Author

Topic: double spending questions (Read 327 times)

jr. member
Activity: 37
Merit: 1
April 11, 2018, 02:41:35 PM
#13
Thank you, ETFbitcoin, DannyHamilton and ranochigo

Now I can see what exactly in a transaction. I think I need to spend sometime on it.
legendary
Activity: 3514
Merit: 4895
April 11, 2018, 11:31:33 AM
#12
from the white paper
https://bitcoin.org/bitcoin.pdf
A coin is  (previous coin + my public key) -> hash, then signed by previous owner.

The white paper goes on to explain that such a model is insufficient and that additional features are needed:

In the case of the final implementation of Bitcoin, a "coin" could be thought of as an unspent transaction output.

That would be a value which is encumbered with a requirement that must be met before that value can be spent.  There is a scripting language which is used to place the encumbrance on the value.  The most common script used (version 1 addresses) is a script that requires the spender to supply BOTH a valid public key which hashes to a value supplied in the script AND a signature which can be validated using the supplied public key.

when we do transaction, I pass my wallet address only to previous owner. how the previous owner know my public key?

He does not.

His wallet software uses the "address" to do 4 things to "send the bitcoins to you" in the transaction:
  • Extracts a hash value, version number, and checksum from the address
  • Uses the checksum to make sure that the address was entered correctly (this allows the wallet software to prevent sending to a mis-typted address)
  • Uses the address version to identify which encumbering script to build
  • Builds the encumbering script in the transaction with the extracted hash value


When you ask someone to send you some bitcoins, their wallet software choose some unspent transaction outputs for which they can satisfy the encumbrance requirements.  They assemble these as a list of inputs to the transaction to supply value to the transaction.  Then they use the Bitcoin Scripting language to meet the requirements of each input.  They then create an output with the value that you requested, and encumbered with the version 1 script using the hash from the address that you supplied.  As such, nobody can spend that output unless they can satisfy the encumbrance requirements.  The version 1 script requires BOTH a public key that hashes to the same value as stored in the script AND a signature that can be validated with THAT public key.

Since you provided the address, you know the public key and you have the private key.

When you want to spend that "coin", your wallet software lists it in the inputs to your transaction to supply your transaction with value.  Your software then meets the encumbrance requirements by supplying the appropriate script using BOTH the public key that hashes to the value from the output you are spending AND the digital signature that can be validated with THAT public key.  Your software then creates an output with the value that you are paying which is encumbered with a script that is built based on the rules of the address version that was supplied to you when the payment was requested from you.

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
April 11, 2018, 11:24:03 AM
#11
from the white paper
https://bitcoin.org/bitcoin.pdf
A coin is  (previous coin + my public key) -> hash, then signed by previous owner.

when we do transaction, I pass my wallet address only to previous owner. how the previous owner know my public key?

A transaction is a lot more complex than that, I just stated the main components of a transaction.

Let me rephrase that for you. For a transaction, it consist of a reference to UTXO + your public key and a signature that can be validated against your public key. I'm confused over what you meant by the previous owner. The transaction is signed by whoever that is control of the UTXO.

The UTXO consist of the information needed to redeem it. You're right in a sense that the creator of the transaction cannot know the public key as the address is just the hash of it. Most of the people currently uses P2PKH in their transaction and the UTXO contains the information about the hash. Nodes can easily get the address using the public key. If the signature matches the public key and the public key matches the address, the transaction will be valid.
legendary
Activity: 3514
Merit: 4895
April 11, 2018, 11:20:12 AM
#10
jr. member
Activity: 37
Merit: 1
April 11, 2018, 11:17:46 AM
#9
A transaction contains the inputs, together with its public key, a signature and the requirements to spend its output.

The wallet address are the public key hash, public keys are a lot longer than that.

Double spending cannot be prevented, no one said it could be. The network functions on the fact that anyone with a longer proof of work is the correct person. As a result, block reorgs could essentially 'remove' a transaction from the blockchain while adding another transaction with the same inputs but spent elsewhere. Double spending would get harder and harder with the number of confirmations. Number of confirmations would not be affected if the attacker owns 51% of the network's hashrate.

from the white paper
https://bitcoin.org/bitcoin.pdf
A coin is  (previous coin + my public key) -> hash, then signed by previous owner.

when we do transaction, I pass my wallet address only to previous owner. how the previous owner know my public key?
jr. member
Activity: 37
Merit: 1
April 11, 2018, 11:01:40 AM
#8
to clarify my questions.

from blockchain explorer what I see is:

from wallet         to wallet              amount
-------------        ----------             ---------
wallet_address1  wallet_address2      0.1
.....
.....

I don't see anything associate to a crypto coin.

if blockchain explorer doesn't show all transaction info, then what exactly a transaction looks like?

Thanks
jr. member
Activity: 37
Merit: 1
April 11, 2018, 10:53:54 AM
#7
A transaction contains the inputs, together with its public key, a signature and the requirements to spend its output.

The wallet address are the public key hash, public keys are a lot longer than that.

Double spending cannot be prevented, no one said it could be. The network functions on the fact that anyone with a longer proof of work is the correct person. As a result, block reorgs could essentially 'remove' a transaction from the blockchain while adding another transaction with the same inputs but spent elsewhere. Double spending would get harder and harder with the number of confirmations. Number of confirmations would not be affected if the attacker owns 51% of the network's hashrate.


Do you mean the transaction that I saw in blockchain explorer doesn't show all info of the transaction?
jr. member
Activity: 37
Merit: 1
April 11, 2018, 10:49:56 AM
#6
What you mean ..
Quote
how the double spending can be prevented?
It's impossible because TXs uses similar inputs and modify output.. for confirmation double spend TX has higher fees.

What i mean is... when I look at the block using blockchain explorer. in a transaction, I only see
from wallet address, to wallet address and the amount of coin. I don't see any coin data.
I don't understand how the double spending can be prevented because
this amount of coin, which is a double number won't able to identify a coin.
legendary
Activity: 3150
Merit: 2185
Playgram - The Telegram Casino
April 11, 2018, 04:02:09 AM
#5
Any attempt to create output from already spent coin will result in tx rejection by virtually anyone in the network. Normal miners will reject this tx and never put it into block. If some abnormal miner will actually dare to do so, others will reject such block as invalid anyway. It's bulletproof in terms of double spend.

The only case where it can occur is while tx is still in mempool (never got into block) you can create another tx with different outputs and higher fee. This way only one of those tx will eventually be confirmed. That's why most of services wait until 1-6 confirmations before they actually credit your coins to account.

Note that even after the first confirmation a double-spend could still be successful, hence the requirement of services to wait until a predetermined count of confirmations. It's only that with each additional confirmation the odds of a successful attack shrink, with 6 confirmations being considered fairly safe from a probabilistic point of view. In reality for most transactions even 1-2 confirmations should be sufficient.

The "trick" behind PoW is that each block / confirmation requires a considerable amount of computation thus resources, making any sort of attack a costly manner while rewarding every miner that "behaves well" using the block reward and miner fees.
member
Activity: 392
Merit: 41
This text is irrelevant
April 11, 2018, 03:16:13 AM
#4
Any attempt to create output from already spent coin will result in tx rejection by virtually anyone in the network. Normal miners will reject this tx and never put it into block. If some abnormal miner will actually dare to do so, others will reject such block as invalid anyway. It's bulletproof in terms of double spend.

The only case where it can occur is while tx is still in mempool (never got into block) you can create another tx with different outputs and higher fee. This way only one of those tx will eventually be confirmed. That's why most of services wait until 1-6 confirmations before they actually credit your coins to account.

sr. member
Activity: 1330
Merit: 258
April 10, 2018, 08:36:51 PM
#3
What you mean ..
Quote
how the double spending can be prevented?
It's impossible because TXs uses similar inputs and modify output.. for confirmation double spend TX has higher fees.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
April 10, 2018, 06:56:49 PM
#2
A transaction contains the inputs, together with its public key, a signature and the requirements to spend its output.

The wallet address are the public key hash, public keys are a lot longer than that.

Double spending cannot be prevented, no one said it could be. The network functions on the fact that anyone with a longer proof of work is the correct person. As a result, block reorgs could essentially 'remove' a transaction from the blockchain while adding another transaction with the same inputs but spent elsewhere. Double spending would get harder and harder with the number of confirmations. Number of confirmations would not be affected if the attacker owns 51% of the network's hashrate.
jr. member
Activity: 37
Merit: 1
April 10, 2018, 05:06:30 PM
#1
Hi guru,

I understand that a coin is
previous coin +  my public key -> hash
signed by prev owner.

I also understand a block is a collection of transactions + previous block hash + nouce -> hash

when I use blockchains explorer to look at a block.
I can see a transaction like
send from wallet address to another wallet address and amount of coin.

the wallet address are people public key. am i correct?

but I don't understand how the double spending can be prevented?

Can anyone explain?
Thanks!


Jump to: