Numerous blockchain applications are designed with tasks that naturally have finite durations, and hence, a double-spending attack (DSA) on such blockchain applications leans towards being conducted within a finite timeframe, specifically before the completion of their tasks. Furthermore, existing research suggests that practical attackers typically favor executing a DSA within a finite timeframe due to their limited computational resources. These observations serve as the impetus for this paper to investigate a time-restricted DSA (TR-DSA) model on Proof-of-Work based blockchains. In this TR-DSA model, an attacker only mines its branch within a finite timeframe, and the TR-DSA is considered unsuccessful if the attacker's branch fails to surpass the honest miners' branch when the honest miners' branch has grown by a specific number of blocks. First, we developed a general closed-form expression for the success probability of a TR-DSA. This developed probability not only can assist in evaluating the risk of a DSA on blockchain applications with timely tasks, but also can enable practical attackers with limited computational resources to assess the feasibility and expected reward of launching a TR-DSA. In addition, we provide rigorous proof that the success probability of a TR-DSA is no greater than that of a time-unrestricted DSA where the attacker indefinitely mines its branch. This result implies that blockchain applications with timely tasks are less vulnerable to DSAs than blockchain applications that provide attackers with an unlimited timeframe for their attacks. Furthermore, we show that the success probability of a TR-DSA is always smaller than one even though the attacker controls more than half of the hash rate in the network. This result alerts attackers that there is still a risk of failure in launching a TR-DSA even if they amass a majority of the hash rate in the network.

翻译：众多区块链应用被设计为具有自然有限持续时间的任务，因此针对此类应用的双重支付攻击倾向于在有限时间范围内进行，具体而言是在其任务完成之前。此外，现有研究表明，由于计算资源有限，实际攻击者通常偏向于在有限时间范围内执行双重支付攻击。这些观察结果成为本文研究基于工作量证明区块链的时间限制双重支付攻击模型的动力。在此时间限制双重支付攻击模型中，攻击者仅在有限时间范围内挖掘其分支，如果当诚实矿工分支增长特定区块数时攻击者分支未能超越该分支，则时间限制双重支付攻击被视为失败。首先，我们推导了时间限制双重支付攻击成功概率的通用闭式表达式。该概率不仅有助于评估具有时效性任务的区块链应用遭受双重支付攻击的风险，还能使计算资源有限的实际攻击者评估发起时间限制双重支付攻击的可行性与预期收益。此外，我们严格证明了时间限制双重支付攻击的成功概率不大于无时间限制双重支付攻击（攻击者无限期挖掘其分支）的成功概率。这一结果表明，与为攻击者提供无限时间框架的区块链应用相比，具有时效性任务的区块链应用对双重支付攻击的脆弱性更低。进一步地，我们证明即使攻击者控制网络中超过半数的算力，时间限制双重支付攻击的成功概率始终小于1。这一结果警示攻击者，即使他们聚集了网络中大部分算力，发起时间限制双重支付攻击仍存在失败风险。