Author

Topic: MIM Attack on transaction (Read 707 times)

legendary
Activity: 3472
Merit: 4801
January 06, 2014, 08:03:41 PM
#2
The signature that is included in the inputs is a signature of the entire transaction (or rather a special modified version of the entire transaction) that includes all outputs.  If any output is changed, then the signature is no longer valid.
member
Activity: 102
Merit: 12
January 06, 2014, 05:24:50 PM
#1
I am learning bitcoin protocol, cannot understand mechanism of transaction protection vs MIM attack.

Imagine scenario:

1. Valid user A decided pay 1000BTC to user B. For do this, user A created transaction with N inputs.
Each input he signs with his PrivateKey, and populate fields scriptSig for each input transaction
with his correct digital signature. As I understand from docs, this signature signs transaction input only,
no transaction outputs, or another inputs.

2. User A send this transaction to bitcoin network.

3. Evil MIM intercept this transaction, and block user A to distribute transaction to another peers.

4. Evil MIM generates new transaction, contains all valid signed inputs from intercepted transaction from A,
but alter output(s) to his own wallet. Of course, he generates new transaction hash, etc - and this "v2"
transaction is technically valid.

5. Evim MIM publish his "v2" transaction to the network.

6. Network nodes verify v2-transaction, and found - scriptSig is correct, so transaction is valid.

7. Profit for MIM.

Of course, I understand, system by some way has been protected versus this attack.
But, I did not found in docs about protection mechanism.

Can you explain?

Thanks.
Jump to: