Gox也沒有這樣說, 是你誤解了他們的意思 (當然他們可能有意制造誤解的空間)

请转载至各大中文网站, 作者: bitcointalk.org jl2012, 捐款地址: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion

原文为英文, 也是我写的: https://bitcointalk.org/index.php?topic=458386

假设我们有一所"比特币银行", 人们可以在银行开设账户, 并得到账号 (比特币地址), 可以往账户存款, 也可以用支票转账

Gox在比特币银行开设很多账户, 因此有很多不同账号. 对于每一位Gox客户, Gox都给一个账号. 因此Gox只要监察所有银行账户, 就可以知道哪位客户给他们存了款, 也就可以在对应的Gox账户入账. 但请记着, 上述的银行账户都是属于Gox的, 因此客户一旦存款到这些银行账户, 钱就是Gox全权控制. 说到这里, 相信大家都不陌生

当有客户向Gox发出提现要求, Gox就会选择一个银行账户开支票; Gox为了证明自己已发出支票, 他们在发出前, 给支票拍照存档. 正常情况下, 客户拿着支票到比特币银行, 就可以兑现, 同时相关的Gox银行账户就被清空了

但因为Gox的一些人为错误, 某些支票带有一些污渍. 这些污渍其实无损支票的有效性, 但比特币银行的出纳员 (矿场主人) 看着不喜欢, 所以这些支票很难兑现 (但我必须强调这些支票也是有效的). 因此有些客户自行清理这些污渍, 然后就拿到钱了, 相关的Gox银行账户也被清空

比特币银行是很公开的, 他们会把确认了的所有有效支票的照片公布. Gox的会计把自己的支票照片和比特币银行公布的照片一一比对. 但因为支票送到比特币银行时已被清理干净, Gox就找不到相同的纪录, 他们也就误以为相关的银行账户仍然是有钱的. 当另一客户要求提现, Gox便尝试用这些实际上已被清空的银行账户发出支票. 结果比特币银行当然不会接受这空头支票, 也就是这几星期很多客户投诉比特币提现不到账的原因

更麻烦的是, 有些客户看中了Gox的漏洞, 在清理支票并拿到钱后, 仍然向Gox投诉支票不到账. 由于Gox自己账目混乱, 又在比特币银行的纪录中找不到自己发出的支票的照片, 便把钱退回客户的Gox账户. 因此客户便白赚了, 损失的是Gox. 必须强调比特币银行绝对没有损失, 即没有所谓"双花" (double-spending)

现在Gox就指控比特币银行, 指他们不应接受这种经过清理的支票. 他们甚至指所有交易所都面对相同问题

Gox现在提出, 人们不应比对支票照片, 而是比对支票号码, 因为支票号码是独一无二而且不能修改. 他们要求比特币银行同意这做法, 然后才会重新开放提现

-------------

首然, 这问题3年前已经发现, 一直在解决中, 但绝不是一个紧急问题. 现实中的支票在某些情况下, 改动了也无损有效性 (例如沾上少许污渍), 但改动了付款人/收款人/金额等资料就会令支票无效. 比特币交易也是一样

那么, 其它交易所, 以至标准比特币客户端 (bitcoin-qt) 是如何处理这问题? 他们根本不会比对照片, 而是直接监察银行账户结余. 因此无论支票变成什么样子也没所谓.

结论: Gox用了一个错误的方法监察账户, 出事了就指控比特币银行

請轉載至各大中文網站, 作者: bitcointalk.org jl2012, 捐款地址: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion

原文為英文, 也是我寫的: https://bitcointalk.org/index.php?topic=458386

假設我們有一所"比特幣銀行", 人們可以在銀行開設賬戶, 並得到賬號 (比特幣地址), 可以往賬戶存款, 也可以用支票轉賬

Gox在比特幣銀行開設很多賬戶, 因此有很多不同賬號. 對於每一位Gox客戶, Gox都給一個賬號. 因此Gox只要監察所有銀行賬戶, 就可以知道哪位客戶給他們存了款, 也就可以在對應的Gox賬戶入賬. 但請記著, 上述的銀行賬戶都是屬於Gox的, 因此客戶一旦存款到這些銀行賬戶, 錢就是Gox全權控制. 說到這裏, 相信大家都不陌生

當有客戶向Gox發出提現要求, Gox就會選擇一個銀行賬戶開支票; Gox為了證明自己已發出支票, 他們在發出前, 給支票拍照存檔. 正常情況下, 客戶拿著支票到比特幣銀行, 就可以兌現, 同時相關的Gox銀行賬戶就被清空了

但因為Gox的一些人為錯誤, 某些支票帶有一些污漬. 這些污漬其實無損支票的有效性, 但比特幣銀行的出納員 (礦場主人) 看著不喜歡, 所以這些支票很難兌現 (但我必須強調這些支票也是有效的). 因此有些客戶自行清理這些污漬, 然後就拿到錢了, 相關的Gox銀行賬戶也被清空

比特幣銀行是很公開的, 他們會把確認了的所有有效支票的照片公佈. Gox的會計把自己的支票照片和比特幣銀行公佈的照片一一比對. 但因為支票送到比特幣銀行時已被清理乾淨, Gox就找不到相同的紀錄, 他們也就誤以為相關的銀行賬戶仍然是有錢的. 當另一客戶要求提現, Gox便嘗試用這些實際上已被清空的銀行賬戶發出支票. 結果比特幣銀行當然不會接受這空頭支票, 也就是這幾星期很多客戶投訴比特幣提現不到賬的原因

更麻煩的是, 有些客戶看中了Gox的漏洞, 在清理支票並拿到錢後, 仍然向Gox投訴支票不到賬. 由於Gox自己賬目混亂, 又在比特幣銀行的紀錄中找不到自己發出的支票的照片, 便把錢退回客戶的Gox賬戶. 因此客戶便白賺了, 損失的是Gox. 必須強調比特幣銀行絕對沒有損失, 即沒有所謂"雙花" (double-spending)

現在Gox就指控比特幣銀行, 指他們不應接受這種經過清理的支票. 他們甚至指所有交易所都面對相同問題

Gox現在提出, 人們不應比對支票照片, 而是比對支票號碼, 因為支票號碼是獨一無二而且不能修改. 他們要求比特幣銀行同意這做法, 然後才會重新開放提現

-------------

首然, 這問題3年前已經發現, 一直在解決中, 但絕不是一個緊急問題. 現實中的支票在某些情況下, 改動了也無損有效性 (例如沾上少許污漬), 但改動了付款人/收款人/金額等資料就會令支票無效. 比特幣交易也是一樣

那麼, 其它交易所, 以至標準比特幣客戶端 (bitcoin-qt) 是如何處理這問題? 他們根本不會比對照片, 而是直接監察銀行賬戶結餘. 因此無論支票變成什麼樣子也沒所謂.

結論: Gox用了一個錯誤的方法監察賬戶, 出事了就指控比特幣銀行

根本不可能雙花, 你不懂不要亂說

Yes, you are right. But I think they want to provide the hash to the client, as a prove of delivery. (but actually, this could not be a proof...)

I think they always use unique change address.

However, it seems to me that this is not the problem they are facing. The real problem is that they failed to check whether an input is unspent

Because if the proposal is not widely adopted, their customer won't understand the new tx id format.

No, you don't get it. There is no hardfork, not even a softfork. The just propose an alternative way to identify a transaction

Please keep this a technical discussion.

Gox proposes to use the hash of the signed string as a non-modifiable transaction id. Is it a good or bad idea?

I think for standard SIGHASH_ALL transactions this should work.

1. Gox uses a customized wallet, which is obviously faulty. Other exchanges either implement it correctly (checking the address balance), or simply use standard bitcoind

2. Yes, if they have kept all the transaction and conversation log.

3. Not sure what you mean. But if gox really double paid some customers, they are the one to absorb the loss (or they will close and run)

This is simply gox's problem, as they shouldn't follow the transaction flow this way in the first place.

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

The problem is, there is indefinite ways to alter a cheque without invalidate it. We need to live with transaction malleability and actually it's no big deal

A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

Did it already: http://www.reddit.com/r/Bitcoin/comments/1xiowj/explain_the_gox_transaction_malleability_issue/

I have a better analogy here and also answered your question: https://bitcointalk.org/index.php?topic=458386

Let's assume we have a bank called "Bitcoin Bank". People can open accounts at the bank, get an account number (bitcoin address), and send money to their account. Money is transferred with cheque.

Gox opened many accounts at the Bitcoin Bank, with many account numbers. They give one account number to one customer. By monitoring these accounts, gox will know which customer has sent money to them, and credit to their gox account

When a customer submits a withdrawal request, gox will sign a cheque for one of its accounts at the bitcoin bank. They take a photo of the cheque, and use it as an evidence of delivery. However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.

Unlike a traditional bank, the bitcoin bank will publish the photos of all accepted cheques. Gox compares their photo records with the public records. Since the accepted cheque looks different from the original cheque (dirt is removed), gox can't recognize it and falsely believes that the related bank accounts still have money. Therefore, when another customer requests for withdrawal, they try to sign another cheque with the now emptied bank account. The Bitcoin Bank will reject this double spending cheque, and lead to all those withdrawal issues we have seen.

Even worse, some customers find the gox's bug and try to exploit it. After they cashed the cleaned cheque, they complain to gox saying that they have not received a cheque. Since gox can't find the cheque in the record of Bitcoin Bank, they credit the bitcoin back to the customer's gox account so the customer doubled his bitcoin at the expense of gox's fund (there is NO double-spending at the Bitcoin Bank)

So gox now blames the Bitcoin Bank that it should not accept the altered but yet valid cheque.

Gox also proposes that people should not trace a cheque by comparing photo. Instead, they should trace the unique ID of each cheque, as the ID is non-modifiable. They require the Bitcoin Bank officially endorse this practice before the re-open bitcoin withdraw.

-----------------

So what is the practice of the standard bitcoin client (i.e. bitcoin-qt)? Instead of comparing the photo of cheque, bitcoin-qt actually monitors the account balance. Therefore, whether the cheque is altered is totally irrelevant.

Conclusion: Gox uses a WRONG way to trace transaction, and blame the Bitcoin Bank when everything is fucked up

No. Everything is just the same

Let say bitcoin transaction is like a banknote. You can write something on a banknote but the note itself is still valid. When gox sending a banknote to its customer, they take a picture of the note, and use the picture of the note as an evidence of delivery. Some customer, however, write something on the note when they get it from gox, and claim they have not received the note. Since the note looks different from the photo, gox can't recognize it and wrongly believes that the note is not delivered, and send another note to the customer (so the customer gets double paid by exploiting the gox's bug). Since gox believe the original said note is not spent, they try to send it to a different customer. Of course this won't work and led to all those bitcoin withdraw problem we have seen.

So gox now proposes to use a different method to track the banknote. Instead of taking a photo, they propose to use the unique serial number on every note for tracking propose.

Bitcoin is still the bitcoin we know yesterday

Simply because they are incompetent.

Bitstamp, BTC-E, BTC-China, Huobi, OKCoin: all of these have higher transaction volume than MtGox. Did you ever see a report of similar issue from them?

FXXK THEM!!! It's just due to the stupid way of their custom wallet follows transactions. The reference client shouldn't have such problem!