Transaction malleability 2017 | Bitcointalksearch.org

cr1776

legendary

Activity: 4228

Merit: 1313

Quote from: piotr_n on March 12, 2017, 04:04:30 PM

Quote

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process

It's not really confirmed whether mtgox funds were lost through some kind of malleability attack.

That's what they were claiming at some point, but they never showed any proofs, or even a technical explanation of how that would actually be possible.

The hypothesis regarding mtgox (fed by them, iirc) was that they were relying on transaction IDs to update their internal database of balances. So, there were withdrawals, then the attacker changed the transaction ID when they broadcast a transaction (the attacker was directly connected to them). So gox never decreased their balance since they were relying on the TX ID and they would withdraw again. (There were more details).

Again, poorly written non-bitcoin network software IF that is what happened.

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Segwit will not fix this problem! To fix this problem we need segwit + hardfork (restrict negative S value)

Segwit is good improvement, but we need the solution to give ability change block size and this thing very important.
Yes Segwit will get more txs inside 1 MB blocks.
But in case we not accept change block size solution today, to come that day when we will hit the block limit again, at that time bitcoin infrastructure will grow significantly. Do hard fork will be more painful than do it now!

Also accept solution to give ability change block size, this is not mean that we should change block size right now.

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

It definitely looks like some statement from the mining pool, saying 'if we won't activate segwit, look what can be happening'.

Well, I've seen it...
And I'm not impressed, frighten or shocked.

Even though I'd like to see segwit activated.
But not as much as most of the supporters

I also spent my time to add segwit support to my software. It was fun and I won't be crying if this doesn't get used.

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

Quote

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process

It's not really confirmed whether mtgox funds were lost through some kind of malleability attack.

That's what they were claiming at some point, but they never showed any proofs, or even a technical explanation of how that would actually be possible.

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Quote from: andron8383 on March 12, 2017, 03:26:27 PM

Quote from: bitaps on March 12, 2017, 02:52:37 PM

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

So they can trick lets say bitbay that don't wait for confirmation to double sped - interesting.

Quote from: achow101 on March 12, 2017, 03:25:32 PM

Quote from: bitaps on March 12, 2017, 02:46:24 PM

2 transactions try to spend same coins and as result create different output coins

This is double spent

A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process.

Bitclub is not BU supporter, they vote for SegWit. Maybe he want to say that Segwit help us to fix this problem? But this is not true.
Segwit will fix this problem only for witness outputs. All old UTXO set will be still vulnerable for malleability attack. How long will that take to spend all old UTXO?? Grin

Segwit in softfork mode will not solve these problems completely. Before to laugh at BU supporters, better understand in detail in the issue.

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Quote from: achow101 on March 12, 2017, 03:25:32 PM

Quote from: bitaps on March 12, 2017, 02:46:24 PM

2 transactions try to spend same coins and as result create different output coins

This is double spent

A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.

Coin this is link to Transaction Hash and output number inside this transaction. In case transaction hash changed coins that created by this tx also changed. So we have 2 different txs hashes and have different coins in UTXO. Yes all this coins related to same bitcoin address.
But this is different coins, but input coins is same. You can admit it or not, but technically this is double spend.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: andron8383 on March 12, 2017, 03:26:27 PM

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process.

Chains of unconfirmed transactions can be invalidated by malleating a transaction in that chain and having that malleated transaction confirm. So it is possible that people send an exchange like Mt. Gox Bitcoin being spent from an unconfirmed transaction, and one transaction in the chain is malleated thus invalidating the whole chain and the service never actually receives the Bitcoin.

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Quote from: piotr_n on March 12, 2017, 02:24:39 PM

You and bitcoin.com are using big words to describe trivial things.

There was no "attack on the bitcoin networks" - that's ridiculous.

Ever since bitcoin has existed, any miner could have taken a transaction (or all of them) and change the ID(s).
There is nothing new or sensational about it and it is definitely no reason to spread a panic with big titles like "attack on a bitcoin network".

IMHO, such events are actually a good thing, because they show whose bitcoin software is shit.

First of all, my title was not big title with words "attack on a bitcoin network".

Second Bitcoin.com :

Quote

In the two blocks they mined, 456545 and 456552, they changed all the txid inside the blocks. In other words, they “double spent” all transactions.

It's not quite so. Bitclub not change tx signatures inside his blocks. All transactions in mempool was attacked within few seconds after broadcasting to network. Same one do attack on mempool. Most of nodes not accept and not relay this tx because double spending tx not accepting for relay in most nodes settings (except RBF txs). But Bitclub accept this txs. Exploiting attack is not good thing, good thing is fix vulnerability in bitcoin protocol.

andron8383

sr. member

Activity: 333

Merit: 250

Quote from: bitaps on March 12, 2017, 02:52:37 PM

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

So they can trick lets say bitbay that don't wait for confirmation to double sped - interesting.

Quote from: achow101 on March 12, 2017, 03:25:32 PM

Quote from: bitaps on March 12, 2017, 02:46:24 PM

2 transactions try to spend same coins and as result create different output coins

This is double spent

A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: bitaps on March 12, 2017, 02:46:24 PM

2 transactions try to spend same coins and as result create different output coins

This is double spent

A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

Quote from: bitaps on March 12, 2017, 02:59:22 PM

Not quite understood your sarcasm

You and bitcoin.com are using big words to describe trivial things.

There was no "attack on the bitcoin networks" - that's ridiculous.

Ever since bitcoin has existed, any miner could have taken a transaction (or all of them) and change the ID(s).
There is nothing new or sensational about it and it is definitely no reason to spread a panic with big titles like "attack on a bitcoin network".

IMHO, such events are actually a good thing, because they show whose bitcoin software is shit.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

You're trying to say

"this double spend attempt failed, therefore it succeeded!"

Which is why you're attracting derision

Shut up

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Not quite understood your sarcasm

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

Quote from: bitaps on March 12, 2017, 02:52:37 PM

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

That's fascinating.

Perhaps you should write a paper about it.
bitcoin.com should be able to publish it for you.
They seem to be very much into bitcoin science.

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

Quote from: bitaps on March 12, 2017, 02:46:24 PM

2 transactions try to spend same coins and as result create different output coins

This is double spent

But only one of them gets confirmed - how is it a double spent?

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

2 transactions try to spend same coins and as result create different output coins

This is double spent

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

Quote from: bitaps on March 12, 2017, 02:40:45 PM

Yes different tx_id and create different coins in blockchain, technically this is double spending input coins, but no way to steal btc

No sir.

This is not "double spending input coins" - not technically, nor in any other way.

The spending transaction just ended up in the blockchain with a different ID - that's it.
There is nothing more about it; no attacks, no double spending - nothing more!

bitaps

member

Activity: 148

Merit: 45

https://bitaps.com/

Quote

How is it not clear how it was performed, if they had just said that "by exploiting the symmetry characteristic of elliptic curves"

ECDSA Signature consists of 2 big numbers, R and S. In case we change S to (S * -1) it will not invalidate signature. Because during signature verification used the absolute value of S.

Quote

What "double spent"Huh
It was exactly the same spent, just with a different txid. Smiley

Yes different tx_id and create different coins in blockchain, technically this is double spending input coins, but no way to steal btc

piotr_n

legendary

Activity: 2053

Merit: 1356

aka tonikt

BTW, this article on news.bitcoin.com is hilarious.

For instance, it says:

Quote

In the two blocks they mined, 456545 and 456552, they changed all the txid inside the blocks. In other words, they “double spent” all transactions.

What "double spent"??
It was exactly the same spent, just with a different txid.

Then:

Quote

Blockchain.info, the most widely used blockchain explorer, is basically crashed during the attack event. Since block 456545, blockchain.info no longer received any new blocks.”

So it seems that what it "attacked", was not any "bitcoin network", but only a buggy software used by Blockchain.info
Well, at least they got a chance t fix it

And then:

Quote

It’s still not exactly clear how the attack was performed.

How is it not clear how it was performed, if they had just said that "by exploiting the symmetry characteristic of elliptic curves"?

Topic: Transaction malleability 2017 (Read 1625 times)