Malleability counter attack : Malleate to LowS instead of dropping HighS

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Quote from: dexX7 on November 11, 2015, 08:10:11 AM

Just as quick update, the mutation rate over the last 1373396 transactions (about 8 days) for me was 0.9899 %.

I know that coinprism (Open Asset, colored coin wallet) is using an old version of bitcoinjs which create HighS, but now they fix it on the backend to LowS.
I don't think open asset account for a lot, but the malleability attack pushed services to update.

dexX7

legendary

Activity: 1106

Merit: 1024

Just as quick update, the mutation rate over the last 1373396 transactions (about 8 days) for me was 0.9899 %.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Nicolas Dorier on October 20, 2015, 09:26:40 AM

It would kick my bot ! Cheesy

I think we have invented new game similar to https://en.wikipedia.org/wiki/Core_War Grin

~~ALIEN VS. PREDATOR~~ Mutator vs Malleator. See on every ~~cinema~~ bitcoin client in November '15

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Quote from: amaclin on October 18, 2015, 07:08:40 AM

Quote from: Nicolas Dorier on October 15, 2015, 10:10:23 AM

Craft a redeem script " OP_EQUALVERIFY", spend it. The mutator will create an invalid transaction which will ban him from the network. Now, you look in your banlist and collect the IP.

Quote from: Nicolas Dorier on October 17, 2015, 08:28:11 AM

For information, my node which is currently malleating HighS to LowS detects around 2 and 4% of HighS signatures.

What if the inner p2sh (redeem) script is the

OP_2DUP OP_EQUAL OP_IF OP_RETURN OP_ENDIF OP_2 OP_2 OP_CHECKMULTISIG

and the scriptSig is
OP_0

It would kick my bot ! Cheesy

Quote from: dexX7 on October 18, 2015, 12:25:07 PM

Quote from: Nicolas Dorier on October 17, 2015, 08:28:11 AM

For information, my node which is currently malleating HighS to LowS detects around 2 and 4% of HighS signatures.

I started to track the numbers earlier the day, and I currently see about 3.5 %.

It would be interesting to know at which percentage the mutated transactions are mined. Did you gather some stats about this already?

Recently, these are the mutations I've seen: http://bitwatch.co/uploads/mutations-2015-10-18.log (not 100 % online)

I just ran again my mutator, the stat I gather is only the % of mutated and show it every 1000 tx. Boring stuff except when a bot go rampage and mutate 30% of them.

dexX7

legendary

Activity: 1106

Merit: 1024

Quote from: Nicolas Dorier on October 17, 2015, 08:28:11 AM

For information, my node which is currently malleating HighS to LowS detects around 2 and 4% of HighS signatures.

I started to track the numbers earlier the day, and I currently see about 3.5 %.

It would be interesting to know at which percentage the mutated transactions are mined. Did you gather some stats about this already?

Recently, these are the mutations I've seen: http://bitwatch.co/uploads/mutations-2015-10-18.log (not 100 % online)

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Nicolas Dorier on October 15, 2015, 10:10:23 AM

Craft a redeem script " OP_EQUALVERIFY", spend it. The mutator will create an invalid transaction which will ban him from the network. Now, you look in your banlist and collect the IP.

Quote from: Nicolas Dorier on October 17, 2015, 08:28:11 AM

For information, my node which is currently malleating HighS to LowS detects around 2 and 4% of HighS signatures.

What if the inner p2sh (redeem) script is the

OP_2DUP OP_EQUAL OP_IF OP_RETURN OP_ENDIF OP_2 OP_2 OP_CHECKMULTISIG

and the scriptSig is
OP_0

Nicolas Dorier

hero member

Activity: 714

Merit: 661

For information, my node which is currently malleating HighS to LowS detects around 2 and 4% of HighS signatures.

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Redeem Script as described here.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Nicolas Dorier on October 15, 2015, 01:29:41 PM

Also, the transaction you show me is not P2SH. The term "redeem script" always implies P2SH.

Wat?

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Also, the transaction you show me is not P2SH. The term "redeem script" always implies P2SH.

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Quote

(note: bc.i parses it incorrect)

Yes, bc.i does not accept OP_RETURN either.

Quote

But it is non-standard and there is no miner today who can confirm it.

Nop.
Standard script rules relaxed for P2SH addresses

Too lazy to find the exact commit though. :p

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Nicolas Dorier on October 15, 2015, 12:10:50 PM

No, arbitrary redeem script are standard since 0.10.

This is not true.

Look to this transaction:
https://blockchain.info/tx/6f1da8a16b067110be35690ca31dc6e483dcf908e83acfa44308bb03c70e3567
It has "arbitrary redeem script" (note: bc.i parses it incorrect)
But it is non-standard and there is no miner today who can confirm it.

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Quote from: amaclin on October 15, 2015, 12:07:10 PM

Quote from: Nicolas Dorier on October 15, 2015, 10:10:23 AM

Craft a redeem script " OP_EQUALVERIFY", spend it.

This is non-standard script. Your peers will ignore it. Miners should ignore it also even get this tx.

No, arbitrary redeem script are standard since 0.10.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Nicolas Dorier on October 15, 2015, 10:10:23 AM

I was kind of surprised, because everytimes I send "inv" a transaction, no node seems to know it and all ask the payload.

You are the only person who modify transactions today. My bot is paused for a long time.

Quote from: Nicolas Dorier on October 15, 2015, 10:10:23 AM

Craft a redeem script " OP_EQUALVERIFY", spend it.

This is non-standard script. Your peers will ignore this tx. Miners should ignore it also even get this tx.

Nicolas Dorier

hero member

Activity: 714

Merit: 661

Quote

I'm running the "seed" branch, and I see many log entries indicating high S -> low S mutations from my node.

I was kind of surprised, because everytimes I send "inv" a transaction, no node seems to know it and all ask the payload.

By the way, I can craft a special scriptPubKey to make mutator banned from network and get IP of people who mutate transactions to HighS, would it be useful ? does the malleability attack on right now ?

Craft a redeem script " OP_EQUALVERIFY", spend it. The mutator will create an invalid transaction which will ban him from the network. Now, you look in your banlist and collect the IP.

dexX7

legendary

Activity: 1106

Merit: 1024

Quote from: BitcoinNewsMagazine on October 15, 2015, 06:55:37 AM

New Bitcoin Core release 0.11.1 obviates the problem by mandating LowS.

This is a very good thing, nevertheless, I'd consider high S -> low S mutation as complementary measure, because a) there are nodes out there, which don't use the new policy, b) and miners, and c) wallet implementations.

Note that the policy rejects high S, which may result in legit transactions getting dropped, which is probably not a favorable outcome.

Quote from: Nicolas Dorier on October 15, 2015, 08:59:45 AM

I am kind of surprised, very few transactions are LowS malleated. Nodes to which I connect always ask me to send the payload...
I thought I was not alone oO

Or maybe the HighS already reached all the other node so the LowS version is always ignored...

I'm running the "seed" branch, and I see many log entries indicating high S -> low S mutations from my node.

Nicolas Dorier

hero member

Activity: 714

Merit: 661

I am kind of surprised, very few transactions are LowS malleated. Nodes to which I connect always ask me to send the payload...
I thought I was not alone oO

Or maybe the HighS already reached all the other node so the LowS version is always ignored...

Nicolas Dorier

hero member

Activity: 714

Merit: 661

I'll keep my program running 1 or 2 weeks the time of miners to update. I'm not alone to do it, but it does not hurt.

BitcoinNewsMagazine

legendary

Activity: 1806

Merit: 1164

New Bitcoin Core release 0.11.1 obviates the problem by mandating LowS.

mezzomix

legendary

Activity: 2618

Merit: 1253

It's good enough if one node is modifying high S transactions to low S. There is no need to change the implementation for everyone.

Topic: Malleability counter attack : Malleate to LowS instead of dropping HighS (Read 3625 times)