Bitcoin Forum>Bitcoin>Bitcoin Discussion
Author

Topic: Bitcoin and its Malleability? Important Questions! (Read 695 times)

Trance
hero member
Activity: 551
Merit: 500
Bitcoin and its Malleability? Important Questions!
February 12, 2014, 11:35:31 AM
#4
Quote from: cr1776 on February 12, 2014, 10:13:35 AM
Quote from: Trance on February 12, 2014, 10:11:20 AM
I have been taking a cryptography class and I'm wondering if someone can assist with my question in regards to understanding the "transaction malleability" BTCitcoin vulnerability that was supposedly exploited by Mt Gox customers to double-spend their BTCitcoin' (see press release below)? I'm surprised to learn that the SHA256 signature of the block chain is "malleable". I thought any secure MAC protocol would prevent this sort of 'attack'. And I don't see where the security proof is broken for the BTCitcoin protocol.

https://www.mtgox.com/press_release_20140210.html

See:
https://bitcointalksearch.org/topic/what-the-average-user-needs-to-know-about-transaction-mutability-460944


+1

Thanks!
un_ordinateur
full member
Activity: 157
Merit: 100
Re: Bitcoin and its Malleability? Important Questions!
February 12, 2014, 10:46:28 AM
#3
The SHA256 signature of a transaction serves as it txid. It is NOT malleable. However, the data inside a transaction message is somewhat arbitraty. Although the inputs, the outputs, and the amouts are signed by the sender (and are thus not changeable without invalidating the transaction), one can append some other arbitrary data to the transaction, while keeping it valid. Althoug the effect of the transaction is going to be the same (a certain amount chosen by the sender is going to be sent to the receiver), the associated txid is going to be different.

Thus it is NOT a double spend attact. One CANNOT take your coins without knowing your private key, nor one CANNOT send the same coin to two different persons.

However one should NOT use the txid as a way to uniquely identify a transaction. It should instead use a combinaison of inputs, outputs and amount to acertain that the transaction went trought (or not).

MtGox did not do that, they used txid. Some users exploited that, and claimed their withdrawal failed to their costumer service, when in fact it went trough but with a different txid than what MtGox tought. MtGox then wrongly resend a transaction.

It was not a double spend, it was a double send.
cr1776
legendary
Activity: 4256
Merit: 1313
Re: Bitcoin and its Malleability? Important Questions!
February 12, 2014, 10:13:35 AM
#2
Quote from: Trance on February 12, 2014, 10:11:20 AM
I have been taking a cryptography class and I'm wondering if someone can assist with my question in regards to understanding the "transaction malleability" BTCitcoin vulnerability that was supposedly exploited by Mt Gox customers to double-spend their BTCitcoin' (see press release below)? I'm surprised to learn that the SHA256 signature of the block chain is "malleable". I thought any secure MAC protocol would prevent this sort of 'attack'. And I don't see where the security proof is broken for the BTCitcoin protocol.

https://www.mtgox.com/press_release_20140210.html

See:
https://bitcointalksearch.org/topic/what-the-average-user-needs-to-know-about-transaction-mutability-460944
Trance
hero member
Activity: 551
Merit: 500
Re: Bitcoin and its Malleability? Important Questions!
February 12, 2014, 10:11:20 AM
#1
I have been taking a cryptography class and I'm wondering if someone can assist with my question in regards to understanding the "transaction malleability" BTCitcoin vulnerability that was supposedly exploited by Mt Gox customers to double-spend their BTCitcoin' (see press release below)? I'm surprised to learn that the SHA256 signature of the block chain is "malleable". I thought any secure MAC protocol would prevent this sort of 'attack'. And I don't see where the security proof is broken for the BTCitcoin protocol.

https://www.mtgox.com/press_release_20140210.html
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: