Bitcoin from Scratch: Auditor

By Rich Apodaca | Updated

Double spending is easy when the users of an electronic cash system can only see their own chains of ownership. Lack of visibility allows the same coin to be spent by multiple transactions without detection. This problem can be solved by enlisting an auditor.

This post is part of the extended series Bitcoin from Scratch.

An auditor sees every transaction, using this unique vantage point to protect users from double spending. On receiving a new transaction for review, an auditor applies a two-part validation test. First, any transaction that attempts to extend an unknown chain of ownership is rejected. Second, any transaction that attempts to re-spend an already spent coin is rejected. These two steps ensure that only unspent coins with valid chains of ownership will be accepted as payment.

SVG Image
Auditor. Alice’s payment to Bob (left) is audited. Finding no double spending, Victor the auditor (right) updates his ledger to account for the new transaction. The output that Alice spends (707-A) is marked as spent and can never be re-spent.

As transactions are received, the auditor compiles them into ledger. For the purposes of this discussion, the auditor’s ledger consists of an ordered list containing each transaction and a two-column table. The first column records each coin’s unique ID, which is obtained by appending the output suffix to the hosting transaction’s identifier. The second column records whether or not the coin has been spent. In the interest of transparency, the auditor publishes the ledger, allowing all users to verify its contents at any time.

The term “miner” is widely-used to describe the auditor role in Bitcoin. This unfortunate choice of terminology obscures the purpose of the work being performed, which is to prevent double spending. To emphasize this purpose, the term “auditor” will be used throughout this series.

The availability of an auditor encourages payees to seek its services for every transaction. The reason is clear: a double spent coin may be rejected without warning in the future. To avoid this possibility, payees would demand that all incoming payments be checked by the auditor. Rather quickly, the auditor would come to play a central, indispensable role.

Establishing an auditor solves the double spending problem, but it also leaves another problem in its wake. Should the auditor ever stop responding, the entire system would grind to a halt. Service outages could arise from fraud, coercion, natural disaster, incompetence, regulator action, technical failure, and a host of other situations. Without double spending protection, panic would result as users scrambled to find partners willing to accept unaudited transactions. Hard-earned savings would be wiped out as the value of stored coins plummeted. The mere rumor of a service interruption could lead to system-wide crisis.

Despite some early promise, the auditor has become a single point of failure whose presence jeopardizes the entire system.