Pages:
Author

Topic: Bitcoin in danger!? Received <Sent!?! (Read 4936 times)

kjj
legendary
Activity: 1302
Merit: 1026
February 12, 2012, 02:10:24 AM
#32
My guess would be never at all. Testnet is where new code is tested out before it is released.
It has happened on the main network. The following transaction is present in both block 91812 and 91842: http://blockexplorer.com/tx/d5d27987d2a3dfc724e359870c6644b40e497bdc0589a033220fe15429d88599

From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction. 

I at least hope it will not slow down bitcoin client as downloading all the blocks (and verifying them?) takes already too long.

From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction. 

I at least hope it will not slow down bitcoin client as downloading all the blocks (and verifying them?) takes already too long.

No, those are in the past; it is too late for them.  This would apply only when your node creates a new candidate block in response to a getwork request, and then later when a brand new block comes in over the network, fresh from some dude's GPU.
In order to check if a generation transaction with the same transaction ID is already existant in the block chain we will obviously have to check past generation transactions. Luckily, only one is created circa every 10 minutes, so even in a 1000 years, we will only have to check around 90 million transactions for duplicates (which can probably be done in a fraction of a pico second in the year 3012).

The absolute worst case for a binary tree search over 256 bits is 256 comparisons.  BDB uses something better, probably a btree (I'm too lazy to look it up).  After 90 million coinbases, the typical search will probably take less than 30 comparisons.  Both of these numbers are trivial and won't add more than a couple of microseconds to block processing time (not counting I/O if the index isn't in memory for some bizarre reason).
legendary
Activity: 980
Merit: 1008
February 11, 2012, 01:25:06 PM
#31
My guess would be never at all. Testnet is where new code is tested out before it is released.
It has happened on the main network. The following transaction is present in both block 91812 and 91842: http://blockexplorer.com/tx/d5d27987d2a3dfc724e359870c6644b40e497bdc0589a033220fe15429d88599

From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction. 

I at least hope it will not slow down bitcoin client as downloading all the blocks (and verifying them?) takes already too long.

From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction. 

I at least hope it will not slow down bitcoin client as downloading all the blocks (and verifying them?) takes already too long.

No, those are in the past; it is too late for them.  This would apply only when your node creates a new candidate block in response to a getwork request, and then later when a brand new block comes in over the network, fresh from some dude's GPU.
In order to check if a generation transaction with the same transaction ID is already existant in the block chain we will obviously have to check past generation transactions. Luckily, only one is created circa every 10 minutes, so even in a 1000 years, we will only have to check around 90 million transactions for duplicates (which can probably be done in a fraction of a pico second in the year 3012).
sr. member
Activity: 308
Merit: 250
February 10, 2012, 08:29:45 PM
#30
Please edit the title of the OP. Bitcoin is NOT in danger.  You misunderstood.
kjj
legendary
Activity: 1302
Merit: 1026
February 10, 2012, 08:10:37 PM
#29
More serious issues might be possible when there is a reorg. For example, when one coinbase is disconnected, all of its duplicates will also be disconnected.
Yeah, which in theory means that all the nodes that had the block containing that duplicate coinbase in their main chain would wrongly treat an attempt to spend it as invalid and all those that hadn't would correctly consider it valid. This may be usable to create a persistent fork in Bitcoin - that is to say, one that can never actually resolve itself without a huge amount of manual intervention by everyone involved.

That would take quite a bit of planning and effort, and the attacker would need to have huge amounts of hashing power plus incredibly good timing.  Oh, and they would only get one shot getting it right, since that fork is only possible during the moment when the network changes rules.  Plus, I'm not sure what anyone could possibly hope to gain by doing it.

And if it even looked like it was possible that someone might do it, we could randomize the rule change time.  Instead of coding it so that the rules change starting with block # X, we could say that the new rules take effect on the first block following # X where the last 8 bits of the header hash are all zero.  That would be totally unambiguous on the network, but still impossible to predict.

Note that under the current rules, if you generate two coinbases with the same transaction and wish to spend both of them, you must spend the first one before you generate the second one.  The duplicates in the past can't be fixed.  All in all, this is a very strange quirk of the system that needs to be fixed, but not a security issue.
kjj
legendary
Activity: 1302
Merit: 1026
February 10, 2012, 07:47:17 PM
#28
From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction. 

I at least hope it will not slow down bitcoin client as downloading all the blocks (and verifying them?) takes already too long.

No, those are in the past; it is too late for them.  This would apply only when your node creates a new candidate block in response to a getwork request, and then later when a brand new block comes in over the network, fresh from some dude's GPU.
hero member
Activity: 686
Merit: 564
February 10, 2012, 05:56:07 PM
#27
More serious issues might be possible when there is a reorg. For example, when one coinbase is disconnected, all of its duplicates will also be disconnected.
Yeah, which in theory means that all the nodes that had the block containing that duplicate coinbase in their main chain would wrongly treat an attempt to spend it as invalid and all those that hadn't would correctly consider it valid. This may be usable to create a persistent fork in Bitcoin - that is to say, one that can never actually resolve itself without a huge amount of manual intervention by everyone involved.
legendary
Activity: 3472
Merit: 1722
February 10, 2012, 05:26:11 PM
#26
From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction. 

I at least hope it will not slow down bitcoin client as downloading all the blocks (and verifying them?) takes already too long.
kjj
legendary
Activity: 1302
Merit: 1026
February 10, 2012, 11:36:52 AM
#25
My guess would be never at all. Testnet is where new code is tested out before it is released.

oh, did satoshi test out his very first attempt on the test network before creating the main genesis block?

i thought we were talking about a bug in satoshi's creation, as old as bitcoin itself.


My guess is that there were several genesis blocks while he was working on it, and once everything was ready he released it and the last one he made became The Genesis Block.

As to the overwrite issue, it might be better to think of this as a hash collision.  Think hash function rather than cryptographic hash.

Cryptographic hashes are intentionally very hard to collide, and the default client uses a new address for each generation, so in a way the default client had solved the problem.  But, it didn't expect that someone else might use different software to reuse the same inputs to the hash and end up with the same transaction id.

From Gavin's post, it sounds like they are changing the default client to actually check the database to make sure that a newly created coinbase doesn't collide with a prior transaction.  And in the future, they will set it to reject blocks that include duplicates, which would be a de facto protocol change, and a good one.
hero member
Activity: 812
Merit: 1000
February 10, 2012, 02:07:39 AM
#24
My guess would be never at all. Testnet is where new code is tested out before it is released.

oh, did satoshi test out his very first attempt on the test network before creating the main genesis block?

i thought we were talking about a bug in satoshi's creation, as old as bitcoin itself.
administrator
Activity: 5222
Merit: 13032
February 10, 2012, 01:15:04 AM
#23
so to clarify, the main consequence of the bug was that a block reward could become lost forever?

still... turning 100 BTC into 50 is less serious of a bug than being able to turn 50 BTC into 100 Cheesy

More serious issues might be possible when there is a reorg. For example, when one coinbase is disconnected, all of its duplicates will also be disconnected.
hero member
Activity: 560
Merit: 500
February 10, 2012, 12:56:49 AM
#22
My guess would be never at all. Testnet is where new code is tested out before it is released.
hero member
Activity: 812
Merit: 1000
February 10, 2012, 12:44:47 AM
#21
would it be possible to see exactly how many times this occurred on the main network?
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
February 10, 2012, 12:41:34 AM
#20
so to clarify, the main consequence of the bug was that a block reward could become lost forever?

still... turning 100 BTC into 50 is less serious of a bug than being able to turn 50 BTC into 100 Cheesy


Well, I think that ANY overwrite is serious...

But you got a point!
hero member
Activity: 812
Merit: 1000
February 10, 2012, 12:35:32 AM
#19
so to clarify, the main consequence of the bug was that a block reward could become lost forever?

still... turning 100 BTC into 50 is less serious of a bug than being able to turn 50 BTC into 100 Cheesy
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
February 10, 2012, 12:20:43 AM
#18
Do you lose the original if it isn't spent when you make the new identical one? Because when you spend either now it'll be marked as spent?

Right. This has happened a few times on the main network, actually. Not sure if anyone realized until recently that it was possible to spend both, though.


Shocked

Anyway, now this guys will solve a bug!
administrator
Activity: 5222
Merit: 13032
February 10, 2012, 12:12:11 AM
#17
Do you lose the original if it isn't spent when you make the new identical one? Because when you spend either now it'll be marked as spent?

Right. This has happened a few times on the main network, actually. Not sure if anyone realized until recently that it was possible to spend both, though.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
February 10, 2012, 12:05:48 AM
#16
Technical explanation:

When you create a block, the coinbase transaction which generates 50 BTC can easily be made to exactly equal a past coinbase transaction: it just needs to pay out to the same address and have the same (arbitrary) scriptSig. Unfortunately, this transaction will then have the exact same hash as another transaction in the chain. Satoshi did not anticipate this, so it's allowed by the protocol and it confuses the Bitcoin code.

In this case, roconnor:
- Generated a block containing a normal coinbase transaction.
- Spend the BTC generated in the coinbase transaction. Bitcoin nodes mark the coinbase transaction's output as spent.
- Created a block containing a duplicate of the first coinbase transaction. Bitcoin nodes will now overwrite the first coinbase transaction in the transaction database. The output of the coinbase transaction is marked as unspent. The transaction spending the original coinbase output is not affected and is still considered valid.
- Spent the BTC generated in the second coinbase. There are now two transactions spending the "same" output.

Do you lose the original if it isn't spent when you make the new identical one? Because when you spend either now it'll be marked as spent?
administrator
Activity: 5222
Merit: 13032
February 09, 2012, 11:49:02 PM
#15
Technical explanation:

When you create a block, the coinbase transaction which generates 50 BTC can easily be made to exactly equal a past coinbase transaction: it just needs to pay out to the same address and have the same (arbitrary) scriptSig. Unfortunately, this transaction will then have the exact same hash as another transaction in the chain. Satoshi did not anticipate this, so it's allowed by the protocol and it confuses the Bitcoin code.

In this case, roconnor:
- Generated a block containing a normal coinbase transaction.
- Spend the BTC generated in the coinbase transaction. Bitcoin nodes mark the coinbase transaction's output as spent.
- Created a block containing a duplicate of the first coinbase transaction. Bitcoin nodes will now overwrite the first coinbase transaction in the transaction database. The output of the coinbase transaction is marked as unspent. The transaction spending the original coinbase output is not affected and is still considered valid.
- Spent the BTC generated in the second coinbase. There are now two transactions spending the "same" output.
hero member
Activity: 784
Merit: 1000
bitcoin hundred-aire
February 09, 2012, 10:56:49 PM
#14
Notice that tx 0018417e23... and fae8bfd6a2... on that address ledger spend the exact same output. It looks like a double-spend, but it's actually a less severe bug in the protocol that probably doesn't allow for any easy attacks. (Because the bug causes very strange behavior, though, it might allow for attacks that have not been thought of yet.)

That sounds pretty terrible. Shocked
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
February 09, 2012, 10:04:12 PM
#13
Good job Gavin!! Testnet is... FOR TEST!!!   Wink
Pages:
Jump to: