Scala
  • Welcome to the Scala Wiki!
  • General
    • History
    • Funding
    • Roadmap
      • 2021
      • 2022
      • 2023
  • Specifications
    • Network
    • Features
      • Untraceable payments
      • Unlinkable Transactions
      • Double-spending proof
      • Blockchain analysis resistance
      • Standard CryptoNote transactions
      • Zero confirmation transactions
      • Adaptive Limits
      • Panthera PoW algorithm
      • Diardi
  • Applications
    • Wallet
      • GUI Wallet
      • CLI Wallet
      • Scala Vault
      • ScalaPay
    • Mining
      • Mobile Mining
  • Resources
    • Exchanges
    • FAQ
    • Assets
    • Contact Us
    • Donate
Powered by GitBook
On this page

Was this helpful?

  1. Specifications
  2. Features

Double-spending proof

Describes how Scala defends itself against double-spending.

PreviousUnlinkable TransactionsNextBlockchain analysis resistance

Last updated 4 years ago

Was this helpful?

Fully anonymous signatures would allow spending the same funds many times which, of course, is incompatible with any payment system’s principles. The problem can be fixed as follows.

A ring signature is actually a class of crypto-algorithms with different features. The one Scala’s CryptoNote uses is the modified version of the “Traceable ring signature”. In fact we transformed traceability into linkability. This property restricts a signer’s anonymity as follows: if he creates more than one ring signature using the same private key (the set of foreign public keys is irrelevant), these signatures will be linked together which indicates a double-spending attempt.

To support linkability, Scala's CryptoNote introduced a special marker being created by a user while signing, which we called a key image. It is the value of a cryptographic one-way function of the secret key, so in math terms it is actually an image of this key. One-wayness means that given only the key image it is impossible to recover the private key. On the other hand, it is computationally impossible to find a collision (two different private keys, which have the same image). Using any formula, except for the specified one, will result in an unverifiable signature. All things considered, the key image is unavoidable, unambiguous and yet an anonymous marker of the private key.

All users keep the list of the used key images (compared with the history of all valid transactions it requires an insignificant amount of storage) and immediately reject any new ring signature with a duplicate key image. It will not identify the misbehaving user, but it does prevent any double-spending attempts, caused by malicious intentions or software errors.