a hash function h produced a hash value z, then it
should be a difficult process to find any input value x that hashes to
z.
o This property protects against an attacker who only has a hash value
and is trying to find the input.
 Second Pre-Image Resistance
o This property means given an input and its hash, it should be hard
to find a different input with the same hash.
o In other words, if a hash function h for an input x produces hash
value h(x), then it should be difficult to find any other input value y
such that h(y) = h(x).
o This property of hash function protects against an attacker who has
an input value and its hash, and wants to substitute different value
as legitimate value in place of original input value.
 Collision Resistance
o This property means it should be hard to find two different inputs of
any length that result in the same hash. This property is also
referred to as collision free hash function.
o In other words, for a hash function h, it is hard to find any two
different inputs x and y such that h(x) = h(y).
o Since, hash function is compressing function with fixed hash length,
it is impossible for a hash function not to have collisions. This
property of collision free only confirms that these collisions should
be hard to find.
 o This property makes it very difficult for an attacker to find two
input values with the same hash.
o Also, if a hash function is collision-resistant then it is second pre-
image resistant.
 Design of Hashing Algorithms
At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of
data to create a hash code. This hash function forms the part of the hashing algorithm.
The size of each data block varies depending on the algorithm. Typically the block sizes are from
128 bits to 512 bits. The following illustration demonstrates hash function −

Hashing algorithm involves rounds of above hash function like a block cipher. Each round takes
an input of a fixed size, typically a combination of the most recent message block and the output
of the last round.
This process is repeated for as many rounds as are required to hash the entire message.
Schematic of hashing algorithm is depicted in the following illustration −

Since, the hash value of first message block becomes an input to the second hash operation,
output of which alters the result of the third operation, and so on. This effect, known as
an avalanche effect of hashing.
Avalanche effect results in substantially different hash values for two messages that differ by
even a single bit of data.
Understand the difference between hash function and algorithm correctly. The hash function
generates a hash code by operating on two blocks of fixed-length binary data.
Hashing algorithm is a process for using the hash function, specifying how the message will be
broken up and how the results from previous message blocks are chained together.
 Popular Hash Functions
Let us briefly see some popular hash functions −
Message Digest (MD)
MD5 was most popular and widely used hash function for quite some years.
 The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was
adopted as Internet Standard RFC 1321. It is a 128-bit hash function.
 MD5 digests have been widely used in the software world to provide assurance
about integrity of transferred file. For example, file servers often provide a pre-
computed MD5 checksum for the files, so that a user can compare the checksum
of the downloaded file to it.
 In 2004, collisions were found in MD5. An analytical attack was reported to be
successful only in an hour by using computer cluster. This collision attack resulted
in compromised MD5 and hence it is no longer recommended for use.
Secure Hash Function (SHA)
Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though
from same family, there are structurally different.
 The original version is SHA-0, a 160-bit hash function, was published by the
National Institute of Standards and Technology (NIST) in 1993. It had few
weaknesses and did not become very popular. Later in 1995, SHA-1 was designed
to correct alleged weaknesses of SHA-0.
 SHA-1 is the most widely used of the existing SHA hash functions. It is employed
in several widely used applications and protocols including Secure Socket Layer
(SSL) security.
 In 2005, a method was found for uncovering collisions for SHA-1 within practical
time frame making long-term employability of SHA-1 doubtful.
  SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and
SHA-512 depending up on number of bits in their hash value. No successful
attacks have yet been reported on SHA-2 hash function.
 Though SHA-2 is a strong hash function. Though significantly different, its basic
design is still follows design of SHA-1. Hence, NIST called for new competitive
hash function designs.
 In October 2012, the NIST chose the Keccak algorithm as the new SHA-3
standard. Keccak offers many benefits, such as efficient performance and good
resistance for attacks.
RIPEMD
The RIPEMD is an acronym for RACE Integrity Primitives Evaluation Message Digest. This set
of hash functions was designed by open research community and generally known as a family of
European hash functions.
 The set includes RIPEMD, RIPEMD-128, and RIPEMD-160. There also exist
256, and 320-bit versions of this algorithm.
 Original RIPEMD (128 bit) is based upon the design principles used in MD4 and
found to provide questionable security. RIPEMD 128-bit version came as a quick
fix replacement to overcome vulnerabilities on the original RIPEMD.
 RIPEMD-160 is an improved version and the most widely used version in the
family. The 256 and 320-bit versions reduce the chance of accidental collision, but
do not have higher levels of security as compared to RIPEMD-128 and RIPEMD-
160 respectively.
Whirlpool
This is a 512-bit hash function.
 It is derived from the modified version of Advanced Encryption Standard (AES).
One of the designer was Vincent Rijmen, a co-creator of the AES.
 Three versions of Whirlpool have been released; namely WHIRLPOOL-0,
WHIRLPOOL-T, and WHIRLPOOL.
Properties Of Cryptography Hash Function
The ideal cryptographic hash function has the following main properties:

1. Deterministic: This means that the same message always results in the same hash.
2. Quick: It is quick to compute the hash value for any given message.
3. Avalanche Effect: This means that every minor change in the message results in a
major change in the hash value.
4. One-Way Function: You cannot reverse the cryptographic hash function to get to
the data.
5. Collision Resistance: It is infeasible to find two different messages that produce
the same hash value.
6. Non Predictable: The hash value shouldn’t be predictable from the given string and
vice versa.
Cracking Hash
We often hear the term Cracking a Hash, there are a couple of ways to do that:

 Find an algorithm to generate a collision between two hashes. The more advance the
algorithm is, the more difficult it is to crack the hash.
 Another way is to find an algorithm to identify a unique and different input that will
produce a given hash. It is similar to a collision, but instead of colliding, we are
focusing on finding the input using an algorithm.
 Some common hashes we still use today that are considered “cracked” from a
cryptographic point of view are MD5(Message-Digest Algorithm) and SHA-
1(Secure Hash Algorithm 1). Keep in mind that these are technically broken Hashes
and never use for your security purposes.

 Applications of Hash Functions

There are two direct applications of hash function based on its cryptographic properties.
Password Storage
Hash functions provide protection to password storage.
 Instead of storing password in clear, mostly all logon processes store the hash
values of passwords in the file.
  The Password file consists of a table of pairs which are in the form (user id, h(P)).
 The process of logon is depicted in the following illustration −

 An intruder can only see the hashes of passwords, even if he accessed the
password. He can neither logon using hash nor can he derive the password from
hash value since hash function possesses the property of pre-image resistance.

Data Integrity Check

Data integrity check is a most common application of the hash functions. It is used to generate
the checksums on data files. This application provides assurance to the user about correctness of
the data.
The process is depicted in the following illustration −
The integrity check helps the user to detect any changes made to original file. It however, does
not provide any assurance about originality. The attacker, instead of modifying file data, can
change the entire file and compute all together new hash and send to the receiver. This integrity
check application is useful only if the user is sure about the originality of file.

 Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity
of a message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures, which

assure that the message was sent by a particular sender. While performing digital
transactions authenticity and integrity should be assured, otherwise, the data can be
altered or someone can also act as if he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms like email
programs create a one-way hash of the electronic data which is to be signed.
The signing algorithm then encrypts the hash value using the private key (signature
key). This encrypted hash along with other information like the hashing algorithm is
the digital signature. This digital signature is appended with the data and sent to the
verifier. The reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a much shorter
fixed-length value. This saves time as now instead of signing a long message a
shorter hash value has to be signed and moreover hashing is much faster than
signing.
 3. Signature Verification Algorithms: Verifier receives Digital Signature along with
the data. It then uses Verification algorithm to process on the digital signature and
the public key (verification key) and generates some value. It also applies the same
hash function on the received data and generates a hash value. Then the hash value
and the output of the verification algorithm are compared. If they both are equal,
then the digital signature is valid else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the message and then
message digest is encrypted using private key of sender to form the digital
signature. (digital signature = encryption (private key of sender, message digest)
and message digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital
signature is transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This
assures authenticity, as only sender has his private key so only sender can encrypt
using his private key which can thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual message
is sent with the digital signature).
6. The message digest computed by receiver and the message digest (got by
decryption on digital signature) need to be same for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from hash
value of the message is very difficult.
Benefits of Digital Signatures
 Legal documents and contracts: Digital signatures are legally binding. This makes
them ideal for any legal document that requires a signature authenticated by one or
more parties and guarantees that the record has not been altered.
 Sales contracts: Digital signing of contracts and sales contracts authenticates the
identity of the seller and the buyer, and both parties can be sure that the signatures
are legally binding and that the terms of the agreement have not been changed.
 Financial Documents: Finance departments digitally sign invoices so customers
can trust that the payment request is from the right seller, not from a bad actor
trying to trick the buyer into sending payments to a fraudulent account.
 Health Data: In the healthcare industry, privacy is paramount for both patient
records and research data. Digital signatures ensure that this confidential
information was not modified when it was transmitted between the consenting
parties.
 Federal, state, and local government agencies have stricter policies and regulations
than many private sector companies. From approving permits to stamping them on a
timesheet, digital signatures can optimize productivity by ensuring the right person
is involved with the proper approvals.
 Shipping Documents: Helps manufacturers avoid costly shipping errors by
ensuring cargo manifests or bills of lading are always correct. However, physical
 papers are cumbersome, not always easily accessible during transport, and can be
lost. By digitally signing shipping documents, the sender and recipient can quickly
access a file, check that the signature is up to date, and ensure that no tampering has
occurred.

 Zero Knowledge Proof

Zero Knowledge Proof (ZKP) is an encryption scheme originally proposed by MIT

researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff in the 1980s.
Zero-knowledge protocols are probabilistic assessments, which means they don’t prove
something with as much certainty as simply revealing the entire information would. They
provide unlinkable information that can together show the validity of the assertion is probable.

Currently, a website takes the user password as an input and then compares its hash to the
stored hash. Similarly, a bank requires your credit score to provide you the loan leaving your
privacy and information leak risk at the mercy of the host servers. If ZKP can be utilized, the
client’s password is unknown them to verifier and the login can still be authenticated. Before
ZKP, we always questioned the legitimacy of the prover or the soundness of the proof system,
but ZKP questions the morality of the verifier. What if the verifier tries to leak the
information?
Example-1: A Colour-blind friend and Two balls :

There are two friends Sachin and Sanchita, out of whom Sanchita is colour blind. Sachin has
two balls and he needs to prove that both the balls our of different colour. Sanchita switches
the balls randomly behind her back and shows it to Sachin who has to tell if the balls are
switched or not. If the balls are of the same colour and Sachin had given false information, the
probability of him answering correctly is 50%. When the activity is repeated several times, the
probability of Sachin giving the correct answer with the false information is significantly low.
Here Sachin is the “prover” and Sanchita is the “verifier”. Colour is the absolute information
or the algorithm to be executed, and it is proved of its soundness without revealing the
information that is the colour to the verifier.

Example-2: Finding Waldo :

Finding Waldo is a game where you have to find a person called Waldo from a snapshot of a
huge crowd taken from above. Sachin has an algorithm to find Waldo but he doesn’t want to
reveal it to Sanchita. Sanchita wants to buy the algorithm but would need to check if the
algorithm is working. Sachin cuts a small hole on a cardboard and places over Waldo. Sachin
is the “prover” and Sanchita is the “verifier”. The algorithm is proved with zero knowledge
about it.
Properties of Zero Knowledge Proof :

 Zero-Knowledge –
If the statement is true, the verifier will not know that the statement or was. Here
statement can be an absolute value or an algorithm.

 Completeness –
If the statement is true then an honest verifier can be convinced eventually.

 Soundness –
If the prover is dishonest, they can’t convince the verifier of the soundness of the
proof.

Types of Zero Knowledge Proof :

1. Interactive Zero Knowledge Proof –

It requires the verifier to constantly ask a series of questions about the “knowledge”
the prover possess. The above example of finding Waldo is interactive since the
“prover” did a series of actions to prove the about the soundness of the knowledge
to the verifier.

2. Non-Interactive Zero Knowledge Proof –

For “interactive” solution to work, both the verifier and the prover needed to be
online at the same time making it difficult to scale up on the real world application.
Non-interactive Zero-Knowledge Proof do not require an interactive process,
avoiding the possibility of collusion. It requires picking a hash function to randomly
pick the challenge by the verifier. In 1986, Fiat and Shamir invented the Fiat-
 Shamir heuristic and successfully changed the interactive zero-knowledge proof to
non-interactive zero knowledge proof.

 What is Double Spending in Blockchain?

Blockchain is a list of blocks. Each block comprises some information associated with some
hash. Blockchain is used nowadays widely for transactions. It is an immutable, distributed, and
decentralized ledger. The working of Blockchain is as follows. Suppose a user wants to make
a transaction. A block is created and sent to other users. Users validate the block and the
transaction gets executed. The block is added and the users get incentives.

Understanding Double Spending

Although Blockchain is secured, still it has some loopholes. Hackers or malicious users take
advantage of these loopholes to perform their activities.

 Double spending means the expenditure of the same digital currency twice or more
to avail the multiple services. It is a technical flaw that allows users to duplicate
money.
 Since digital currencies are nothing but files, a malicious user can create multiple
copies of the same currency file and can use it in multiple places.
 This issue can also occur if there is an alteration in the network or copies of the
currency are only used and not the original one.
 There are also double spends that allow hackers to reverse transactions so that
transaction happens two times.
 By doing this, the user loses money two times one for the fake block created by the
hacker and for the original block as well.
 The hacker gets incentives as well for the fake blocks that have been mined and
confirmed.

How Does Double Spending Happen?

Double spending can never arise physically. It can happen in online transactions. This mostly
occurs when there is no authority to verify the transaction. It can also happen if the user’s
wallet is not secured. Suppose a user wants to avail of services from Merchant ‘A’ and
Merchant ‘B’.

 The user first made a digital transaction with Merchant ‘A’.

 The copy of the cryptocurrency is stored on the user’s computer.
 So the user uses the same cryptocurrency to pay Merchant ‘B’
 Now both the merchants have the illusion that the money has been credited since
the transactions were not confirmed by the miners.
This is the case of double spending.

Example: Suppose a user has 1 BTC. He/She wants to avail of services from merchant A and
merchant B. The user creates multiple copies of the same BTC and stores it. The user first
sends the original BTC to Merchant A and gets the service. Simultaneously, the user sends the
copied version of 1 BTC to Merchant B. Since the second transaction was not confirmed by
other miners, the merchant accepts the bitcoin and sends the service. But the cryptocurrency
that was sent is invalid. This is the case of Double Spending.
Types Of Double Spending Attacks

There are different types of Double Spending attacks:

 Finney Attack: Finney Attack is a type of Double spending Attack. In this, a

merchant accepts an unauthorized transaction. The original block is eclipsed by the
hacker using an eclipse attack. The transaction is performed on an unauthorized
one. After that, the real block shows up and again the transaction is done
automatically for the real block. Thus the merchant loses money two times.
 Race attack: is an attack in which there is a ‘race’ between two transactions. The
attacker sends the same money using different machines to two different merchants.
The merchants send their goods but transactions get invalid.
 51% Attack: This type of attack is prevalent in small blockchains. Hackers usually
take over 51% of the mining power of blockchain and therefore can do anything of
their own will.

How Bitcoin Handles Double Spending?

Bitcoin is one of the most popular blockchains. To combat Double spending it uses some
security measures. There are two types of examples of double spending in BTC.

1. The first case is making duplicates of the same bitcoin and sending it to multiple
users.
2. The second case is performing the transaction and reversing the already sent
transaction after getting the service.
To tackle these double-spending issues, some security measures are taken. They are:

 Validation: Validation of transactions by a maximum number of nodes in the

network. Once a block is created, it is added to a list of pending transactions. Users
send validation for the block. If the verifications are done then only the block is
added to the blockchain.
 Timestamp: The confirmed transactions are timestamped, therefore they are
irreversible. If a transaction is involved with a bitcoin it is verified and done. But in
the future, if other transactions are made with the same bitcoin, the transactions will
be canceled.
 Block Confirmations: Merchants get block confirmations so that they are assured
that there was no case of double spending. In bitcoin, a minimum of 6 confirmations
are done.
 Saving copies: A copy of each transaction is kept at each node so in case of
network failure the whole network does not go down.
These security features have reduced double spending to a large extent. Let us discuss a
detailed example of how bitcoin handles double-spending.

 A user wants to spend 2 BTC. He/She can create multiple copies of the same
cryptocurrency.
 The user can send the same cryptocurrency to two different addresses say ‘Bob’ and
‘Alice’.
 Both of these transactions are sent to the pool of unconfirmed transactions.
 The first transaction T1 would be approved via the confirmation mechanism.
  The confirmation mechanism states that a minimum of six confirmations by miners
should be done for block validation. The block is added to the network.

 However, the second transaction T2 didn’t get sufficient confirmation so it would

be recognized as invalid by the confirmation process. The block with the highest
number of confirmations is accepted and the other one is rejected. So transaction T1
is valid, and Alice received the bitcoin.

Solutions To Prevent Double Spending

Double Spending can be prevented using two approaches: Centralized and Decentralized

 Centralized Approach: In this case, a secured third party is employed to verify the
transactions. The third-party can track each of the user’s balances. Suppose a user
makes a transaction. The third-party identifies the transaction with a unique
identity. Then it verifies the transaction and allows the transaction. The problem is
that suppose we want to make transactions with other countries where a third party
is not required. So in such cases, decentralized systems come into play. another
drawback is if the whole system fails, the users cannot have access.
  Decentralized Approach: This approach is used by Bitcoin. In this, there is no
involvement of central authority. Each transaction is verified using powerful
algorithms. The decentralized approach proved to be more secure than the
centralized approach. Protocols are established and each protocol does its job at
each step. Therefore this also promotes transparency.

How to Combat Double Spending?

Double spending has been minimized to a large extent as companies are using many security
features. But we as users also have some responsibility so that such attacks don’t happen.

 Any user should wait for a minimum of six confirmations of the transaction before
performing another transaction. In the blockchain, more the confirmations by
different users, lesser will be double spending attacks.
 Users should keep their hardware resources safe so that hackers do not misuse them
for their own purposes. Often hackers target the hardware part because the hardware
is costly. If they somehow steal the hardware, they can roll back any transaction or
alter information.
 Users should delete spam mails and avoid phishing to avoid unnecessary malware
attacks Phishing is a very common attack by hackers as hackers target login
credentials.
 Software should be updated regularly with the latest antivirus installed. If the
software is not up to date then the bugs present can cause major damage.

How Successful Double Spending is Administered?

With the increasing dependency on the blockchain, double spending attacks have also become
a major problem. Many companies have adopted security features.

 Features like confirmation of the transaction by the nodes have been adopted. A
minimum of six confirmations is required to approve the transaction.
 The blocks once created are immutable. They are made irreversible so that no
transaction is reverted back.
  The network’s distributed ledger of transactions autonomously records each
transaction. Each node has a copy of all transactions that are being done in the
network.
 Verification of each transaction’s authenticity is done by Blockchain protocols to
prevent double-spending. The concept of hashing is adopted. Here each block has a
unique hash.

Disadvantages of Blockchain Concerning Double Spending

There are many disadvantages of blockchain concerning Double Spending:

 Control of the blockchain: The biggest disadvantage is if the hackers manage to

take control of 51% computation power, they can do any transaction of their own
will and can steal other users’ money. Therefore there is a threat to security as
millions and millions of money are involved in transactions.
 Alteration of information: Transaction information can also be altered by hackers.
They can mine blocks and hide the original blocks using attacks like Eclipse attack,
Finney Attack, etc.
 No authority: The third major problem is no central authority is present to verify
the transactions. But these problems will be eliminated if companies take proper
security measures and users are also aware of the measures.