- snip -
let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone.
- snip -
How can I then "double spend" my bitcoin?
If the user is using properly written wallet software that includes a proper transaction fee, and isn't running any custom software of their own or colluding with anyone else, then they won't be able to "double spend" the bitcoin. The transaction will confirm eventually, and the the shop owner has a larger risk of their employees simply giving free food to their friends and family.
- snip -
So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?
With zero transaction fee, there is a bit more risk that the transaction will never confirm (and that the customer will spend those bitcoins elsewhere either intentionally or accidentally). There are some steps that the merchant can take to reduce his risk in this situation.
To start with, the merchant can make sure to use software that identifies when a high risk transaction has occurred (such as a transaction with no fee). They can train their employees that if the software indicates a "high risk" transaction, then the customer must wait for 1 confirmation. If the customer is unhappy about waiting, then they shouldn't send without a fee. The can send a new transaction with a proper fee to receive their product immediately, and the merchant can use software that will refund the zero-fee transaction back to the customer.
Assuming that the merchant is unwilling (or unable) to train their employees to recognize and handle high risk transactions, they can use software that will pay the fee for the customer when the customer fails to include a fee. The sofware would need to recognize that a transaction has been recieved without a fee, and would need to immediately re-spend that transaction and include a large enough fee on the new transaction. This new transaction would provide incentive for miners to confirm both transactions at the same time (since the fee paying transaction can't be confirmed without the free transaction being confirmed). The miners that have implemented "Child-Pays-For-Parent" in their transaction selection algorithms will then work to confirm both, so that the risk is significantly reduced. The merchant can also use software that will re-braodcast transactions that they have received which have not been confirmed within a day or so. This will prevent the transactions from being dropped from the memory pool of nodes before it confirms. The merchant may need to write (or pay someone to write) some of this software. I'm not sure how much of it already exists.
As for your question about "How does this customer "double spend" his/her bitcoin"...
Double spending they way you are thinking about it really comes down to the following scenario. It can be either intentional or if the transaction has no fee it can be accidental:
- Customer creates two transactions that spend the same bitcoins.
- One of those transactions is broadcast in such a way that the merchant receives a copy of it, but most miners either don't receive a copy or they ignore the copy they receive.
- The other transaction is broadcast in such a way that most miners receive a copy and attempt to confirm it, but the merchant either doesn't receive a copy or they ignore the copy they receive
- The first transaction pays the bitcoins to the merchant's address, so they think they've been paid
- The second transaction pays the bitcoins to an address controlled by the customer.
- One of the miners that are processing the second transaction confirms it before the first transaction becomes confirmed
In this situation, the second transaction becomes the "real" transaction (since it got confirmed), and the first transaction becomes invalid.
Properly written wallet software won't allow a user to do this, but nothing is preventing an attacer from writing their own software that attempts to connect directly to the merchant's wallet and send them the first transaction while simultaneously connecting directly to many mining pools and sending them the second transaction.
The merchant can further reduce their risk if they use software (which they may need to create or pay someone to create) that connects directly to (and only to) some of the largest mining pools, listens for any competing transactions, and alerts the employee immediately of the fraud attempt.