Security Analysis of Double-Spend Attack in Blockchains with Checkpoints for Resilient Decentralized Energy Systems in Smart Regions

Abstract

The transition from centralized power systems to decentralized infrastructures with a high share of renewable energy sources calls for reliable settlement in P2P electricity trading across “smart” regions. Blockchain platforms can enhance transparency and facilitate automated settlement; however, double-spend attacks still pose a threat to transaction finality and, consequently, undermine trust in the payment layer. This paper quantifies this risk through a probabilistic analysis of classical double-spend scenarios for Proof-of-Work (PoW) and Proof-of-Stake (PoS) blockchains augmented with periodic checkpoints, which render the chain history prior to the latest checkpoint effectively irreversible. We develop attack models for both consensus mechanisms and derive explicit formulas for the attacker’s success probability as a function of the adversarial share, the spacing between checkpoints, and the number of confirmation blocks. On this basis, we compute the minimum confirmation depth needed to satisfy a predefined risk threshold. Numerical evaluation using the derived expressions shows that checkpoints consistently reduce double-spend probability relative to checkpoint-free baselines; in the evaluated settings, the reduction reaches up to 44% and becomes more pronounced as the adversarial share increases. Finally, the analysis yields practical guidance for energy trading applications: accept a payment after the computed number of confirmations when it fits within a single checkpoint interval; otherwise, treat finality as reaching the next checkpoint.

1. Introduction

1.1. Motivation

The foundation of a modern smart region’s sustainable development rests squarely on the resilience and security of its integrated energy infrastructure systems (EISs). This imperative is driven by a fundamental shift away from outdated centralized energy models toward a highly decentralized system, characterized by the proliferation of Distributed Energy Resources (DERs), such as rooftop solar and residential batteries. This transition, while essential for sustainability and decarbonization, introduces the following unprecedented security and complexity challenges.

• Increased attack surface. The sheer volume of interconnected devices (smart meters, sensors, and actuators) in a decentralized system dramatically expands the attack surface, creating countless new entry points for malicious actors.
• Lack of central trust. Managing transactions and coordinating these diverse, autonomous DERs securely without a single, trusted central authority is difficult and expensive under traditional IT security models.

Blockchain technology provides an essential, trust-minimized framework to solve these challenges. A blockchain allows direct, verified peer-to-peer (P2P) energy transactions between producers and consumers. This reduces transaction costs, minimizes the reliance on intermediaries, and fosters a truly democratic and autonomous energy market. By serving as an immutable, distributed ledger, a blockchain ensures that critical operational data (e.g., smart meter readings, usage patterns, and transaction settlements) cannot be tampered with. This enhances the overall resilience of the EIS against data manipulation and denial-of-service attacks.

However, the efficacy of distributed ledger technology (DLT) itself is threatened by sophisticated attacks like the double-spend attack (DSA), which can undermine the finality of transactions crucial for real-time grid operation. Therefore, our study, by analyzing and quantifying the security gains offered by checkpoints within Proof-of-Work (PoW) and Proof-of-Stake (PoS) architectures, directly contributes to fortifying the DLT layer. This strengthening of the core trust mechanism is a non-negotiable prerequisite for ensuring the long-term stability, security, and economic viability of the decentralized energy infrastructure, thereby securing the very basis of sustainable growth within the smart region.

1.2. Contribution and Paper Organization

Our impact. This manuscript contributes a security analysis of classical double-spend attacks for blockchains used as a settlement layer in decentralized energy trading. The key novelty of our results is incorporating periodic checkpoints into the security analysis, which limits the attacker’s window and refines the practical notion of transaction finality. We develop probabilistic attack models for both Proof-of-Work (PoW) and Proof-of-Stake (PoS) consensus protocols, derive explicit analytical formulas for the attack success probability as a function of network parameters (adversarial ratio and checkpoint distance), and provide a practical procedure for computing the minimum number of confirmations required to satisfy a predefined risk threshold. We further compare checkpoint-based blockchains with checkpoint-free ones and use the analytical findings to form actionable acceptance rules for payment finalization.

Paper organization. This paper is organized as follows. In the Introduction, we explain the motivation and describe our contribution. Then Section 2 (Related Work) reviews prior research on blockchain-enabled P2P energy trading and on consensus-layer security, positioning double-spend risk and the checkpoint mechanism within the broader literature. Section 3 (Materials and Methods) introduces the checkpoint mechanism, formalizes the PoW/PoS attack models, and derives the main formulas for attack probability together with the method for defining the number of confirmation blocks. Section 4 (Results) presents numerical results obtained according to the derived formulas and comparisons across representative parameter settings. Section 5 (Discussion) interprets the findings in the context of resilient decentralized energy systems and outlines practical implications for deployment. Section 6 (Conclusions) summarizes the main outcomes, limitations, and directions for future work.

2. Related Work

2.1. Blockchain in Decentralized Energy Trading/Smart Regions

The sustainable development and functional integrity of modern smart regions fundamentally depend on the perfection, resilience (sustainability) and security of their integrated energy infrastructure systems as a whole and the individual components within them [1,2].

The stability, resilience and overall security of the EIS are increasingly defined not only by the physical infrastructure but also by the security of its information infrastructure and the effective participation of that infrastructure in enabling “smart” capabilities [3,4]. This shift is catalyzed by the transition away from centralized utility models, where energy is generated at large state-owned power plants, towards increasingly decentralized systems, often referred to as “distributed generation” [5,6]. This transition, fueled by the increasing contribution of distributed renewable energy sources (e.g., rooftop solar panels and wind turbines [7]), requires new paradigms for the secure, decentralized management and distribution of energy.

Blockchain systems and distributed ledger technologies, which have gained wide popularity since the launch of Bitcoin in 2009, provide inherent advantages in environments where trust minimization is required. Energy companies were quick to recognize the immense potential of this technology. A blockchain offers an effective tool that allows consumers to sell surplus energy to local utilities or neighbors (known as peer-to-peer or P2P trading) without relying on a centralized intermediary or trusted third party [8]. Due to its decentralized model and its ability to reliably store information and protect it from tampering, the blockchain ensures the secure and reliable transfer of energy. This P2P energy trading model is realized through smart contracts that operate exclusively within the blockchain environment. Moreover, this decentralized approach to generation and distribution significantly enhances the resilience of the energy infrastructure against widespread threats, such as the destruction of large centralized power stations.

It should also be noted that in wartime, such P2P electricity sales gain additional relevance. For example, as the war in Ukraine showed, Russia has significant resources at its disposal to destroy and disable large power plants, creating a blackout throughout the country. But at the same time, it is impossible to destroy all conventional households that are scattered throughout the country and generate electricity from renewable sources for themselves and their neighbors. Therefore, in the coming years, such a decentralized approach to electricity generation and distribution will develop even faster, and the task of governments is to ensure the safe and reliable use of blockchains and smart contracts for P2P electricity trading for decentralized energy systems, which, in turn, ensure the resilience of the energy structure to the implementation of various threats.

As was stated by Ariel Cohen in [9], “Blockchain (BC) is moving beyond cryptocurrencies”, and energy companies were one of the first to see immense potential in this technology. Nowadays, “the market for BC in the energy sector is set to exceed $1.5 billion—a massive leap from just $127.5 million in 2018”.

However, for blockchain technologies to successfully underpin EIS resilience and “smartness”, their own security and correct functioning are paramount. Only a secure and correct blockchain operation can ensure the secure and correct functioning of the smart contract and the corresponding decentralized energy system. This dependency establishes a critical link between the stability of the EIS and the integrity of the underlying informational infrastructure.

Starting around 2020, the scientific literature has seen a gradual increase in the number of papers devoted to the use of blockchains and smart contracts to create a decentralized electricity market. Thus, the work [10] highlights increasing demand for clean, sustainable, and reliable energy sources that are secure and stable and states that BC is a promising technology that can provide secure and verifiable transactions for P2P energy trading and promote energy conservation. The work also proposes a distributed trading framework and smart contracts for future versions of BC and integration with other energy products. The article [11] continues such research, analyzing the key technological difficulties that arise in the electricity market when applying smart contracts for network enterprises that carry out electricity transactions and tariff settlements based on blockchain technology. It also proposes a trading model using smart contracts, which allows these problems to be overcome to some extent.

The work [12] concentrates on the problems with the security and fairness of energy trading when using blockchain-based smart contracts because they execute the trading and payment rules without intermediaries. It proposes a method that solves the problems associated with a lack of trust in P2P energy trading and utilizes blockchain technology that makes it impossible to tamper with data. The proposed method is validated using realistic data with the Ethereum Virtual Machine (EVM) and is expected to be useful to designers who need to integrate renewable energy in a microgrid system.

The paper [13] gives an overview of different techniques and areas to be considered for implementing smart contracts for energy transactions, emphasizing the advantages of blockchains and smart contracts in energy trading. In [14], the authors propose a blockchain-based model for distribution and P2P transactions in the energy market, which provides the possibility of registering low-cost instant transactions at the power grid in any specific period of time, without periodic payments. Such a method reduces the transaction fees and speeds up electricity trading. A more recent article [15] also concentrates on improving transaction efficiency and reducing costs in power markets. It provides a comparative analysis of three models: centralized trading, blockchain-based decentralized trading, and smart contract-driven automated trading. The results of the analysis, including simulation experiments, demonstrate that the smart contract-driven model outperforms the others by increasing market efficiency and stability, lowering transaction costs, reducing price fluctuations, and improving resource allocation. A similar question, connected with the construction of a distributed power trading model, is considered in [16]. One of the main contributions of this work is the design of a power trading smart contract tailored to the trading mechanism, enabling the automatic and efficient operation of distributed power trading. The authors state that such a design ensures the security, transparency, and trading efficiency of power trading. The work [17] proposed a novel Decentralized Energy Trading Framework via Blockchain Smart Contracts, which essentially uses hashes and asymmetric cryptography tools for transaction security and to preserve the integrity of data stored in blocks.

We also cannot help but mention several survey articles [18,19] of the last two years, which provide a comprehensive and detailed analysis of recent academic articles. The review [18] concentrates on the application of blockchain technology and smart contracts in the rapidly evolving energy market, analyzing their advantages, limitations, and challenges, providing the reader with a comprehensive view of the field’s potential in the near future. The article [19] is devoted to a detailed analysis of smart contracts’ characteristics and functionalities. This analysis reveals a significant gap in the transaction approach involving multiple sellers and buyers, underscoring the need for further exploration. This gap presents an exciting opportunity for future research and development in energy management, particularly in the context of blockchain technology’s potential to facilitate local energy transactions.

Recent studies have examined blockchain-enabled electricity market mechanisms and prosumer scheduling, including an architecture for hourly electricity rights and yield derivatives and a planning model for prosumer operation in the retail electricity market [20,21].

2.2. Security of the Blockchain Layer: A Double-Spend Attack

All the work mentioned above considers energy trading using secure blockchains and does not pay significant attention to how its security depends on network parameters and the consensus protocol. It is worth noting that only the safe and correct functioning of the blockchain can ensure the safe and correct functioning of the smart contract and the corresponding decentralized energy system. Therefore, along with the analysis of attacks directed directly at smart contracts [22,23], it is necessary to analyze attacks on the blockchain, the most dangerous of which are the double-spend attack [24] and the splitting attack [25]. In this case, the double-spend attack is more dangerous, since when it is executed, the attacker generates their branch hidden from other miners. Therefore, unlike the splitting attack, the double-spend attack cannot be detected at an early stage. In addition, the attacker posts the generated branch only in the case of a successful attack, when it is no longer possible to counteract it. Therefore, there is no other way to counteract this attack than to prevent it. That is, network users must take into account the possibility of the constant presence of the attacker and implement appropriate countermeasures. The specifics of the execution of this attack and the methods of protection against it significantly depend on both the consensus protocol and the network parameters. There are a lot of consensus protocols, including special modifications, used in different blockchains. One can find detailed surveys in [26,27]. Different consensus protocols have different advantages and disadvantages, and to decide what type of consensus is more preferable, one needs first of all to define its application, as was done in [28,29,30,31].

In decentralized systems, there is no trusted authority or third party that may solve conflicts and prevent fraud caused by malicious participants. Moreover, some part of the network participants may be well coordinated by an adversary who attacks the system. At the same time, honest nodes have no ability to detect the malicious behavior until the attack is finished (with any result).

In such conditions, transaction security in the blockchain is of great importance. Therefore, almost all articles analyzing certain features of blockchains necessarily pay sufficient attention to transaction security issues [32,33,34]. Users of the distributed system must decide whether to accept the transaction (and provide the corresponding services or goods for the accepted price) or whether they should wait for a higher confirmation assurance. So, for given input parameters, it is important to define concrete criteria for when a transaction may be securely accepted with a low risk of being removed from the final history of the blockchain.

Thus, the special case of persistence, as one of two major ledger properties [35], needs to be analyzed—the security against a double-spend attack. The essence of this attack does not depend on the type of consensus protocol: the attacker tries to spend the same coin twice. Technically, it is an attack aimed at replacing one block in the blockchain with another.

The attack is provided in two stages and can be described as follows. In the first stage of the attack, the vendor is waiting for the required number, say z, of confirmation blocks to appear after the block with the initial transaction and does not send goods until that time. During this stage, the adversary is trying to generate an alternative chain with an alternative transaction, starting from the block before the initial transaction. If they managed to generate a longer chain and share it after the vendor sends goods, the spent coin would be sent to another address or wallet, and the vendor would lose it.

The first stage of the attack continues until the moment when the supplier sends the goods. If during this time the adversary could not create the longer chain, they would run the second stage of the attack and try to “catch up” to the existing chain. Suppose that while six confirmation blocks are being generated, the adversary is able to create four blocks of the alternative chain. Now they are two blocks behind, and if they can ever generate enough blocks to “catch up” to the existing chain, which is also growing, then the attack will be successful. Note that in a classical double-spend attack, we assume that the adversary has unlimited time to catch up.

To determine how many confirmation blocks are sufficient to reduce the probability of a double-spend attack to a sufficiently low level, we need to derive a formula for this probability as a function of network parameters and the number of confirmation blocks. For the first time, such a formula was obtained in [24] by Nakamoto (with serious mistakes; see [36] for a detailed explanation) for the Proof-of-Work (PoW) consensus protocol.

After [24], the probability of the attack was analyzed in papers [37,38], but the results obtained lacked proofs. For the first time the problem gets a fully correct solution in [39], where the authors prove that the block generation process in the network is described with the Erlang distribution and the probability of attack with a negative binomial distribution. It was first proved in this paper, using special functions [40,41], that the fork probability decreases exponentially with growth of its length.

The work [42] generalized the results obtained in [39], adding to the model a new parameter—network synchronization time. In [36] analytical estimates for the probability of the double-spend attack for a Proof-of-Stake (PoS)-based blockchain were obtained in some simplified model, under the assumption that each non-empty timeslot has exactly one slot leader. Note that this assumption is standard (see, for example, ref. [43,44]) and does not cause serious restrictions, only simplifying the description of the model. The obtained results are strict (not asymptotic) and allow us to use them to define the necessary number of confirmation blocks to make the transaction irreversible with overwhelming probability (e.g., $1–{10}^{-3}$). It turns out that estimations obtained in [36] for the PoS protocol are very similar to corresponding results for PoW protocols from [37,39], though methods for obtaining such estimations were completely different.

It should be noted that a blockchain for P2P electricity sales can be created specifically for this application. For example, using an existing blockchain, such as Ether [45] or even its sidechains [46,47], to host smart contracts can make P2P electricity sales unprofitable. Therefore, one possible solution is to use a two-level blockchain, such as the PoP protocol [48]. In this case, a security-inherent blockchain designed for trading will provide an acceptable transaction cost and good throughput, and its stability will be ensured by a security-providing blockchain using a checkpointing mechanism [49].

Gap statement and rationale. Despite the practical relevance for energy trading settlement, the literature provides limited quantitative guidance on how to parameterize confirmation policies under realistic adversarial conditions, especially when additional finality mechanisms such as periodic checkpoints are employed. In particular, prior studies that analyze blockchain attacks and derive attack success probabilities (e.g., refs. [24,25,35,36,37,38,39] and related works) primarily focus on checkpoint-free blockchains, where finality is determined solely by confirmation depth. This motivates our research direction: we model classical double-spend scenarios for PoW and PoS blockchains with periodic checkpoints, derive explicit success probability expressions, and use them to compute the minimum confirmation depth required to keep the attack probability below a preset risk threshold. The resulting formulas translate directly into deployable acceptance rules for blockchain-based payments in decentralized energy systems.

2.3. Objectives and Contributions

In the present work, we investigate the security of both PoW- [24] and PoS-based [50,51,52,53,54] blockchains against double-spend attacks, but with the additional condition of checkpoints.

Adding checkpoints, on the one hand, restricts the adversary in time for attack realization and, on the other hand, requires more serious attack analysis. Attack probability estimations, obtained below, are much more complicated in comparison with [36], but may still be used to obtain numerical results for the block confirmation number, in dependence on the adversary’s ratio and distance between checkpoints.

The results of this paper can also be applied to such protocols, provided that the inter-checkpoint (or inter-finalization) distance can be bounded from below and above in terms of an equivalent number of blocks or timeslots. This situation arises, for example, in quorum-driven finality mechanisms where a block becomes final once a sufficient fraction of validators has committed to it (e.g., Tendermint-based BFT systems) or in protocols with threshold-style convergence to a finalized decision (e.g., Avalanche/Snowman). In these cases, one may treat “checkpointing” as the event of finalization/commit and work with the corresponding block/slot bounds implied by the protocol and network conditions. A systematic adaptation of our framework to these alternative consensus mechanisms, including protocol-specific bounding techniques and tighter estimates, is an important direction for future research.

Therefore, this paper investigates the core security mechanisms necessary to secure the blockchain infrastructure used for P2P energy trading. This work aims to derive explicit formulas for the probability of success of the double-spend attack (DSA) in both Proof-of-Work (PoW)- and Proof-of-Stake (PoS)-based blockchains. Critically, we introduce the additional condition of checkpoints into the analysis, as this mechanism can enhance security and throughput, particularly in blockchains tailored for energy transactions. These formulas can also be used to define how many confirmation blocks are enough to guarantee that the attack probability is less than some small preset value, like 0.001. We also compare our results with the corresponding results for classical PoW- and PoS-based blockchains without checkpoints and show that adding checkpoints decreases the attack probability. As examples, a lot of numerical results are given to understand the behavior of the attack probability. Based on numerical results, we can state that adding checkpoints in blockchains reduces the probability of attack by up to 40%, and the larger the adversary’s stake, the larger the probability of reduction.

By defining the necessary number of confirmation blocks required to secure a transaction against the DSA, this research directly contributes to ensuring the fundamental security layer needed for reliable decentralized energy systems and, consequently, the enhanced stability of smart regions. The methodologies used (deriving complex probability estimations and numerical results) trace the proposed motivation by addressing the resilience required at the informational core of the smart EIS.

3. Materials and Methods

In this section, we firstly formalize the models for PoW- and PoS-based blockchains with checkpoints and for the double-spend attack on them. In these models, we obtain explicit formulas (depending on network parameters) for attack probability estimates and give numerical examples, which allow us to compare the attack probability for blockchains with checkpoints and without them. Such protocols are the appropriate solutions for P2P energy trading applications using blockchains for the sustainable functionality of smart regions.

We assume that the reader is sufficiently familiar with the main definitions and properties of blockchains and main consensus protocols (if not, it is enough to read [50,55] and/or the first sections in [51]).

3.1. Checkpoint Mechanism

To increase the security of the blockchain, a mechanism of control points in the chain, i.e., checkpoint mechanism, is proposed, whose purpose is to restrict the time of the attack [50,56]. This means that in the blockchain, after a certain number of blocks or timeslots, some special blocks are created, which we call checkpoints. They are aimed at synchronizing the state of the history of the chain until the previous checkpoint. Once the chain history is synced, it cannot be changed, even in case of a longer alternative chain.

According to this mechanism, any attack can be carried out only between two checkpoints. If the attack was started just after the checkpoint with numbers l, it should be finished before the checkpoint with number $l+2$, because in the opposite case the longest chain created by the adversary cannot change the history containing the block with the transaction under attack. The number of possible blocks built between chain history synchronization points is limited. The concept is that the network will accept all transactions up to a checkpoint as valid and irreversible. After the checkpoint, the history of the chain is saved and cannot be changed in any way.

Checkpoints in a blockchain with the PoS consensus protocol occur at the moment of the end of an epoch, i.e., after a fixed number of timeslots. But for PoW-based blockchains, they occur after a fixed number of blocks, and this is the main difference for these two protocols. Usually the number of timeslots or blocks allocated between two checkpoints is about 1000–2000 units, but some deviations may occur: Bitcoin (1000 blocks) [57], Bitcoin-Cash (10 blocks) [58], Etherium 2.0 (64 timeslots) [59], Polkadot (64 timeslots) [60], and Cardano and Solana (432,000 timeslots) [61].

3.2. Description of a Double-Spend Attack

We will mostly use the same designations and basic model of attack as in [36] and briefly formulate the adversary’s strategy.

Define a block sequence as $B_0,B_1,\dots ,B_n$ and assume that the adversary’s transaction was included in block $B_i$ for some $i\in N$. Then the vendor waits until z blocks have been created after this block to be sure that the transaction will not be canceled.

At the same time, the adversary (sender) wants to replace a transaction in some block $B_i$ with some alternative transaction, which sends the same coin to a transaction in some other wallet. For this purpose, they try to organize a branch point in block $B_{i-1}$, just before the block with the transaction, and create an alternative branch, which is longer than the one created by honest miners.

The main difference between the current model and [36] is that the adversary has only a limited time to provide the attack due to checkpoints.

In what follows, we make the following assumptions. As in [36,39,42] we assume, for simplicity, that each timeslot has exactly one slot leader. Note that it is possible to get rid of such an assumption, making new assumptions in favor of the adversary, resulting in inflated probability estimates. Next, we assume a stable distance between checkpoints (measured in blocks or in timeslots) and a stable adversary’s ratio during the attack. Also, we assume that the number of confirmation blocks is less than double the distance between the checkpoints, because in the opposite case, it is enough to wait until the checkpoint.

The adversary does not add blocks to the chain with the initial transaction; instead they form an alternative chain. After z confirmation blocks $B_{i+1},B_{i+2},\dots ,B_{i+z}$ are formed by honest slot leaders, the adversary tries to replace the initial chain with the alternative one they formed, with a branch point in $B_{i-1}$, where block $B_i$ is pruned: $B_1,\dots ,B_{i-1},B_i^{\prime },B_{i+1}^{\prime },\dots$ As the adversary does not form their blocks in the initial chain, all blocks in it, including $B_{i-1}$ and $B_i$, are formed by honest parties.

Note that the first stages of a double-spend attack for PoW- and PoS-based blockchains with checkpoints and for PoW- and PoS-based blockchains without them are completely identical.

To describe the difference in the second stage of attack for PoW- and PoS-based protocols, we use the following game analogy. Assume two players play a game in which they move chips according to the result of coin tossing: if heads (tails) came up, the 1st (2nd) player moves their chip one step. The player wins if at the end of the game they are ahead. From the words “at the end of the game” we may assume two possibilities: after a certain number of coin tosses (as an analog of the PoS protocol) or after achieving a certain number of steps (as an analog of the PoW protocol). In this model, the problem of success probability in the second stage of the double-spend attack may be formulated as follows. Assume the 1st player is k steps behind. What is the probability that they will win at the end of the game?

3.3. Designations and Auxiliary Results

Define p as the total stake ratio of honest stakeholders and q as the total stake ratio of malicious stakeholders (for the PoS-based blockchain) or the total computational powers of honest miners and the adversary (for the PoW-based blockchain), $p+q=1$, and assume $q<p$. According to the PoW/PoS conception (see, for example, refs. [24,51]), this implies that in each block/timeslot, the probability that the block/slot is created by an honest miner/slot leader is p and the probability that it is created by a malicious one is q. Based on these designations, we may formulate an auxiliary lemma for which the detailed proof may be found in [36] for PoS-based and in [39] for PoW-based blockchains.

Lemma 1.

Define $P_z\left(k\right)$ as the probability of the event $E_k=\{$malicious slot leaders create exactly k blocks during the first stage of attack} (i.e., during the time when honest stakeholders create exactly z confirmation blocks). Then in our designations

$$P_z\left(k\right)=\left({\displaystyle \genfrac{}{}{0pt}{}{z+k-1}{l}}\right)·p^z·q^k.$$

(1)

Proof. 

To give an informal explanation of the correctness of Lemma 1 for PoS-based blockchains, it is enough to note that in this case the total number of timeslots is $z+k$, and the last of them is occupied by an honest slot leader. For PoW-based blockchains the correctness is not so obvious (see [39]). □

To succeed in an attack, the adversary must build an alternative chain that is longer than the initial one. Hence, the necessary and sufficient condition for the successful attack for PoS-based blockchains is the existence of such a sequence of timeslots, where the number of “malicious” slots is not less than the number of “honest” slots. For PoW-based blockchains this condition may be formulated as “the malicious miners managed to create a number of blocks that is not less than the honest ones created”. Then, using (1), the probability of succeeding in the first stage of attack (i.e., creating a longer chain while honest slot leaders/miners create z confirmation blocks) may be described with the next lemma.

Lemma 2.

Let $z<n$. Then for the adversary, the probability $P{\left(z\right)}^{\left(I\right)}$ of succeeding in the first stage of attack does not depend on n and is equal to

$$P{\left(z\right)}^{\left(I\right)}=\sum _{l=z}^{\infty }\left({\displaystyle \genfrac{}{}{0pt}{}{z+l-1}{l}}\right)·p^z·q^l=1-\sum _{l=0}^{z-1}\left({\displaystyle \genfrac{}{}{0pt}{}{z+l-1}{l}}\right)·p^z·q^l.$$

(2)

Here we use the fact that we add the probabilities for the negative binomial distribution, so

$$\sum _{l=0}^{\infty }\left({\displaystyle \genfrac{}{}{0pt}{}{z+l-1}{l}}\right)·p^z·q^l=1.$$

The next two Lemmas 3 and 4 are the very important points in this paper. While Lemma 3 is auxiliary to Lemma 4, Lemma 4 plays the same role in a blockchain model with checkpoints as the lemma about the Game Ruin Problem [62] plays in a blockchain model without them. This result describes the main difference in calculating the probability of a double-spend attack for blockchains with checkpoints and without them (see [36,39,42]).

Before we formulate and prove the Lemmas, we need to introduce some auxiliary designations and explain their interconnections. We make an assumption in favor of the adversary and assume that they started the attack just after a timeslot with a checkpoint. Let them include their main transaction with payment to the vendor in block B, which refers to the block with the checkpoint. In such a case the adversary has more time to provide the attack. Define $Bloc{k}_n$ and $Bloc{k}_{2n}$ as the next two blocks with checkpoints. We will call the branch with block B, in which the main transaction is included, the main branch. To succeed, the adversary has to catch up to the main branch before block $Bloc{k}_{2n}$ creation. Simultaneously with block B, the adversary creates block $B’$, which also refers to block $Bloc{k}_0$. They include their alternative transaction in block $B’$. This is the block that starts the alternative branch. Assume that at the moment when the z-th block of the main branch was created, the adversary created k blocks on their alternative chain, so they are $u=z-k>0$ blocks behind. Next, let us use the term “block height”, where the height of the z-th confirmation block is equal to 0, the height of the next block is 1, and so on. Analogically define the height of the blocks on the alternative branch.

Let the adversary be k blocks behind after the first stage of attack. We say that the adversary caught up to the main branch at the height $i\in \mathbb{N}\cup \left\{0\right\}$ if at some moment both of the branches are of the same length $z+i$ (starting from blocks B and $B’$ ). Define the corresponding event as

$$B_i=\left\{\mathit{at}\mathit{some}\mathit{moment}\mathit{both}\mathit{of}\mathit{the}\mathit{branches}\mathit{are}\mathit{of}\mathit{the}\mathit{same}\mathit{length}z+i\right\}.$$

Next, we say that the adversary caught up to the main branch for the first time at the height $i\in \mathbb{N}\cup \left\{0\right\}$ if at some moment both of the branches are of the same length $z+i$, but before that moment the alternative branch was always shorter than the main one. We define the corresponding event as

$$\begin{array}{c}\hfill A_i=\{\mathit{at}\mathit{some}\mathit{moment}\mathit{both}\mathit{of}\mathit{the}\mathit{branches}\mathit{are}\mathit{of}\mathit{the}\mathit{same}\mathit{length}z+i,\\ \hfill \mathit{but}\mathit{before}\mathit{the}\mathit{moment}\mathit{the}\mathit{alternative}\mathit{branch}\mathit{was}\mathit{all}\mathit{the}\mathit{time}\mathit{shorter}\}.\end{array}$$

Note that, according to these definitions, $A_i\cap A_j=\varnothing$ for $i\ne j.$

It should be mentioned that probabilities $P\left(A_i\right)$ and $P\left(B_i\right)$ also depend on the value k, which was fixed above. However, to simplify designations, we do not add the index k to these events $A_i$ and $B_i$.

For fixed k define $A_{\mathrm{PoW}}^{\left(k\right)}$ and $A_{\mathrm{PoS}}^{\left(k\right)}$ as the event (for PoW and PoS consensuses, correspondingly), which may be defined as “the alternative (adversary’s) branch managed to catch up to the main branch before $Bloc{k}_{2n}$ creation”.

Then in the case of PoW consensus we have $A_{PoW}^{\left(k\right)}={\bigcup }_{i=0}^{2n-z}{A}_i$ because in this case the alternative adversary’s branch has to catch up to the main branch at a height that is not larger than $2n-z$ or before the moment of creation of a block with checkpoint $Bloc{k}_{2n}$ (which refers to the previous checkpoint $Bloc{k}_n$ and after which the attack is not possible).

Unlike the PoW-based blockchain, for the PoS-based one we have

$$A_{PoS}^{\left(k\right)}=\bigcup _{i=0}^{n-z}{A}_i.$$

Indeed, in this case the number of timeslots that may be used for attack is $2n-z-k$ (as there are exactly $2n$ timeslots between $Bloc{k}_0$ and $Bloc{k}_{2n}$, and $z+k$ blocks out of them are occupied by honest slot leaders and the adversary); see Figure 1.

Next, as the attacker is $z-k$ blocks behind, they may catch up only in one of the following cases: When two alternative chains become equal at the height of $z+i$, $i=\overline{0,n-z}$, starting from the branch point. Indeed, if $z>n$, then the adversary cannot catch up because the majority of possible timeslots are occupied by honest slot leaders. Next, to catch up at the height $z+i$, both the adversary and honest slot leaders need to have $z+i$ timeslots before the timeslot with number $2\left(z+i\right)$, starting from the branch point. In this case, after the timeslot with the block at height k, the adversary should have $z-k+i$ timeslots, and honest slot leaders should have i timeslots, so the total number of timeslots is $z-k+2i$.

As $A_i\cap A_j=\varnothing$,

$$P\left({A_{PoW}}^{\left(k\right)}\right)=\sum _{i=0}^{2n-z}P\left(A_i\right)\mathrm{and}P\left({A_{PoS}}^{\left(k\right)}\right)=\sum _{i=0}^{n-z}P\left(A_i\right)$$

(3)

So, to calculate probability (3) it is enough to calculate probability $P\left(A_i\right)$.

Lemma 3.

Let us define $q_i^{\left(k\right)}=P\left(A_i\right)$, $i=\overline{0,2n-z}.$ In our designations, the following equalities hold:

$$q_0^{\left(k\right)}={\left(p_M\right)}^u;$$

$${q_i}^{\left(k\right)}=\left(\left({\displaystyle \genfrac{}{}{0pt}{}{u+2i}{i}}\right)·p_H^i·p_M^{u+i}-\sum _{j=0}^{i-1}P\left(A_j\right)·\left({\displaystyle \genfrac{}{}{0pt}{}{2i-2j}{i-j}}\right)·{(p_H·p_M)}^{i-j}\right),$$

(4)

where $u=z-k.$

Proof. 

According to the definitions of events $A_i$ and $B_i$, we may write the following equalities:

$$P\left(B_0\right)=P\left(A_0\right)=p_M^u;$$

(5)

$$P\left(B_i\right)=\left({\displaystyle \genfrac{}{}{0pt}{}{u+2i}{i}}\right)·p_M^{u+i}·p_H^i.$$

(6)

Indeed, if the branches are equal at height i, then they have the same length, and their total number of blocks is $u+2i$, from which i blocks were created and included in the main branch by honest slot leaders, and the rest of blocks were generated by malicious ones and included in the alternative branch.

Next, note that $A_1=B_1\setminus A_0$; then

$$P\left(A_1\right)=P\left(B_1\right)-P(B_1\cap A_0).$$

The probability $P(B_1\cap A_0)$ may be expressed as follows:

$$P\left(B_1\cap A_0\right)=P\left(B_1/A_0\right)·P\left(A_0\right),$$

where

$$P\left(B_1/A_0\right)=\left({\displaystyle \genfrac{}{}{0pt}{}{2}{1}}\right)·p_M·p_H.$$

Indeed, if two branches are equal at height 0, then for them to also be equal at height 1 it is necessary and sufficient that one of the next two blocks belongs to the main branch and the other to the alternative one.

So we may write the following:

$$P\left(A_1\right)=P\left(B_1\right)-P(B_1\cap A_0)$$

$$=\left({\displaystyle \genfrac{}{}{0pt}{}{u+2}{1}}\right)·p_M^{u+1}·p_H-\left({\displaystyle \genfrac{}{}{0pt}{}{2}{1}}\right)·p_M·p_H·p_M^u$$

$$=\left({\displaystyle \genfrac{}{}{0pt}{}{u+2}{1}}\right)·p_M^{u+1}·p_H-\left({\displaystyle \genfrac{}{}{0pt}{}{2}{1}}\right)·p_H·p_M^{u+1}.$$

Analogically,

$$P\left(A_2\right)=P\left(B_2\right)-P\left(B_2\cap A_1\right)-P\left(B_2\cap A_0\right)$$

$$=P\left(B_2\right)-P(B_2/A_1)·P\left(A_1\right)-P(B_2/A_0)·P\left(A_0\right)$$

and so on, where in the general case we have

$$P\left(A_i\right)=P\left(B_i\right)-\sum _{j=0}^{i-1}\left(P\left(B_i/A_j\right)·P\left(A_j\right)\right),$$

(7)

and

$$P\left(B_i/A_j\right)=\left({\displaystyle \genfrac{}{}{0pt}{}{2(i-j)}{i-j}}\right)·{(p_M·p_H)}^{i-j}.$$

(8)

Now the statement of Lemma 3 follows from the equalities (5)–(8). □

From Lemma 3, Formula (3) and the considerations above, we immediately get Lemma 4, which is an analog of the Game Ruin Problem lemma.

Lemma 4.

The probability of the adversary catching up being $z-k$ blocks behind may be calculated as

$$P\left({A_{PoW}}^{\left(k\right)}\right)=\sum _{i=0}^{2n-z}{q_i}^{\left(k\right)}$$

for the PoW-based blockchain with checkpoints and as

$$P\left({A_{PoS}}^{\left(k\right)}\right)=\sum _{i=0}^{n-z}{q_i}^{\left(k\right)}$$

for the PoS-based blockchain with checkpoints, where $u=z-k$ and n is the distance between two checkpoints (measured in blocks or timeslots, correspondingly).

Since $q_i^{\left(k\right)}\ge 0$, it immediately follows from Lemma 4 that $P\left(A_{PoW}^{\left(k\right)}\right)\ge P\left(A_{PoS}^{\left(k\right)}\right)$ for the same parameters, which explains why the PoS case yields a slightly lower double-spend success probability in our model.

Lemma 5

(probability of success in the 2nd stage of attack). Let n be the distance between checkpoints and z the number of confirmation blocks. Then the probability $P_n{\left(z\right)}^{\left(II\right)}$ that the adversary has no success in the 1st stage of attack, but has success in the 2nd stage, is

$$P_n{\left(z\right)}^{\left(\mathrm{II}\right)}=p_H^z·\sum _{k=0}^{z-1}\left\{\left({\displaystyle \genfrac{}{}{0pt}{}{z+k-1}{k}}\right)·p_M^k·q_k\right\},$$

where $q_k=P\left({A_{PoW}}^{\left(k\right)}\right)$ for the PoW-based blockchain and $q_k=P\left({A_{PoS}}^{\left(k\right)}\right)$ for the PoS-based blockchain.

Proof. 

If the adversary has no success in the 1st stage of attack, then in the 1st stage they manage to create k blocks for some $0\le k\le z-1$. Define corresponding events $E_k$ = {the adversary creates exactly k blocks in the 1st stage of attack}. Then the event $E^{\left(I\right)}$ = {the adversary has no success in the 1st stage of attack} may be written as $E^{\left(I\right)}={\bigcup }_{k=0}^{z-1}{E}_k$.

Next, define the event $E^{\left(II\right)}$={the adversary has success in the 2nd stage of attack}. We need to find the probability $P\left(E^{\left(I\right)}\cap E^{\left(II\right)}\right)$:

$$P\left(E^{\left(I\right)}\cap E^{\left(II\right)}\right)=P\left(E^{\left(II\right)}\cap \bigcup _{k=0}^{z-1}{E}_k\right)=P\left(\bigcup _{k=0}^{z-1}{E}_k\cap E^{\left(II\right)}\right)$$

$$=\sum _{k=0}^{z-1}P\left(E_k\cap E^{\left(\mathrm{II}\right)}\right)=\sum _{k=0}^{z-1}P\left(E^{\left(\mathrm{II}\right)}/E_k\right)·P\left(E_k\right).$$

(9)

To win the 2nd stage under the condition $E_k$ is the same as to catch up being $z-k$ blocks behind. Then $P(E^{\left(II\right)}/E_k)=q_k$, and this was calculated in Lemma 4. The probability $P\left(E_k\right)$ was calculated in Lemma 1. So we may rewrite (9) as

$$P\left(E^{\left(I\right)}\cap E^{\left(II\right)}\right)=\sum _{k=0}^{z-1}\left\{q_k·\left({\displaystyle \genfrac{}{}{0pt}{}{z+k-1}{k}}\right)·p_H^z·p_M^k\right\}$$

$$=p_H^z·\sum _{k=0}^{z-1}\left\{q_k·\left({\displaystyle \genfrac{}{}{0pt}{}{z+k-1}{k}}\right)·p_M^k\right\},$$

and the lemma is proved. □

Now we can formulate and prove the main result about the probability of a double-spend attack for both PoW- and PoS-based blockchains with checkpoints.

Theorem 1

(for both PoW- and PoS-based blockchains with checkpoints). Let n be distance between checkpoints. Then the probability $P_n\left(z\right)$ of a double-spend attack after z confirmation blocks is equal to

$$P_n\left(z\right)=P{\left(z\right)}^{\left(I\right)}+P_n{\left(z\right)}^{\left(II\right)}$$

Proof. 

As the attack success consists of success in the 1st stage or in the second stage, we may write

$$P_n\left(z\right)=P\left(E^{\left(I\right)}\cup E^{\left(II\right)}\right)=P\left(E^{\left(I\right)}\right)+P\left(E^{\left(II\right)}\right),$$

as these two events are mutually exclusive, according to their definition above (see proof of Lemma 5). □

4. Results

Due to the limited number of blocks or timeslots between checkpoints, the attacker cannot build an alternative chain during the unlimited time, like for blockchains without checkpoints. To prevent the double-spend attack, the vendor should wait for a certain number of confirmation blocks, which guarantees that the probability of attack is less than some preset value, like 0.001 or even smaller. The explicit formulas for attack probability, obtained it this paper, help them to decide whether they should wait for a certain number of confirmation blocks or wait until the corresponding checkpoint. But if checkpoint occurs, for example, once a day, it is more suitable to calculate the number of confirmation blocks that corresponds to the desired probability.

In the tables below we give a lot of numerical results, obtained according to analytical formulas of double-spend attack probability from Theorem 1 for different parameters (distance between checkpoints, adversary’s ratio, and number of confirmation blocks). The behavior of these results, when parameters change, is rather expected, so the numerical results may be considered as additional confirmation of the correctness and practical applicability of analytical ones.

The numerical results of probabilities of the double-spend attack on PoS-based blockchains with different distances n between checkpoints, obtained according to Theorem 1, are given in

Table 1. Double-spend attack probability comparison of confirmation block number in classic blockchain system vs blockchain system with checkpoints (for $n=50,100,150,200,250$).

	Adversary’s Ratio	A Classic Case of a Blockchain System		A Blockchain System Containing Checkpoints		Compare
n	q	z	Attack Probabilities	z	Attack Probabilities	Difference in Percent
50	0.1	6	0.000591412160000	6	0.00059141216000	0
50	0.15	9	0.000590058017484	9	0.00059005801748	0
50	0.2	13	0.000738096069111	13	0.00073809606849	0
50	0.25	20	0.000747285192981	20	0.00074728135353	0.00051
50	0.3	32	0.000875915224973	32	0.00087305341156	0.32672
50	0.35	50	0.002188394725421	50	0.00145056147656	33.71573
50	0.4	50	0.043860884260170	50	0.02709919775701	38.21557
50	0.45	50	0.317304397874194	50	0.18272818468614	42.41234
100	0.1	6	0.000591412160000	6	0.00059141216000	0
100	0.15	9	0.000590058017484	9	0.00059005801748	0
100	0.2	13	0.000738096069111	13	0.00073809606911	0
100	0.25	20	0.000747285192981	20	0.00074728519298	0
100	0.3	32	0.000875915224973	32	0.00087591508657	0.00002
100	0.35	58	0.000965098041430	58	0.00096385710585	0.12858
100	0.4	100	0.004320189876101	100	0.00263540335618	38.99797
100	0.45	100	0.156775865424405	100	0.08870061556165	43.42202
150	0.1	6	0.000591412160000	6	0.00059141216000	0
150	0.15	9	0.000590058017484	9	0.00059005801748	0
150	0.2	13	0.000738096069111	13	0.00073809606911	0
150	0.25	20	0.000747285192981	20	0.00074728519298	0
150	0.3	32	0.000875915224973	32	0.00087591522496	0
150	0.35	58	0.000965098041430	58	0.00096509262566	0.00056
150	0.4	133	0.000994204554214	131	0.00099269100223	0.15224
150	0.45	150	0.082748003254018	150	0.04647043929210	43.84101
200	0.1	6	0.000591412160000	6	0.00059141216000	0
200	0.15	9	0.000590058017484	9	0.00059005801748	0
200	0.2	13	0.000738096069111	13	0.00073809606911	0
200	0.25	20	0.000747285192981	20	0.00074728519298	0
200	0.3	32	0.000875915224973	32	0.00087591522497	0
200	0.35	58	0.000965098041430	58	0.00096509801118	0
200	0.4	133	0.000994204554214	133	0.00098816813374	0.60716
200	0.45	200	0.045094107137097	200	0.02521789162552	44.07719
250	0.1	6	0.000591412160000	6	0.00059141216000	0
250	0.15	9	0.000590058017484	9	0.00059005801748	0
250	0.2	13	0.000738096069111	13	0.00073809606911	0
250	0.25	20	0.000747285192981	20	0.00074728519298	0
250	0.3	32	0.000875915224973	32	0.00087591522497	0
250	0.35	58	0.000965098041430	58	0.00096509804124	0
250	0.4	133	0.000994204554214	133	0.00099369763105	0.05099
250	0.45	250	0.025054006060346	250	0.01397246465419	44.23062

(for $n=50,100,150,200,250$) and

Table 2. Double-spend attack probability comparison of confirmation block number in classic blockchain system vs. blockchain system with checkpoints (for $n=300,350,400,450,500$).

	Adversary’s Ratio	A Classic Case of a Blockchain System		A Blockchain System Containing Checkpoints		Compare
n	q	z	Attack Probabilities	z	Attack Probabilities	Difference in Percent
300	0.1	6	0.000591412160000	6	0.00059141216000	0
300	0.15	9	0.000590058017484	9	0.00059005801748	0
300	0.2	13	0.000738096069111	13	0.00073809606911	0
300	0.25	20	0.000747285192981	20	0.00074728519298	0
300	0.3	32	0.000875915224973	32	0.00087591522497	0
300	0.35	58	0.000965098041430	58	0.00096509804143	0
300	0.4	133	0.000994204554214	133	0.00099415700256	0.00478
300	0.45	300	0.014103172217858	300	0.00784997018068	44.33898
350	0.1	6	0.000591412160000	6	0.00059141216000	0
350	0.15	9	0.000590058017484	9	0.00059005801748	0
350	0.2	13	0.000738096069111	13	0.00073809606911	0
350	0.25	20	0.000747285192981	20	0.00074728519298	0
350	0.3	32	0.000875915224973	32	0.00087591522497	0
350	0.35	58	0.000965098041430	58	0.00096509804143	0
350	0.4	133	0.000994204554214	133	0.00099419980533	0.00048
350	0.45	350	0.008014568841529	350	0.00445450733757	44.41988
400	0.1	6	0.000591412160000	6	0.00059141216000	0
400	0.15	9	0.000590058017484	9	0.00059005801748	0
400	0.2	13	0.000738096069111	13	0.00073809606911	0
400	0.25	20	0.000747285192981	20	0.00074728519298	0
400	0.3	32	0.000875915224973	32	0.00087591522497	0
400	0.35	58	0.000965098041430	58	0.00096509804143	0
400	0.4	133	0.000994204554214	133	0.00099420405994	0.00005
400	0.45	400	0.004587569593162	400	0.00254689356707	44.48273
450	0.1	6	0.000591412160000	6	0.00059141216000	0
450	0.15	9	0.000590058017484	9	0.00059005801748	0
450	0.2	13	0.000738096069111	13	0.00073809606911	0
450	0.25	20	0.000747285192981	20	0.00074728519298	0
450	0.3	32	0.000875915224973	32	0.00087591522497	0
450	0.35	58	0.000965098041430	58	0.00096509804143	0
450	0.4	133	0.000994204554214	133	0.00099420450122	0.00001
450	0.45	450	0.002640947961755	450	0.00146485355051	44.53304
500	0.1	6	0.000591412160000	6	0.00059141216000	0
500	0.15	9	0.000590058017484	9	0.00059005801748	0
500	0.2	13	0.000738096069111	13	0.00073809606911	0
500	0.25	20	0.000747285192981	20	0.00074728519298	0
500	0.3	32	0.000875915224973	32	0.00087591522497	0
500	0.35	58	0.000965098041430	58	0.00096509804143	0
500	0.4	133	0.000994204554214	133	0.00099420454840	0
500	0.45	500	0.001527357879058	497	0.00097425727297	36.21290

(for $n=300,350,400,450,500$). Note that for the PoW-based blockchain the results are very similar, so we have no need to give them. For comparison, in the tables we also give the same results for blockchains without checkpoints.

As we can see from the tables, the difference between these two probabilities for the same number of confirmation blocks (for blockchains with checkpoints and without them) increases with an increase in the adversary’s ratio and decreases with an increase in the distance between checkpoints, as expected. As we can see from Table 1 and Table 2, when the adversary’s ratio is $q=0.45$, the differences between these two probabilities reach more than 42–44%. For relatively small n, like $n=50$, the difference becomes essential even for $q=0.25$.

The corresponding charts for the function $P_n\left(z\right)$ from Theorem 1 are also given for the different ratios of malicious stakeholders q in Figure 2 (for $n=50$), Figure 3 (for $n=150$), and Figure 4 (for $n=300$). As we can see, all these functions drop exponentially with an increase in the number of confirmation blocks, like in the case of “classical” blockchains without checkpoints.

Table 1 and Table 2 illustrate how the proposed analytical expressions translate into practical acceptance rules. As expected, the minimum required confirmation depth increases with the adversarial share and decreases when checkpoints are introduced, yielding a noticeable reduction in the double-spend success probability compared with the checkpoint-free baseline. In particular, for moderate adversarial participation (e.g., 25%), the required depth remains small, on the order of 20 blocks, which corresponds to about several minutes for usual PoS-based blockchains and is typically compatible with time-sensitive energy trading settlement. Overall, the checkpoint mechanism provides a clear security benefit, especially as the adversarial share approaches the honest-majority boundary.

5. Discussion

The analytical formulas derived in this work quantify the security gains achieved by implementing checkpoints in PoW and PoS blockchains. This provides a crucial, quantifiable security metric directly applicable to the decentralized energy infrastructure of modern smart regions. Our numerical results confirm the correctness of the analytical framework and illuminate key architectural decisions necessary for building a resilient and sustainable EIS.

The fundamental finding that the double-spend attack probability is smaller for blockchains with checkpoints is an operational necessity for the EIS. Real-time P2P energy trading and critical smart meter data exchange cannot tolerate transactional ambiguity. Checkpoints establish a hard finality layer, effectively neutralizing the threat of retroactive transactional changes. This mechanism is vital for maintaining the trust and functional integrity of the entire distributed energy market within a smart region.

The observed correlation—the smaller the distance between checkpoints, the smaller the attack probability—offers direct engineering guidance. For high-frequency events in the grid (e.g., automated load balancing or instant micro-transactions between prosumers), the system demands near-instantaneous finalization. While exponential decay of the attack probability is helpful, frequent checkpoints provide a deterministic security assurance much faster. This allows architects to optimally tune the protocol: a shorter checkpoint distance means higher security assurance for the grid’s most critical, latency-sensitive functions, directly supporting the resilience goals of the smart region.

The analysis shows that the security difference provided by checkpoints increases significantly when the ratio of malicious participants is larger. This highlights checkpoints’ role as a robust defense mechanism for the public or consortium DLTs underpinning P2P energy markets, especially in volatile periods.

Furthermore, the finding that PoS-based blockchains exhibit a marginally lower DSA probability reinforces the push for sustainable consensus models. For smart regions prioritizing environmental sustainability, this result validates the choice of PoS. It confirms that PoS not only consumes vastly less energy than PoW but also provides marginally superior security against DSA, making it the preferred economic and ecological choice for decentralized EIS governance.

The results provide a quantifiable security protocol for utility operators and energy trading vendors. Instead of relying on a heuristic number of confirmation blocks, they are advised to wait until a checkpoint is achieved. This rule transforms risk management into a deterministic process: once the corresponding checkpoint is finalized, the transaction is cryptographically irreversible, securing the financial integrity of the energy trade. This practical guidance is essential for ensuring the stability and trustworthiness of the commercial layer in the smart region’s energy market.

Checkpointing introduces a security–efficiency trade-off. Shorter checkpoint spacing reduces double-spend risk but may increase operational cost (especially in anchored designs where each checkpoint is an on-chain transaction on a base ledger) and can increase perceived finality latency if applications wait for checkpoint-based finalization. In L2/L3 deployments anchored to a base chain (e.g., Ethereum), checkpoints can be realized by periodically committing the application ledger’s state hash, shifting most durability guarantees to the base chain while adding checkpoint transaction fees. Quantifying the exact latency/throughput overhead is deployment-specific and depends on block times, anchoring frequency, fee conditions, and confirmation policy.

Checkpointing may introduce additional system-level risks. In anchored deployments, where a checkpoint is realized as an on-chain commitment (e.g., a state hash transaction) to a resilient base blockchain, the correctness of an already published checkpoint inherits the base chain’s security assumptions. However, practical threats such as checkpoint centralization, censorship/DoS against checkpoint submitters, or fee/congestion spikes may delay checkpoint publication and thus increase the effective inter-checkpoint window. These issues can be mitigated by multi-party checkpoint submission, redundant anchoring, and conservative confirmation policies during checkpoint delays; a detailed analysis of liveness-oriented attacks is left for future work.

Energy system constraints and parameter selection. In decentralized energy applications, the choice of checkpoint distance and the number of confirmation blocks should be aligned with the allowable payment finality latency, settlement frequency, and grid stability/operability requirements. Shorter checkpoint intervals and/or deeper confirmations reduce double-spend risk, but may increase time to finality and operational costs. Therefore, for a given set of energy constraints and a target risk threshold, our formulas can be applied to compute the minimum required confirmation depth and then verify whether it fits within a single inter-checkpoint interval and the acceptable latency; if not, finality should be tied to the next checkpoint, or the checkpoint spacing should be reduced.

Checkpoint enforcement and trust model. In this work, checkpoints serve as a finality anchor, making pre-checkpoint history practically irreversible. In a realistic energy trading deployment, this can be realized by operating the application ledger as an L2/L3 chain and periodically anchoring checkpoints (e.g., a state hash or block hash) to a resilient base blockchain such as Ethereum or widely used Ethereum-compatible sidechains. Under this design, the immutability of pre-checkpoint history inherits the base chain’s economic security assumptions. In consortium deployments, checkpoints can instead be certified through governed finality (e.g., a supermajority of validator signatures). A detailed analysis of governance, incentives, and liveness-related threats (e.g., checkpoint delays) is deployment-specific and left for future work.

Independent validation. The numerical results reported in this paper are intended to demonstrate how the derived closed-form expressions can be used and to confirm expected qualitative trends, while the correctness of the main results follows from the analytical derivations and proofs. Independent corroboration through protocol-specific simulation (e.g., Monte Carlo experiments) or empirical evaluation on a concrete testnet is left for future work and is highly dependent on the target deployment and networking assumptions.

6. Conclusions

In this paper, for the first time explicit formulas were obtained for calculating the probability of the double-spend attack for PoW- and PoS-based blockchains with checkpoints. Using the obtained analytical results, we got a large number of numerical results and built charts, which confirmed the correctness of the analytical ones.

The numerical results and charts, built according to corresponding analytical results, indicate the following:

1.

The probability of the double-spend attack for a blockchain with checkpoints is smaller than for a blockchain without them;

2.

The smaller the distance between checkpoints, the smaller the probability of attack;

3.

The larger the ratio of malicious participants, the larger the difference between probabilities of attack for a blockchain with checkpoints and for a blockchain without them;

4.

The probability of the attack decrease exponentially with an increase in block confirmation number, like in the case of a classical blockchain without checkpoints;

5.

As we can see from Formula (3), the probability of a double-spend attack is a bit larger for PoW-based blockchains than for PoS-based ones.

Based on the analytical and numerical results of our work, for various financial transactions with cryptocurrencies, the vendor should wait for a certain number of confirmation blocks, if this number does not exceed the distance between corresponding checkpoints. In the opposite case, they should wait until the corresponding checkpoint, which makes the attack impossible.

Our findings hold profound implications for the construction of resilient and secure decentralized energy systems within smart regions. The mechanism of checkpoints offers the deterministic finality required for reliable automated energy transactions, smart metering data integrity, and securing tokenized energy assets. By quantifying the security gains, this work provides system architects with the tools necessary to achieve the following:

• Optimize protocol parameters: Determine the most secure and efficient distance between checkpoints to guarantee transaction finality for various EIS applications;
• Enhance operational trust: Offer quantitative assurance to utilities and consumers regarding the integrity of decentralized energy transactions;
• Support sustainable security: Justify the adoption of PoS protocols for decentralized energy management based on both their superior energy efficiency and demonstrably better security profile against double-spend attacks.

Our closed-form analysis assumes a constant adversarial share and fixed checkpoint spacing. For time-varying adversarial participation, the formulas can be used with the maximal adversary’s ratio in this period to obtain conservative bounds (PoW) or evaluated epoch by epoch under the standard PoS assumption of an epoch-wise constant stake. For variable checkpoint spacing, the analysis can be applied by bounding the inter-checkpoint distance and deriving upper/lower bounds on attack probability; a full treatment of arbitrary interval sequences is left for future work.

Practical impact. The analytical results transform the abstract concept of blockchain security into a concrete, quantifiable recommendation for energy vendors or utility operators engaging in cryptocurrency transactions (e.g., purchasing Renewable Energy Credits or settling peer-to-peer trades). They should not solely rely on a fixed number of confirmations. Instead, the waiting time must be explicitly tied to the checkpoint distance. This approach drastically simplifies risk assessment: the vendor can confidently trust the transaction once the corresponding checkpoint has been achieved, as the attack becomes practically impossible after that point.

Future Research Directions

In this work, we considered a simplified model of the PoS consensus protocol, assuming only one slot leader per timeslot. Additionally, for both PoW and PoS protocols, we assumed zero synchronization time. These simplifications were adopted to clearly isolate and analyze the impact of checkpoints on blockchain resilience against double-spending attacks. It should be noted that even under these assumptions, the proofs remain quite complex and the resulting formulas are relatively cumbersome. In our view, these simplifying assumptions could be relaxed by employing a mathematical framework similar to that presented in [63]. In particular, this could involve the use of the so-called “dominant distribution” [52], derived under worst-case assumptions in favor of the adversary.

The approach used in this paper can also be applied to such protocols, provided that the inter-checkpoint (or inter-finalization) distance can be bounded or expressed in terms of an equivalent number of blocks/timeslots. This situation arises, for example, in quorum-driven finality mechanisms where a block becomes final once a sufficient fraction of validators has committed to it (e.g., Tendermint-based BFT systems) or in protocols with threshold-style convergence to a finalized decision (e.g., Avalanche/Snowman). In these cases, one may treat “checkpointing” as the event of finalization/commit and work with the corresponding block/slot bounds implied by the protocol and network conditions. A systematic adaptation of our framework to these alternative consensus mechanisms, including protocol-specific bounding techniques and tighter estimates, is also an important direction for future research.