Scala
Scala
Website
Medium
Twitter
Telegram
Welcome to the Scala Wiki!
General
History
Funding
Specifications
Network
Features
Untraceable payments
Unlinkable Transactions
Double-spending proof
Blockchain analysis resistance
Standard CryptoNote transactions
Zero confirmation transactions
Adaptive Limits
Panthera PoW
Light delayed Proof-of-work
Applications
Wallet
Mining
Resources
Exchanges
FAQ
Design
Contact Us
Donate
Powered by GitBook

Double-spending proof

Describes how Scala defends itself against double-spending.

Fully anonymous signatures would allow spending the same funds many times which, of course, is incompatible with any payment system’s principles. The problem can be fixed as follows.

A ring signature is actually a class of crypto-algorithms with different features. The one Scala’s CryptoNote uses is the modified version of the “Traceable ring signature”. In fact we transformed traceability into linkability. This property restricts a signer’s anonymity as follows: if he creates more than one ring signature using the same private key (the set of foreign public keys is irrelevant), these signatures will be linked together which indicates a double-spending attempt.

To support linkability, Scala's CryptoNote introduced a special marker being created by a user while signing, which we called a key image. It is the value of a cryptographic one-way function of the secret key, so in math terms it is actually an image of this key. One-wayness means that given only the key image it is impossible to recover the private key. On the other hand, it is computationally impossible to find a collision (two different private keys, which have the same image). Using any formula, except for the specified one, will result in an unverifiable signature. All things considered, the key image is unavoidable, unambiguous and yet an anonymous marker of the private key.

All users keep the list of the used key images (compared with the history of all valid transactions it requires an insignificant amount of storage) and immediately reject any new ring signature with a duplicate key image. It will not identify the misbehaving user, but it does prevent any double-spending attempts, caused by malicious intentions or software errors.

Previous
Unlinkable Transactions
Next
Blockchain analysis resistance
Last updated 7 months ago