|
Title: in-flight transaction fraud Post by: Hari.M on December 13, 2015, 11:16:28 PM What prevents a fraudster to divert the pending payment? Here is the scenario:
Step-1: User-1 initiates TXN-1 for payment to User-2 and the TXN is not yet confirmed i.e. POW is ongoing. Step-2: A fraudster( someone listening or participating in the NW), in the meantime while POW is pending, creates a new TXN-2 to pay the funds to User-3 by copying the rest of the TXN-1 data including the input Signature/Script. Step-3: if miners reject both TXN-1 & TXN-2 suspecting that it is a double spend, what prevents the fraudster to issue a new TXN-3 by copying the TXN-2( if needed changing the payment to User-4) for the next block POW or confirmation? In other words, the question boils down to copying the input script/signature from pending transaction for fraud. Thanks in advance. Title: Re: in-flight transaction fraud Post by: DannyHamilton on December 13, 2015, 11:31:34 PM This belongs in the Beginners and Help (https://bitcointalk.org/index.php?board=39.0) section.
If a fraudster creates a modified TXN-2, that spends the same inputs but with different outputs, then network will reject it because the signature will no longer be valid. That is the whole purpose of a digital signature (not just with bitcoin). The signature will only be recognized as valid for the original data that the signature was computed on. It is a way of proving that the signed data was signed by the person that is in control of the private key. Since the fraudster doesn't have the private key, they won't be able to create a valid signature for the modified transaction. So, TXN-2 will be rejected as invalid, and TXN-1 will continue to remain unconfirmed until it is included in a solved block. Title: Re: in-flight transaction fraud Post by: Hari.M on December 13, 2015, 11:48:02 PM Thanks. Not sure how to foward the rest of the conversation to the referred beginer topic/thread. Ok, my understandig is that the digital signature is to confirm the ownership of the Private Key but not to the remaining data of the transaction. I would appreciate if you can clarify further as to how signature also covers the remaining data besides the Private Key or pass any relevant link(s). Thanks.
Title: Re: in-flight transaction fraud Post by: DannyHamilton on December 13, 2015, 11:57:29 PM Thanks. Not sure how to foward the rest of the conversation to the referred beginer topic/thread. At the bottom left of this thread are two links. One says "lock topic", and you can click that once you are satisfied that your question has been answered sufficiently. It will keep trolls and spammers (or anyone else) from being able to post in this thread in the future so it won't keep getting bumped to the top of the thread list. The other says "move topic", and you can click it now to move this topic to the appropriate sub-forum. Note that those two links are only available to the person that creates the thread (and the forum moderators). Ok, my understanding is that the digital signature is to confirm the ownership of the Private Key but not to the remaining data of the transaction. I would appreciate if you can clarify further as to how signature also covers the remaining data besides the Private Key or pass any relevant link(s). Thanks. Here's a link: https://en.wikipedia.org/wiki/Digital_signature You'll see there that "A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents". In the case of a bitcoin transaction, the transaction itself is the "digital message" that being demonstrated as authentic. The digital signature doesn't "confirm the ownership of the private key". What it does is prove that the message (or in this case the transaction) was signed by a person in possession of the private key. |