How does a blockchain prevent spoofed transactions?

[ebliever]

Hi, simple question here. I understand bitcoin (etc.) uses signed messages to verify that a given account owns the funds it is sending to another public key. But what is it that prevents the blockchain from accepting or propagating a false transaction generated by (or with the assistance of) a corrupt miner?

For example, let's say I made up a fake public key with a modified client, and submitted a bogus transaction, "1MickeyMouse34fg4...  sending 10,000 BTC to 1YVEndj8D..." (where the latter is my real public key). Let's say I collude with a miner who mines the next block. (Maybe he's using modified mining software that doesn't check the validity of the senders' key.)

What is it that makes it impossible for this transaction to make it into the blockchain? Or if placed in, what keeps it from being propagated and accepted? I know that in principle every satoshi should be traced back to a mined block through the records in the blockchain, but what is it that *forces* this to be true, against any attempt at hacking?

[Muhammed Zakir]

If you want to spend from an address, you need it's private key. If you don't have private key of an address, then the best you can do is to create an unsigned raw transaction but it can't be broadcasted until you sign it which you can't as you don't have private key.

Every miner validate inputs used in transactions. If you used a non-existing input and even if you sign that transaction, it will be rejected.

[shorena]

Hi, simple question here. I understand bitcoin (etc.) uses signed messages to verify that a given account owns the funds it is sending to another public key. But what is it that prevents the blockchain from accepting or propagating a false transaction generated by (or with the assistance of) a corrupt miner?

For example, let's say I made up a fake public key with a modified client, and submitted a bogus transaction, "1MickeyMouse34fg4...  sending 10,000 BTC to 1YVEndj8D..." (where the latter is my real public key). Let's say I collude with a miner who mines the next block. (Maybe he's using modified mining software that doesn't check the validity of the senders' key.)

What is it that makes it impossible for this transaction to make it into the blockchain? Or if placed in, what keeps it from being propagated and accepted? I know that in principle every satoshi should be traced back to a mined block through the records in the blockchain, but what is it that *forces* this to be true, against any attempt at hacking?

The rest of the network (those running full nodes) would check the block and come to the conclusion that 1MickeyMouse34fg4 never had 10k BTC to spend in the first place and thus the transaction would be invalid as wall as the block that included it.

Congratulations you just spend a large amount of energy and money you invested in hardware and gained nothing.

If you want to spend from an address, you need it's private key. If you don't have private key of an address, then the best you can do is to create an unsigned raw transaction but it can't be broadcasted until you sign it which you can't as you don't have private key.

Every miner validate inputs used in transactions. If you used a non-existing input and even if you sign that transaction, it will be rejected.

I think the idea is that the miner is placing the fakt TX in a block.

[ebliever]

Hi, simple question here. I understand bitcoin (etc.) uses signed messages to verify that a given account owns the funds it is sending to another public key. But what is it that prevents the blockchain from accepting or propagating a false transaction generated by (or with the assistance of) a corrupt miner?

For example, let's say I made up a fake public key with a modified client, and submitted a bogus transaction, "1MickeyMouse34fg4...  sending 10,000 BTC to 1YVEndj8D..." (where the latter is my real public key). Let's say I collude with a miner who mines the next block. (Maybe he's using modified mining software that doesn't check the validity of the senders' key.)

What is it that makes it impossible for this transaction to make it into the blockchain? Or if placed in, what keeps it from being propagated and accepted? I know that in principle every satoshi should be traced back to a mined block through the records in the blockchain, but what is it that *forces* this to be true, against any attempt at hacking?

The rest of the network (those running full nodes) would check the block and come to the conclusion that 1MickeyMouse34fg4 never had 10k BTC to spend in the first place and thus the transaction would be invalid as wall as the block that included it.

Congratulations you just spend a large amount of energy and money you invested in hardware and gained nothing.

If you want to spend from an address, you need it's private key. If you don't have private key of an address, then the best you can do is to create an unsigned raw transaction but it can't be broadcasted until you sign it which you can't as you don't have private key.

Every miner validate inputs used in transactions. If you used a non-existing input and even if you sign that transaction, it will be rejected.

I think the idea is that the miner is placing the fakt TX in a block.

Thanks, this is what I was looking for, at least partly. So a miner can insert garbage into a block, but the rest of the network reviews the blocks transactions for validity. So that block would be rejected by the rest of the network if it had any invalid transactions, correct?

Doesn't this take a significant amount of computational resources for every miner to verify that every transaction in each new block is valid? Or is there a shortcut to verifying each send address is real and had the funds?

[Muhammed Zakir]

-snip-

If you want to spend from an address, you need it's private key. If you don't have private key of an address, then the best you can do is to create an unsigned raw transaction but it can't be broadcasted until you sign it which you can't as you don't have private key.

Every miner validate inputs used in transactions. If you used a non-existing input and even if you sign that transaction, it will be rejected.

I think the idea is that the miner is placing the fakt TX in a block.

Thank you!

Thanks, this is what I was looking for, at least partly. So a miner can insert garbage into a block, but the rest of the network reviews the blocks transactions for validity. So that block would be rejected by the rest of the network if it had any invalid transactions, correct?

Doesn't this take a significant amount of computational resources for every miner to verify that every transaction in each new block is valid? Or is there a shortcut to verifying each send address is real and had the funds?

Full nodes are run by many users not just miners. In other words, every Bitcoin core which has opened outbound inbound connections are full nodes. See https://getaddr.bitnodes.io.

[ebliever]

Full nodes are run by many users not just miners. In other words, every user who runs Bitcoin core and has opened outbound connections are running full nodes. See https://getaddr.bitnodes.io.

So if a node checks the new block and rejects it, that would prevent propagation of it, right? So if (I'm just guessing here) a typical miner connects to 10 nodes when mining, and those nodes are responsible for broadcasting the new block out to everyone else, then only those 10 nodes would really need to ID the false transactions and fail to pass the invalid block along?

Thanks for explaining guys!

[Muhammed Zakir]

Full nodes are run by many users not just miners. In other words, every user who runs Bitcoin core and has opened outbound connections are running full nodes. See https://getaddr.bitnodes.io.

So if a node checks the new block and rejects it, that would prevent propagation of it, right? So if (I'm just guessing here) a typical miner connects to 10 nodes when mining, and those nodes are responsible for broadcasting the new block out to everyone else, then only those 10 nodes would really need to ID the false transactions and fail to pass the invalid block along?

Thanks for explaining guys!

A full node stick with it's own rules and no matter all other nodes accept a block which violated a rule, this node will reject it. FYI, Bitcoin core is not the only full node.

[DannyHamilton]

Full nodes are run by many users not just miners. In other words, every user who runs Bitcoin core and has opened outbound connections are running full nodes. See https://getaddr.bitnodes.io.

So if a node checks the new block and rejects it, that would prevent propagation of it, right? So if (I'm just guessing here) a typical miner connects to 10 nodes when mining, and those nodes are responsible for broadcasting the new block out to everyone else, then only those 10 nodes would really need to ID the false transactions and fail to pass the invalid block along?

Thanks for explaining guys!

Also, regarding your other question:

is there a shortcut to verifying each send address is real and had the funds?

Yes.

Bitcoin does make use of a "shortcut".

Specifically there is no such thing as a "sending address".

Instead transactions spend and create unspent outputs, and every node maintains an indexed list of all the currently unspent transaction outputs (commonly called the UTXO list).

When you "receive bitcoins at an address", what actually happens is that a transaction creates new unspend outputs that are encumbered with a requirement to supply an ECDSA signature generated with a particular private key in order for those unspent outputs to be used to fund a future transaction.

When you "send bitcoins to an address" You supply a list of the unspent outputs that you are spending, and a valid signature for each of those outputs.  Each node searches their indexed UTXO for each of the unspent inputs in your transaction.  If you are using a UTXO that they don't have in their list, then they won't propagate your transaction.  Then when each node receives a block, they check every transaction in the block in the same way as each transaction input is checked against the UTXO list, it is then removed from the list, and any new outputs created by the transaction are added to the UTXO.

Therefore, you can't create a transaction "1MickeyMouse34fg4...  sending 10,000 BTC to 1YVEndj8D...".  You would have to create a transaction:

Code:

List of inputs that nodes will find in their UTOX
Valid Signatures for each input
List of outputs created by the transaction
Scripts for each output that describe what the requirement is for it to be included as an input in the future

[lemipawa]

It doesn't, does it?    By spoofed transactions you mean just small ones that have a purpose for being there?

By spoofed transactions he means transactions that don't have legitimate public keys or unspent outputs. These cannot be spoofed since the transaction will not be verified. See DannyHamilton's post above.

[ebliever]

As usual Danny makes it all clearer! Thanks for the explanation; I've seen references to the UTXO's but didn't really understand their role. Now I understand better.