Topic: Who is mutating transactions? (Read 3138 times)

Some similarity here with how the NSA's Quantum / Foxacid servers work? 

To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

Two of the three issues relate to the fact that other cryptographic systems are not canonical.  When it is all done Bitcoin will be more restricted than the underlying systems is relies on.

Sorry, if I am repeating questions that have already been answered.

1. Is there a precise and unique canonical form for every legal bitcoin transaction?
2. Given a bitcoin transaction, is there a specified and efficient algorithm for verifying whether or not the transaction is in canonical form?
3. Given a bitcoin transaction that is not in canonical form is there a specified and efficient algorithm for converting the transaction into canonical form?
4. Assuming the answer to the above questions are "yes" then how widely deployed are these implementations?

At this point, there are two ways a transaction can be mutated:  if it is in non-canonical form, it can be converted to canonical form. Alternatively, if it is in canonical form, it can be converted to a non-canonical form.

It seems to me that the only serious problem would be if miners are mining transactions that aren't in canonical form. Is this happening?  (It would seem easy to check by simply examining the block chain.)  If the minors are not doing this, then it seems that the entire issue is "much ado about nothing".  If the originating (custom) wallet is outputting transactions that aren't in canonical form, it is simply broken and should be fixed.  However, this is not a global problem for bitcoin, just a problem for the users of the broken wallet.

It seems only good computing hygiene to implement a canonical form and to strictly enforce it. It's not that this is a new problem.  In the context of Bitcoin it has been known for several years.  In the context of cryptography the requirement for canonical forms in data representations has been known for decades. IMO it is more important to clean up and simplify  a protocol before adding new and more complex features that will explore existing and new "edge" cases.

p2pool and solo miners are insignificant (unfortunately). Connect to the top 2-3 pools and you're golden.

I don't think anyone scammed Gox , although it could very well be possible they are trying to scam others right now. After posting about the attack scheme here two days ago and also on the mailing list : https://bitcointalksearch.org/topic/imp-malleability-attack-scheme-458608 .. I am beginning to think it could be either Gox or an insider job with collusion with antagonistic forces (all speculation here .. but I guess thats all we can do for now).

Check the sequence of events here : http://thenoblebot.blogspot.in/2014/02/malleability-attack-bitcoin.html. Hope we can get down to the bottom of this.

OK, you have a point, it's not illegal to mutate bitcoin transactions. But the operation isn't zero-cost,
so I assumed that someone is doing this for a profit (whatever that is), and that is probably illegal.
Could be someone who wants to undermine the whole bitcoin concept, like a competitor, in which case
it's unfair competition, or just some hackers that scammed MtGox for thousands of coins (I wish they would clarify this).

Maybe I am playing devils advocate here, but ... Although it might be harmful and malicious, what exactly is (or should be) illegal about mutating transactions and rebroadcasting them? Bitcoin reference client is open source and operating any modified version is not illegal.

Sorry by "miner" I mean the entity that is actually constructing the block.  That would be pool operators, solo miners, p2p miners, etc.  If you are not constructing the block you aren't a miner, you are a "hashrate provider" who blindly hashes whatever the pool tells you to.  An independent contractor if you will who sells his hashing power for a contracted rate.

Isn't it far more important to be connected to the pools? Most miners don't actually receive transactions, but receive blocks from their pools.

Hopefully you have updated your node so it won't relay the corrupted Tx's. I don't have keys on hand so I cannot update my hosted node until tomorrow.

https://bitcointalksearch.org/topic/m.5091537

Not all nodes are created equal.  A node running on a residential ISDN connection isn't going to compare a super nodes with 25,000 connections on low latency, high bandwidth connections.

The "attack node" can also intentionally not relay the originals.   If one wanted to increase the odds they would run multiple attack nodes each with thousands or tens of thousands of connection in an attempt to "cut off" and delay the original transactions from miners.  They don't have to win every race, just enough to cause some "chaos".

Our broadcast node is on a datacenter connection and has a large number of inbound connections.  At least so far, no mutated version of our spends have made it into a block.  The large number of high speed, low latency connections means we likely are probably within 1 or 2 quick hops from most miners making it difficult for the duplicate to win any races.   Someone with a few lower speed connections where half of them are to attack nodes wouldn't have the same "luck".

The sender is at the beginning at least one step (node) ahead of the the attacker. So the attacker needs to be one step (node) closer to a miner. -> Assuming the attacker is not directly connected to the sender.
I was under the impression that MtGox, BTC-E and Bitstamp broadcast their TXs to hundred of nodes. Hence it is quite unlikely that none of these nodes is a miner or directly connected to a miner.
You probably get with a single decent connected node lucky once in a while. But I am not sure if you can easily pull of 16k duplicated TXs (depending on how many were successful).

That is retarded... people are selling BTC locked up at Gox at a discount as a hedge against MtGox being insolvent and running with their BTC. Gox BTC is obviously not as valuable as other BTC right now, because you can't do anything with BTC tied up at gox.

Exactly... anyone can run a well connected node... you also don't have to be first to publish mutated transactions and have sites like blockchain.info register them as double spends.  You have to beat the other broadcast to miners to get it included in a block, but this simple muation spam doesn't require that.

What makes you think well connected nodes requires some massive expense and cost?

Also for MtGox most of their tx were defective in some way and being dropped by relay nodes.   You could have sent the tx to a miner by bike messenger and it would have "beat" MtGox.

Nope, you just need a targeted connection and know in advance you're going to broadcast to it.

just look for all those people trying to exchange gox coins for btc,
they're just laundering their gox "i got coin out of thin air thank to gox faulty processes" for btc
the only way for them to sell btc at a discount is if they know for sure that btc has been stolen from gox.

and how can they know that?
 because they did.

A few possibilies:
1. Someone creating FUD to buy cheap coins (probably scammed mtgox first)
2. Banks/NSA try to damage bitcoin (but why would they start with mtgox related txs?)
3. A competitor like Ripple, Nxt or Ethereum
4. Mtgox trying to make it look like a general problem (but I highly doubt that)

Disagree. You need a lot of well connected nodes to be faster than mgox, btc-e, bistamp, coinbase...

Anyone could do this... it wouldn't require huge effort or cost.  Might well be MtGox themselves trying to make their problem seem more serious and global.

There are a number of threads on it in here, they answer all the questions.