Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: katatunix on April 26, 2015, 05:55:32 PM



Title: [Proposal] Why don't we sign receivers' addresses also?
Post by: katatunix on April 26, 2015, 05:55:32 PM
Hello,

Let's consider following scenario:

  • Alice (a honest girl) is buying a product from the merchant Apple.
  • Alice create a new transaction TxA to send her bitcoins to Apple.
  • Bob (a bad guy) receives TxA and modifies the receiver's address to create TxB.
  • Assume that the TxB will be confirmed, not TxA. So Bob (not Apple) will receive Alice's bitcoins.
  • Apple will not send the product to Alice because the TxA has not been confirmed.
  • Alice is the only victim in this scenario.

As far as I know, to create TxA, Alice must sign her bitcoins which is identified by the output index in the former transaction. So why doesn't Alice sign the receiver's address (Apple) also when creating TxA? This will make Bob cannot modifies the receiver's address and thus can prevent the scenario above.


Title: Re: [Proposal] Why don't we sign receivers' addresses also?
Post by: shorena on April 26, 2015, 06:06:47 PM
Changing the receiving address(es) will render the signature(s) invalid.


Title: Re: [Proposal] Why don't we sign receivers' addresses also?
Post by: katatunix on April 26, 2015, 06:25:00 PM
Changing the receiving address(es) will render the signature(s) invalid.

Thanks for your reply :)

Could you please explain in more detail? If the signature was not produced from the receiving address, how can changing the receiving address render the signature invalid?

Note that the receiving address here is Apple.


Title: Re: [Proposal] Why don't we sign receivers' addresses also?
Post by: shorena on April 26, 2015, 08:02:36 PM
Changing the receiving address(es) will render the signature(s) invalid.

Thanks for your reply :)

Could you please explain in more detail? If the signature was not produced from the receiving address, how can changing the receiving address render the signature invalid?

Note that the receiving address here is Apple.

Sorry Im a bit tired atm, but you sign more than just the inputs. I hope this helps -> http://bitcoin.stackexchange.com/questions/3374/how-to-redeem-a-basic-tx


Title: Re: [Proposal] Why don't we sign receivers' addresses also?
Post by: DannyHamilton on April 26, 2015, 09:33:40 PM
Why don't we sign receivers' addresses also?

We do.  Why do you think that we don't?

Let's consider following scenario:

  • Alice (a honest girl) is buying a product from the merchant Apple.
  • Alice create a new transaction TxA to send her bitcoins to Apple.
  • Bob (a bad guy) receives TxA and modifies the receiver's address to create TxB.

Not possible.  When Alice created the transaction, the signature covered her inputs AND all the outputs.  If Bob changes the outputs then the transaction is no longer valid because the signature no longer matches the signed content.

As far as I know, to create TxA, Alice must sign her bitcoins which is identified by the output index in the former transaction.

This is not correct.  In each input, Alice supplies a signature of all the relevant parts of the transaction (inputs and outputs). The signature must be created with the private key that is associated with the address that the output being spent was sent to.

So why doesn't Alice sign the receiver's address (Apple) also when creating TxA?

She does.

This will make Bob cannot modifies the receiver's address and thus can prevent the scenario above.

Correct.

Exactly how did you think Bitcoin lasted 7 years and grew to its significant amount of usage without this basic protection?

Perhaps you should try reading the original bitcoin whitepaper?

https://bitcoin.org/bitcoin.pdf


Title: Re: [Proposal] Why don't we sign receivers' addresses also?
Post by: katatunix on April 27, 2015, 04:28:47 AM
Thanks all. It's clear now.