Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: bitcoin broken? (Read 1575 times)

Enochian
full member
Activity: 327
Merit: 124
bitcoin broken?
May 09, 2011, 05:53:26 PM
#12
Quote from: kokjo on May 09, 2011, 02:40:23 PM
what i can read from the source and the wiki is:
not the whole transaction that is signed. Sad only the TxIns.

its like signing "i would like to give some btcs away"

The documentation is somewhat unclear.  What gets signed is the entire transaction, with all the input scripts nulled except the one that is being signed, which is replaced by the output script it references containing the OP_CHECKSIG, with the hashtype appended to the end as an int.

So the only thing you could change without making the signature invalid is the input script.  Who the money goes to and where it comes from gets signed, which is the stuff that matters.  So you can't change that, and all you could do by modifying the input script is make it fail, in which case the transaction would be tossed.





MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: bitcoin broken?
May 09, 2011, 03:19:20 PM
#11
And the confidence in the Bitcoin system increases by one Brownie point.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: bitcoin broken?
May 09, 2011, 03:17:31 PM
#10
Quote from: Gavin Andresen on May 09, 2011, 03:10:19 PM
Fine, the entire transaction except for:
  "The scripts for all transaction inputs in txCopy are set to empty scripts"

... is signed. 
thanks you!
i see it now, in script.cpp lines 870-930. looks right to me. Cheesy

Quote from: Gavin Andresen on May 09, 2011, 03:10:19 PM
You're starting to make me grumpy...
sorry for that...
i just didn't seemt right.
and i though if it was a flaw, it was best to make it public as fast as possible. so it could be corrected.
Gavin Andresen
legendary
Activity: 1652
Merit: 2216
Chief Scientist
Re: bitcoin broken?
May 09, 2011, 03:10:19 PM
#9
Fine, the entire transaction except for:
  "The scripts for all transaction inputs in txCopy are set to empty scripts"

... is signed.   You're starting to make me grumpy...
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: bitcoin broken?
May 09, 2011, 03:05:13 PM
#8
Quote from: Gavin Andresen on May 09, 2011, 03:01:15 PM
The entire transaction is signed.  See:  https://en.bitcoin.it/wiki/OP_CHECKSIG  for the rules.

Quote
OP_CHECKSIG is script opcode used to verify that the signature for a tx input is valid
first line.

the entire transaction can't be signed. its logicly impossible.
its like have in a hash of a hash, which is equal. sha256(a)!=a
Gavin Andresen
legendary
Activity: 1652
Merit: 2216
Chief Scientist
Re: bitcoin broken?
May 09, 2011, 03:01:15 PM
#7
The entire transaction is signed.  See:  https://en.bitcoin.it/wiki/OP_CHECKSIG  for the rules.
MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: bitcoin broken?
May 09, 2011, 02:55:50 PM
#6
Quote from: kokjo on May 09, 2011, 02:40:23 PM
Quote from: MoonShadow on May 09, 2011, 02:28:02 PM
Quote from: kokjo on May 09, 2011, 02:18:30 PM
https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible.  Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start.  In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself.  This kind of theft attack would only affect one user.

As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have.  If you cannot sign the modified transaction, the transaction would fail on that point.
what i can read from the source and the wiki is:
not the whole transaction that is signed. Sad only the TxIns.

its like signing "i would like to give some btcs away"


Hmmm, I see what you are saying.  Good eye.  This might be a possible exploit, indeed.  You deserve kudos if this is true.  This could be fixed by requiring that the transaction as a whole be signed by the first input private key.  This would still require absolute isolation to work consistantly, but might work often enough by forcing a double spend type event to be a worthwhile criminal endeavor.

Gavin, thoughts?
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: bitcoin broken?
May 09, 2011, 02:43:07 PM
#5
Quote from: Gavin Andresen on May 09, 2011, 02:21:57 PM
No, it is not possible, there is a rule against that.
rules is here to be broken. Smiley
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: bitcoin broken?
May 09, 2011, 02:40:23 PM
#4
Quote from: MoonShadow on May 09, 2011, 02:28:02 PM
Quote from: kokjo on May 09, 2011, 02:18:30 PM
https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible.  Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start.  In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself.  This kind of theft attack would only affect one user.

As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have.  If you cannot sign the modified transaction, the transaction would fail on that point.
what i can read from the source and the wiki is:
not the whole transaction that is signed. Sad only the TxIns.

its like signing "i would like to give some btcs away"
MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: bitcoin broken?
May 09, 2011, 02:28:02 PM
#3
Quote from: kokjo on May 09, 2011, 02:18:30 PM
https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible.  Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start.  In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself.  This kind of theft attack would only affect one user.

As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have.  If you cannot sign the modified transaction, the transaction would fail on that point.
Gavin Andresen
legendary
Activity: 1652
Merit: 2216
Chief Scientist
Re: bitcoin broken?
May 09, 2011, 02:21:57 PM
#2
No, it is not possible, there is a rule against that.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: bitcoin broken?
May 09, 2011, 02:18:30 PM
#1
https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: