Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: HCLivess on April 30, 2015, 02:19:41 PM



Title: Where is the transaction signed?
Post by: HCLivess on April 30, 2015, 02:19:41 PM
Hello, in my attempts at creating an alternative to bitcoin from scratch, I encountered this serious issue related to transaction signing. I am capable to sign transaction details locally, but if I sign the transaction locally and then broadcast the ledger update, the transaction signing does not matter, because I can forge the file after signing the transaction.

Where exactly is the transaction signed in Bitcoin and how is it assured that the transaction broadcasted to peers is indeed signed and not forged?

example of my faulty client:
-Alice sends 2 coins to Adam
-Alice uses the application to sign the transaction
-Application saves the transaction to the local database
-Alice meddles with the local database
-Local database is then broadcasted with false data

Is the only solution really a ledger with history of all transactions?


Title: Re: Where is the transaction signed?
Post by: DannyHamilton on April 30, 2015, 02:26:35 PM
Hello, in my attempts at creating an alternative to bitcoin from scratch, I encountered this serious issue related to transaction signing. I am capable to sign transaction details locally, but if I sign the transaction locally and then broadcast the ledger update, the transaction signing does not matter, because I can forge the file after signing the transaction.

Where exactly is the transaction signed in Bitcoin

In the scriptSig.

and how is it assured that the transaction broadcasted to peers is indeed signed and not forged?

A proof-of-work system is used to maintain the consensus on which transactions have actually occurred.

Perhaps you should try reading the whitepaper?
https://bitcoin.org/bitcoin.pdf

Is the only solution really a ledger with history of all transactions?

The public ledger with a proof-of-work to establish consensus is the ingenious solution that Satoshi Nakamoto came up with after a few decades of others failing to come up with workable solutions.  Prior to that, the only known solution was a centralized system where a "clearing house" was used to keep track of which transactions actually occurred.  If you come up with a decentralized solution that doesn't require a public ledger, let us know.


Title: Re: Where is the transaction signed?
Post by: virtualx on April 30, 2015, 04:10:10 PM
Where exactly is the transaction signed in Bitcoin and how is it assured that the transaction broadcasted to peers is indeed signed and not forged?

The transaction is signed before it is transmitted to the bitcoin network. It is assured because you sign the transaction. You are the only one that can sign the transaction because you have the private key.


Title: Re: Where is the transaction signed?
Post by: samson on May 03, 2015, 09:07:27 PM
Where exactly is the transaction signed in Bitcoin and how is it assured that the transaction broadcasted to peers is indeed signed and not forged?

You know it's not forged because the signature can be verified using the public key.

If the signed data has been altered in any way the signature verification will fail.


Title: Re: Where is the transaction signed?
Post by: HCLivess on May 04, 2015, 10:44:40 AM
Thanks. I found something, looks like everything is explained in the level of detail I needed

http://bitcoin.stackexchange.com/questions/8250/what-is-relation-between-scriptsig-and-scriptpubkey
https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/bitcoin/v/bitcoin-digital-signatures
http://www.laurentluce.com/posts/python-and-cryptography-with-pycrypto/#a_1