Title: Transaction malleability 2017 Post by: bitaps on March 10, 2017, 09:19:34 PM Today about 15 hours ago, was transaction malleability attack to bitcoin network. BIP 62 was accepted in 2014 but in 2017 miner BitClub mine transactions with negative S value in signature! :o So BitClub gave the opportunity to this attack get success
We have bitcoin node with ability to save all events on bitcoin network. Statistics on our bitcoin node: Total affected Transaction: 84335 Success: 1405 Code: 9ab1d8ede94b8997c526680c197ed6cf1d2004845f1a409645c36c52d5c3fefa Full list of successfully attacked transactions http://pastebin.com/KGYpqPta Title: Re: Transaction malleability 2017 Post by: achow101 on March 10, 2017, 10:11:20 PM Who malleated those transactions?
I know that those who have chains of unconfirmed transactions that were based off of the original non-malleated ones were, but how many transactions is that? Who else was affected by these transactions? Title: Re: Transaction malleability 2017 Post by: johoe on March 10, 2017, 10:27:29 PM BIP-62 was withdrawn. You may be confusing it with BIP-66, which didn't have low-S requirement. There is also a relay policy for low-S but not a soft fork. BIP-146 may fix it some day.
There are several discussions on reddit on r/btc. I think BitClub mined three blocks with high-S and BitmainWarrenty (not to be confused with Bitmain) was also involved. It also temporarily broke blockchain.info. Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 01:43:16 PM How is it an attack?
Who is it attacking and what for? Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 05:54:00 PM How is it an attack? Who is it attacking and what for? Here is official News about it https://news.bitcoin.com/bither-ceo-bitclub-performing-segwit-related-attack-network/ Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 07:24:39 PM How is it an attack? Who is it attacking and what for? Here is official News about it https://news.bitcoin.com/bither-ceo-bitclub-performing-segwit-related-attack-network/ How does it answer any of my questions? Please explain why it is called "attack". Using such a word implies that there was an aggressor and a victim. So who was the victim and how was it hurt? Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 07:33:21 PM BTW, this article on news.bitcoin.com is hilarious.
For instance, it says: Quote In the two blocks they mined, 456545 and 456552, they changed all the txid inside the blocks. In other words, they “double spent” all transactions. What "double spent"??It was exactly the same spent, just with a different txid. :) Then: Quote Blockchain.info, the most widely used blockchain explorer, is basically crashed during the attack event. Since block 456545, blockchain.info no longer received any new blocks.” So it seems that what it "attacked", was not any "bitcoin network", but only a buggy software used by Blockchain.infoWell, at least they got a chance t fix it :) And then: Quote It’s still not exactly clear how the attack was performed. How is it not clear how it was performed, if they had just said that "by exploiting the symmetry characteristic of elliptic curves"? :)Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 07:40:45 PM Quote How is it not clear how it was performed, if they had just said that "by exploiting the symmetry characteristic of elliptic curves" ECDSA Signature consists of 2 big numbers, R and S. In case we change S to (S * -1) it will not invalidate signature. Because during signature verification used the absolute value of S. Quote What "double spent"Huh It was exactly the same spent, just with a different txid. Smiley Yes different tx_id and create different coins in blockchain, technically this is double spending input coins, but no way to steal btc Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 07:44:34 PM Yes different tx_id and create different coins in blockchain, technically this is double spending input coins, but no way to steal btc No sir. This is not "double spending input coins" - not technically, nor in any other way. The spending transaction just ended up in the blockchain with a different ID - that's it. There is nothing more about it; no attacks, no double spending - nothing more! Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 07:46:24 PM 2 transactions try to spend same coins and as result create different output coins
This is double spent Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 07:49:17 PM 2 transactions try to spend same coins and as result create different output coins This is double spent But only one of them gets confirmed - how is it a double spent? Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 07:52:37 PM Right! Any double spent attempt have one winner tx and losing tx or few losing txs
Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 07:55:09 PM Right! Any double spent attempt have one winner tx and losing tx or few losing txs That's fascinating. Perhaps you should write a paper about it. bitcoin.com should be able to publish it for you. They seem to be very much into bitcoin science. Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 07:59:22 PM Not quite understood your sarcasm
Title: Re: Transaction malleability 2017 Post by: Carlton Banks on March 12, 2017, 08:06:38 PM You're trying to say
"this double spend attempt failed, therefore it succeeded!" Which is why you're attracting derision Shut up Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 08:07:33 PM Not quite understood your sarcasm You and bitcoin.com are using big words to describe trivial things.There was no "attack on the bitcoin networks" - that's ridiculous. Ever since bitcoin has existed, any miner could have taken a transaction (or all of them) and change the ID(s). There is nothing new or sensational about it and it is definitely no reason to spread a panic with big titles like "attack on a bitcoin network". IMHO, such events are actually a good thing, because they show whose bitcoin software is shit. Title: Re: Transaction malleability 2017 Post by: achow101 on March 12, 2017, 08:25:32 PM 2 transactions try to spend same coins and as result create different output coins A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.This is double spent Title: Re: Transaction malleability 2017 Post by: andron8383 on March 12, 2017, 08:26:27 PM Right! Any double spent attempt have one winner tx and losing tx or few losing txs So they can trick lets say bitbay that don't wait for confirmation to double sped - interesting. Quote Some online chatter regarding the issue revolved around the idea that the attack is political; trying to influence developers and stakeholders to come to a solution to the so-called malleability issue (which Segwit is intended to solve). For me all know that "malleability issue" but BU :D shit this like nothing happened everything is ok you can makes attacks and what now ? For those BU supporters waiting 30min for confirmations is not big deal. I think that Bitcoin have to fix security holes that shout this is your foud you sould be wait for 30 min confirmations if you have luck because not you can wait up to few hours :D 2 transactions try to spend same coins and as result create different output coins A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.This is double spent so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process. Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 08:30:21 PM You and bitcoin.com are using big words to describe trivial things. There was no "attack on the bitcoin networks" - that's ridiculous. Ever since bitcoin has existed, any miner could have taken a transaction (or all of them) and change the ID(s). There is nothing new or sensational about it and it is definitely no reason to spread a panic with big titles like "attack on a bitcoin network". IMHO, such events are actually a good thing, because they show whose bitcoin software is shit. First of all, my title was not big title with words "attack on a bitcoin network". Second Bitcoin.com : Quote In the two blocks they mined, 456545 and 456552, they changed all the txid inside the blocks. In other words, they “double spent” all transactions. It's not quite so. Bitclub not change tx signatures inside his blocks. All transactions in mempool was attacked within few seconds after broadcasting to network. Same one do attack on mempool. Most of nodes not accept and not relay this tx because double spending tx not accepting for relay in most nodes settings (except RBF txs). But Bitclub accept this txs. Exploiting attack is not good thing, good thing is fix vulnerability in bitcoin protocol. Title: Re: Transaction malleability 2017 Post by: achow101 on March 12, 2017, 08:31:59 PM so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process. Chains of unconfirmed transactions can be invalidated by malleating a transaction in that chain and having that malleated transaction confirm. So it is possible that people send an exchange like Mt. Gox Bitcoin being spent from an unconfirmed transaction, and one transaction in the chain is malleated thus invalidating the whole chain and the service never actually receives the Bitcoin.Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 08:40:37 PM 2 transactions try to spend same coins and as result create different output coins A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.This is double spent Coin this is link to Transaction Hash and output number inside this transaction. In case transaction hash changed coins that created by this tx also changed. So we have 2 different txs hashes and have different coins in UTXO. Yes all this coins related to same bitcoin address. But this is different coins, but input coins is same. You can admit it or not, but technically this is double spend. Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 08:54:18 PM Right! Any double spent attempt have one winner tx and losing tx or few losing txs So they can trick lets say bitbay that don't wait for confirmation to double sped - interesting. Quote Some online chatter regarding the issue revolved around the idea that the attack is political; trying to influence developers and stakeholders to come to a solution to the so-called malleability issue (which Segwit is intended to solve). For me all know that "malleability issue" but BU :D shit this like nothing happened everything is ok you can makes attacks and what now ? For those BU supporters waiting 30min for confirmations is not big deal. I think that Bitcoin have to fix security holes that shout this is your foud you sould be wait for 30 min confirmations if you have luck because not you can wait up to few hours :D 2 transactions try to spend same coins and as result create different output coins A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.This is double spent so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process. Bitclub is not BU supporter, they vote for SegWit. Maybe he want to say that Segwit help us to fix this problem? But this is not true. Segwit will fix this problem only for witness outputs. All old UTXO set will be still vulnerable for malleability attack. How long will that take to spend all old UTXO?? ;D Segwit in softfork mode will not solve these problems completely. Before to laugh at BU supporters, better understand in detail in the issue. Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 09:04:30 PM Quote so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process It's not really confirmed whether mtgox funds were lost through some kind of malleability attack. That's what they were claiming at some point, but they never showed any proofs, or even a technical explanation of how that would actually be possible. Title: Re: Transaction malleability 2017 Post by: piotr_n on March 12, 2017, 09:11:39 PM It definitely looks like some statement from the mining pool, saying 'if we won't activate segwit, look what can be happening'.
Well, I've seen it... And I'm not impressed, frighten or shocked. :) Even though I'd like to see segwit activated. But not as much as most of the supporters :) I also spent my time to add segwit support to my software. It was fun and I won't be crying if this doesn't get used. Title: Re: Transaction malleability 2017 Post by: bitaps on March 12, 2017, 09:23:55 PM Segwit will not fix this problem! To fix this problem we need segwit + hardfork (restrict negative S value)
Segwit is good improvement, but we need the solution to give ability change block size and this thing very important. Yes Segwit will get more txs inside 1 MB blocks. But in case we not accept change block size solution today, to come that day when we will hit the block limit again, at that time bitcoin infrastructure will grow significantly. Do hard fork will be more painful than do it now! Also accept solution to give ability change block size, this is not mean that we should change block size right now. Title: Re: Transaction malleability 2017 Post by: cr1776 on March 12, 2017, 10:38:48 PM Quote so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process It's not really confirmed whether mtgox funds were lost through some kind of malleability attack. That's what they were claiming at some point, but they never showed any proofs, or even a technical explanation of how that would actually be possible. The hypothesis regarding mtgox (fed by them, iirc) was that they were relying on transaction IDs to update their internal database of balances. So, there were withdrawals, then the attacker changed the transaction ID when they broadcast a transaction (the attacker was directly connected to them). So gox never decreased their balance since they were relying on the TX ID and they would withdraw again. (There were more details). Again, poorly written non-bitcoin network software IF that is what happened. |