Author

Topic: What happens when two users import a private key/wallet.dat (Read 766 times)

newbie
Activity: 3
Merit: 0
Thanks, now i understand it more less. So using two wallets with the same private key would be something similar to attacking myself.
Question of multiuser wallet still seem to be interesting.
Unfortunately i've found only one attempt in bitcoinj Google groups. No real conclusion.
legendary
Activity: 3472
Merit: 4801
One thing that bothers me is double spending. When it will occur:
1) When A and B try to spend more bitcoin than they have in wallet
2) When A and B try to spend bitcoins at the same moment, even if they don't spend all money in their wallet

Which one is true?

Neither (or both) depending on how you look at it.

At the protocol level, bitcoin separately keeps track of every transaction received.  It does not "blend together" these balances.  If you receive, at a single bitcoin address, three transactions each for a different balance for example 3 BTC, then 4 BTC, and 6 BTC then the wallet might show you a balance of 13 BTC, but it is actually keeping track of each of those transaction outputs individually.

When spending bitcoins, the protocol requires that you spend one or more outputs in their entirety.  If, given the example, you want to send someone 1 BTC, your wallet would have to spend one or more of the listed outputs completely.  Assuming for the moment that the wallet chose to spend the 3 BTC output, it would create a transaction that used the 3 BTC output as an input to the transaction.  The transaction would then have 2 outputs, an output for 1 BTC sent to the recipient's address, and a separate output for 2 BTC to an address in your wallet as "change".  Once this transaction is confirmed, the previous 3 BTC output is considered "spent" and can never be spent again.  Any further attempt to spend the 3 BTC output would be considered a failed "double spend" attempt.  If you want to spend the remaining 2 BTC, you'd have to know about and spend the new 2 BTC output.

So, a double spend attempt will occur any time two separate attempts are made to spend the same previously received output.

If A spends all the bitcoins in their wallet, then obviously this will mean that they have spent all the outputs that any copy of the wallet might be tracking.  If the wallet that B is running hasn't yet been updated with the information that A's wallet already spent those outputs, then B could attempt to "spend more than they have in the wallet" and as such attempt to spend one or more of the already spent outputs.  This would be a double spend attempt.

If A and B try to spend bitcoins at the same moment, both wallets could choose to spend one or more of the same previously received unspent outputs.  This would be a double spend attempt.

It is generally a bad idea to attempt to run two separate wallets that are both attempting to track and spend bitcoins received at the same addresses.  There are many opportunities for one wallet to be unaware that the other wallet already spent some of the outputs.  Perhaps in the future someone will come out with a wallet that synchronizes well between multiple instances to avoid such issues, but at the moment, the only wallets that do this, do so by sending all communications through a centralized server that keeps track of each of the unspent outputs in one place.  Each "instance" of the wallet is really just a separate connection to the one server that is tracking the balances and addresses.
newbie
Activity: 3
Merit: 0
Imagine situation where A and B use the same private key/wallet.dat - can it be compared to using one bank account by two persons?
For example A & B have one bank account, each of them hold own credit card and can use money in this account until they spend all.

Is this possible?
Would it be reasonable way of reaching such goal with Bitcoins? (imagine company or family account or similar situations)

One thing that bothers me is double spending. When it will occur:
1) When A and B try to spend more bitcoin than they have in wallet
2) When A and B try to spend bitcoins at the same moment, even if they don't spend all money in their wallet

Which one is true?
newbie
Activity: 13
Merit: 0
well put...i lol'd
hero member
Activity: 955
Merit: 1002
This is one case (notice the massive amount of unconfirmed transactions)

http://blockchain.info/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

This is the 'correct horse battery staple' brainwallet address that it defaults to when you visit the site.

It seems people are importing this address' private key in the hope that they'll be able to move the bitcoins quickly enough as they arrive.

I suspect some of these people doing this don't realise that when they make a transaction from a different address in their wallet the change may be sent the this address

edit - just looked at this again - it seems someone is actually trying to attack the blockchain. Hadn't noticed this before today.
sr. member
Activity: 370
Merit: 250
Interesting.

I have been chewing on the idea of services similar to an exchange/wallet to satisfy that.

For example, a third party company where you deposit bitcoins. That company vouches you have X balance. The vendor could rely on that companies integrity to deal with random unknowns. It might cut down on the number of transactions.

E.g. two people trade btc and belong to the same voucher company. The voucher company doesn't need to move any bitcoin, just change the balance in their records. Then you are entitled to withdraw your new balance when you need to.

I don't really like the idea, it feels too much like a credit company to me and it's kind of an "All your eggs in one basket approach"
legendary
Activity: 3472
Merit: 4801
IT sounds to me that if 20 people all have the same wallet.dat file  and they went out to a bunch of merchants and spent the money at the same time - only one merchant would get their BTC... the others would find the BTC to already be spent.

Is this not a problem?

Yes, and no.

This is a known behavior of bitcoin.  Nearly all 0 confirmation double spend attacks take advantage of this behavior.

If the merchant is able to wait for 1 confirmation, then this is no longer a problem.  As soon as a confirmation happens, all the other attempted transactions vanish and all the other merchants know that they have not really received any transaction.  Accepting a transaction with 0 confirmations is a bit like accepting a check from someones checking account.  There is no way to be confident that you are actually going to get paid until you get a confirmation.

Now, if the merchant isn't able to wait for one confirmation, there are a few other options for ensuring that they get paid.  First, the merchant can acquire identifying information on the consumer that could assist in prosecuting theft.  Video cameras, government issued ID, or even a customer loyalty program can go a long way towards discouraging fraud.

Second, the merchant can partner with a third party vender for payment processing.  Perhaps a company comes along (lets call them Asiv) that issues to consumers a 3 ⅜ × 2 ⅛ in (85.60 × 53.98 mm) plastic card with a an account number and a magnetic strip on the back.  Then Asiv partners with merchants providing them with a piece of equipment they can connect to their point of sale system.  When a consumer visits the merchant, they swipe their plastic card through the device and Asiv registers a transaction.  Asiv contracts to pay the merchant on a regular basis (maybe nightly?) the total of all the transactions processed by the merchant (minus a small fee).  Now the merchant doesn't have to be concerned about payment from the consumer since they know they'll be paid by Asiv.  Then once a month or so, Asiv send out an invoice to all the consumers that have used their card and collects payment from them.

Other solutions will be possible as well.  Perhaps the paradigm will change, and consumers will make a bitcoin deposit to the merchant as the enter the store.  By the time they are ready to check out, their deposit will already have at least 1 confirmation.  Then the merchant just sends the "change" back to the consumer before they leave.
member
Activity: 131
Merit: 10
IT sounds to me that if 20 people all have the same wallet.dat file  and they went out to a bunch of merchants and spent the money at the same time - only one merchant would get their BTC... the others would find the BTC to already be spent.

Is this not a problem?
legendary
Activity: 3472
Merit: 4801
Interesting and thank you for the answer.

To explain it back to make sure I have it and assuming we are using the same wallets:
Wallet A: 1 BTC
Wallet B: 1 BTC
Wallet C: 10 BTC

Both A & B import C

Wallet A: 11 BTC
Wallet B: 11 BTC

But 10 BTC is "shared" between them until it is spent. As they are spent the balance of both wallets would change?

It's a bit more complicated than that, and it depends on which wallet you use and how you import it, but at a basic level yes.

A wallet actually keeps track of the set of transactions that were sent to addresses that the wallet knows about.  It doesn't combine them together into a single amount (even though it displays it to you that way).  So if you receive four separate transactions that pay you 1 BTC, 2 BTC, 3 BTC, and 4 BTC then the wallet will show that you have 10 BTC.  But if you then spend 1.5 BTC, the wallet might choose to spend the 1 BTC and the 2 BTC (for a total of 3 BTC).  It would create a transaction that would send 1.5 BTC to the intended recipient.  Then it would create a new address that it doesn't tell you about.  It sends the remaining 1.5 BTC back into the wallet at this new address.

So if Wallet C had received the 4 transactions I just mentioned, and then after importing if Wallet A were to send 1.5 BTC somewhere, then Wallet B might see 3 BTC suddenly disappear while Wallet A saw its balance reduced by 1.5BTC.  Then if Wallet B sent 5 BTC, it might choose to spend the remaining 4 BTC and 3 BTC outputs, sending the change to a new address in Wallet B.  So Wallet A would see it's balance suddenly drop by 7 BTC, while Wallet B sees its balance drop by 5 BTC.

It is also possible that one wallet sends the bitcoins in a transaction that the other wallet doesn't hear about right away.  Then when you create a transaction with the second wallet, it attempts to re-spend the same previous output.  This is a "double spend" attempt and will cause some confusion as the second wallet never sees its transaction confirm, and the rest of the network never sees the second transaction.
sr. member
Activity: 370
Merit: 250
Interesting and thank you for the answer.

To explain it back to make sure I have it and assuming we are using the same wallets:
Wallet A: 1 BTC
Wallet B: 1 BTC
Wallet C: 10 BTC

Both A & B import C

Wallet A: 11 BTC
Wallet B: 11 BTC

But 10 BTC is "shared" between them until it is spent. As they are spent the balance of both wallets would change?
legendary
Activity: 3472
Merit: 4801
Say a friend and I have wallets and find a third wallet.dat. We both import that wallet. The only thing I've found is "Weird things happen"

It really depends on the client that you import it to, and the method you use to import it.

Assuming that all three wallets are using Bitcoin-Qt, and that you each use importprivkey to import the the private keys from the third wallet:

If that third wallet has any bitcoins in it, both you and your friend will see those bitcoins added to the balance of your wallets.

Whichever of you spends the various outputs from the third wallet first will most likely see your transactions go through.  The other of you might see the coins get sent out of their wallet.  If they try to spend the same outputs before their wallet sees the updated blockchain with the spent outputs, they will find their transaction is a double spend attempt that the network will reject.
sr. member
Activity: 370
Merit: 250
Say a friend and I have wallets and find a third wallet.dat. We both import that wallet. The only thing I've found is "Weird things happen"
Jump to: