One of the key reasons that bitcoin has become a popular form of value, to the tune of $6bn, is that it has largely solved the double-spending problem that plagued other digital currencies before it.
Interestingly, this double-spending problem isn't limited to the digital realm. The BBC reported that there were 566,000 counterfeit notes circulating in the UK in 2009. Additionally, in 2010 the UK Treasury estimated that one in 36 £1 coins in circulation were counterfeit.
The bitcoin network seeks to prevent this problem by signing cryptographic keys that are confirmed on the block chain – bitcoin's general ledger.
However, until the transaction is confirmed, there is a small window of opportunity, and some in the bitcoin community, including reddit user Peter Todd, believe that it is easier to double spend than people may realise.
This is effectively down to the different systems that the various mining pools utilize in confirming transactions – especially small ones, which may offer little reward for miners.
"Fact is, unconfirmed transactions aren't safe."
So how big of a threat is this for merchants accepting bitcoin?
The issue stems from the fact that, while the network as a whole is working to solve transactions, mining pools operate in different ways. Each pool uses its own software in order to direct the pool's mining power, rather like the way a router moves Internet traffic for a network.
For many, the idea of being able to double spend a small amount of bitcoin by exploiting this flaw would seem trivial.
However, for merchants and organisations that rely on a large number of small transactions, this could be a major concern that threatens the viability of bitcoin as a payment method.
That's why some companies processing bitcoin payments, such as Coinbase, use off-blockchain transactions. Instead of waiting for confirmation, they essentially guarantee that bitcoins transaction go through successfully on their platform by keeping an internal ledger of account.
Eric Springer is the founder of BitUndo, a company that attempts to retrieve unconfirmed transactions on-blockchain. He says that ideas such as replace-by-fee could solve the possible implications of double spending unconfirmed transactions on-block by enforcing the replacement of an existing transaction only with another that has a higher fee.
"Bitcoin would be a much better and more secure place with such a policy."
A test net (alternative bitcoin block chain) implementation of the replace-by-fee idea is already available on GitHub.
Given that the problem with double spending unconfirmed transactions has to do with the differing ways that mining pools interact with the network, changing the way that transactions work by using replace-by-fee may not be the best solution to the problem.
Said Dan Held, co-founder of ZeroBlock:
"I think this reinforces the need for standard practices by miners in accepting transactions."
Held believes that there should be a standard policy in place for confirmation of transactions, instead of different mining pools each treating a transaction differently, even if that's not necessarily by design.
"If you know a big enough mining pool, you can forward your transactions to them, knowing that the transaction will be sure to go through," he added.
Every pool has its own mining rules, and this discrepancy is part of the problem, according to Held. But with the network having such a distributed nature, there's no way to enforce a change to this unless it is made within the core client itself.
Confirmations and nodes
Because of widely held desire for bitcoin to eventually facilitate many small transactions, the idea of zero confirmation should be something that people will get used to.
"Zero-confirmation but valid transactions are meant to function this way, and there's a risk tolerance at which they're acceptable versus not," says Sean Neville, CTO of Circle Internet Financial.
Neville believes that zero confirmations are just a part of the transaction process, which is why some companies use off-block chain transactions. But some organizations are willing to accept that risk in return for using bitcoin as a payment method.
"Confirms exist only to solve the double-spend problem for on-chain transactions."
He said that in order for a transaction to complete, a transfer must occur in the form of a private key signing a transfer – even when there is not yet a confirmation:
"Without confirms, you can still have valid transactions, and those can certainly have been previously spent, or spent again in the future to force a double spend and failure – unless they're off-chain," said Neville.
Neville believes in the power of keeping transactions off the block chain, but it's not the only way to reduce the potential for double spending.
In a paper written by IEEE, researchers found that the more nodes that are connected to the network for a transaction, the lower the chances that it will be double spent.
It's possible, then, that a number of randomly connected nodes to the network could be used in order to prevent double spending when using the block chain.
Nothing is ever guaranteed, but the issue of unconfirmed transactions causing a crisis of double spending doesn't look likely.
Said Ross McKelvie, Lead Engineer at startup incubator BoostVC:
"In five years, the average bitcoin user won't be able to execute a double spend, even if the same differences in software exist."
McKelvie agrees that differences in software between mining pools and users can create some imbalance that allows some people to exploit and double spend. However, it's highly unlikely to affect the network as a whole, he said.
McKelvie thinks that the number of smart people working on the stack in the years to come will be able to strengthen the system to the point where this issue simply won't matter anymore.
Whether that comes about from adding replace-by-fee, implementing new network mining policies, or simply relying on off-block chain transactions – or perhaps even none of these – the bitcoin industry will be able to figure it out.
McKelvie noted, however, that it's best not to be apathetic towards problems like this:
"That being said, the Internet is a very big space and the Heartbleed vulnerability was out in the wild for two years, so issues like [double spending] are something to be mildly worried about."
Two bitcoins image via Shutterstock