|
Title: Are Transaction IDs unpredictable? Post by: Sothh on September 17, 2013, 04:38:58 PM Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?
I want to use this for a provably fair betting system. Title: Re: Are Transaction IDs unpredictable? Post by: CIYAM on September 17, 2013, 04:46:28 PM As the ECDSA signatures require a random K value (which unfortunately was shown *not* to be random for some broken Java implementations which caused people to lose BTC) and the tx hash includes this information (am pretty sure the tx hash is a hash of all of the raw tx bytes) then I think you should be pretty safe in assuming it should *normally* be random.
Understand that as K values that are non-random *can* be used it could be a potential vector of attack to use non-random values in order to screw up the "fairness" (at the risk of losing at least some small amount of BTC). Title: Re: Are Transaction IDs unpredictable? Post by: kokjo on September 17, 2013, 04:47:57 PM Simple question, is it possible to predict a transaction ID/hash before the transaction has been made? depending on your system, an attacker might only broadcast transactions which he will win on.I want to use this for a provably fair betting system. Title: Re: Are Transaction IDs unpredictable? Post by: pc on September 17, 2013, 05:38:03 PM Exactly. One can't know the hash before the transaction has been made, but one does know the hash before one sends that transaction to anybody else. If your betting system is "hash wins if it ends in a 0 bit", then it's easy to only send you winning transactions. If your betting system is "hash txid along with a secret-of-the-day-that-gets-revealed-tomorrow, win if that ends in a 0 bit", then you're probably fine.
Title: Re: Are Transaction IDs unpredictable? Post by: DeathAndTaxes on September 17, 2013, 05:50:29 PM As others have pointed out each tx hash is random however an atacker can generate as many as he wants and only broadcast the ones he wants to.
Compare that to a dice roll is random but allowing a gambler to roll as many times as he wants and then pick the dice roll would not be a good idea. Title: Re: Are Transaction IDs unpredictable? Post by: Stephen Gornick on September 17, 2013, 07:48:41 PM I want to use this for a provably fair betting system. SatoshiDICE uses the transaction ID to determine the lucky number but the reason it doesn't matter if it is random is because the transaction ID is just part of the input used to get the results, with the remainder kept secret at the time the bet is placed. Another "provably fair" service, BitLotto (whose operator has since cut and run with the last month's worth of winnings) used the results of an external event (a state-run lottery) that occurred after the betting deadline as its apporach to offering provably fair. But as others mentioned, the Trx ID is the result of the contents of a transaction, and thus can be manipulated. Title: Re: Are Transaction IDs unpredictable? Post by: Dabs on September 18, 2013, 12:43:08 AM I run a lotto where I use 7 secrets.
1. My secret. 2 to 6. Other gambling site secrets 7. Random.org secret. All secrets are verifiable, and all secrets except for the last one have hashes. So I have a secret I control which no one else has, a bunch of other secrets which their owners will never give to me, and the planet has a secret that won't be known until the morning of that day. |