Bitcoin Forum
June 16, 2024, 09:52:47 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Transaction malleability 2017  (Read 1570 times)
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 10, 2017, 09:19:34 PM
 #1

Today about 15 hours ago, was transaction malleability attack to bitcoin network. BIP 62 was accepted in 2014 but in 2017 miner BitClub mine transactions with negative S value in signature!  Shocked  So BitClub gave the opportunity to this  attack get  success
 
We have bitcoin node with ability to save all events on bitcoin network.

Statistics on our bitcoin node:
   Total affected Transaction: 84335
   Success: 1405
 
Code:
9ab1d8ede94b8997c526680c197ed6cf1d2004845f1a409645c36c52d5c3fefa
  >>>  00070d799ae941cd60fc686802afba8609f637687df8714c9b29c03600a7559b block 456545 miner BitClub
6f1f6740eb0eaa7db013461f497e4fdc39594ab506c70708ed6969c25e9cbae0
  >>>  f889938e3878a9836caa558c926bc2b05353cf29eb7f8ebbdffe0a5af80af5a4 block 456545 miner BitClub
924e59a5d70f2e8928a1dfdd01cab476caebf5773b001d06ad87d4619ff8674e
  >>>  785b2856106170b5ef462b35deae83879bb9e3fd282b3e5face8fe0d9ec17285 block 456545 miner BitClub
00fba70e71336d78c52cda58c252a836d1d860c69e54840fb85f6f9e947eef75
  >>>  2000e4a79fb534563f361a5a3f031c3db2d87a886b072b6ba68587ebbebc6198 block 456545 miner BitClub
71bad5a7eb5693e1787572c62ce3fe81be57907c9a67e5b67df32615b6fcc564
  >>>  783a6b069abb42818ef942832b8aad689c52c9e054572a8e5c5f402b41b1d35e block 456545 miner BitClub
5ad4bd91dc3b1588a5dd3fc880109400a467316114b64c093ba2624e6d9bfa28
  >>>  5e60913b376ce04a526dfd26ec60b5c0e86e5cbf61b0cc77ad170b35240dd313 block 456545 miner BitClub
c3d73f073d9efb1e6b5f83de13415e8f76763a1526c58283ec887a0f6b54a987
  >>>  9f4fd7345061fc567eca2807aa7f655696a0fcd0b4c039e597978ec935a8c4c4 block 456545 miner BitClub
bc256939a84a8a7d25e1e3f79b9cdc61f8f84cb1746371b6e75076f548bca6b1
  >>>  ab1f20f7785137012de35e81709b2172c0d56af4949e53bfed9ddea9ddfb9527 block 456545 miner BitClub
304210e71da43a2f64410568b0473a1652da245e15eaccf42526636ced50be10
  >>>  04916551d68114586f22f6fe5e9cc73497f6b91fd440c764301437fc069afe69 block 456545 miner BitClub

 
 
Full list of successfully attacked transactions http://pastebin.com/KGYpqPta
 


achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3430
Merit: 6705


Just writing some code


View Profile WWW
March 10, 2017, 10:11:20 PM
 #2

Who malleated those transactions?

I know that those who have chains of unconfirmed transactions that were based off of the original non-malleated ones were, but how many transactions is that? Who else was affected by these transactions?

johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 241


View Profile
March 10, 2017, 10:27:29 PM
Merited by ABCbits (1)
 #3

BIP-62 was withdrawn.  You may be confusing it with BIP-66, which didn't have low-S requirement.  There is also a relay policy for low-S but not a soft fork.  BIP-146 may fix it some day.

There are several discussions on reddit on r/btc.  I think BitClub mined three blocks with high-S and BitmainWarrenty (not to be confused with Bitmain) was also involved.  It also temporarily broke blockchain.info.

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 01:43:16 PM
 #4

How is it an attack?
Who is it attacking and what for?

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 12, 2017, 05:54:00 PM
 #5

How is it an attack?
Who is it attacking and what for?

Here is official News about it

https://news.bitcoin.com/bither-ceo-bitclub-performing-segwit-related-attack-network/

piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 07:24:39 PM
 #6


How does it answer any of my questions?

Please explain why it is called "attack".

Using such a word implies that there was an aggressor and a victim.
So who was the victim and how was it hurt?

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 07:33:21 PM
Merited by ABCbits (2)
 #7

BTW, this article on news.bitcoin.com is hilarious.

For instance, it says:

Quote
In the two blocks they mined, 456545 and 456552, they changed all the txid inside the blocks. In other words, they “double spent” all transactions.
What "double spent"??
It was exactly the same spent, just with a different txid.  Smiley


Then:

Quote
Blockchain.info, the most widely used blockchain explorer, is basically crashed during the attack event. Since block 456545, blockchain.info no longer received any new blocks.”
So it seems that what it "attacked", was not any "bitcoin network", but only a buggy software used by Blockchain.info
Well, at least they got a chance t fix it Smiley


And then:
Quote
It’s still not exactly clear how the attack was performed.
How is it not clear how it was performed, if they had just said that "by exploiting the symmetry characteristic of elliptic curves"? Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 12, 2017, 07:40:45 PM
 #8

Quote
How is it not clear how it was performed, if they had just said that "by exploiting the symmetry characteristic of elliptic curves"

ECDSA Signature consists of 2 big numbers, R and S.  In case we change S to (S * -1) it will not invalidate signature. Because during signature verification used the absolute value of S.

Quote
What "double spent"Huh
It was exactly the same spent, just with a different txid.  Smiley

Yes different tx_id and create different coins in blockchain, technically this is double spending input coins, but no way to steal btc

piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 07:44:34 PM
Merited by ABCbits (1)
 #9

Yes different tx_id and create different coins in blockchain, technically this is double spending input coins, but no way to steal btc

No sir.

This is not "double spending input coins" - not technically, nor in any other way.

The spending transaction just ended up in the blockchain with a different ID - that's it.
There is nothing more about it; no attacks, no double spending - nothing more!

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 12, 2017, 07:46:24 PM
 #10

2 transactions try to spend same coins and as result create different output coins

This is double spent

piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 07:49:17 PM
 #11

2 transactions try to spend same coins and as result create different output coins

This is double spent

But only one of them gets confirmed - how is it a double spent?

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 12, 2017, 07:52:37 PM
 #12

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 07:55:09 PM
 #13

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

That's fascinating.

Perhaps you should write a paper about it.
bitcoin.com should be able to publish it for you.
They seem to be very much into bitcoin science.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 12, 2017, 07:59:22 PM
 #14

Not quite understood your sarcasm

Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3074



View Profile
March 12, 2017, 08:06:38 PM
 #15

You're trying to say

"this double spend attempt failed, therefore it succeeded!"

Which is why you're attracting derision


Shut up

Vires in numeris
piotr_n
Legendary
*
Offline Offline

Activity: 2053
Merit: 1354


aka tonikt


View Profile WWW
March 12, 2017, 08:07:33 PM
 #16

Not quite understood your sarcasm
You and bitcoin.com are using big words to describe trivial things.

There was no "attack on the bitcoin networks" - that's ridiculous.

Ever since bitcoin has existed, any miner could have taken a transaction (or all of them) and change the ID(s).
There is nothing new or sensational about it and it is definitely no reason to spread a panic with big titles like "attack on a bitcoin network".

IMHO, such events are actually a good thing, because they show whose bitcoin software is shit.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3430
Merit: 6705


Just writing some code


View Profile WWW
March 12, 2017, 08:25:32 PM
Merited by ABCbits (1)
 #17

2 transactions try to spend same coins and as result create different output coins

This is double spent
A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.

andron8383
Sr. Member
****
Offline Offline

Activity: 333
Merit: 250



View Profile
March 12, 2017, 08:26:27 PM
 #18

Right! Any double spent attempt have one winner tx and losing tx or few losing txs

So they can trick lets say bitbay that don't wait for confirmation to double sped - interesting.

Quote
Some online chatter regarding the issue revolved around the idea that the attack is political; trying to influence developers and stakeholders to come to a solution to the so-called malleability issue (which Segwit is intended to solve).

For me all know that "malleability issue" but BU Cheesy shit this like nothing happened everything is ok you can makes attacks and what now ?
For those BU supporters waiting 30min for confirmations is not big deal.
I think that Bitcoin have to fix security holes that shout this is your foud you sould be wait for 30 min confirmations if you have luck because not you can wait up to few hours Cheesy

2 transactions try to spend same coins and as result create different output coins

This is double spent
A transaction malleation attack does not change the outputs in any way whatsoever. There are no "different output coins". The receivers still get the Bitcoin, regardless or whether the original or the malleated transaction confirms. Transaction malleation is not a double spend attack. Nor is it an attack on the Bitcoin network but rather it is an attack on poorly written wallets and services.

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process.
bitaps (OP)
Member
**
Offline Offline

Activity: 148
Merit: 45

https://bitaps.com/


View Profile WWW
March 12, 2017, 08:30:21 PM
 #19


You and bitcoin.com are using big words to describe trivial things.

There was no "attack on the bitcoin networks" - that's ridiculous.

Ever since bitcoin has existed, any miner could have taken a transaction (or all of them) and change the ID(s).
There is nothing new or sensational about it and it is definitely no reason to spread a panic with big titles like "attack on a bitcoin network".

IMHO, such events are actually a good thing, because they show whose bitcoin software is shit.

First of all, my title was not big title with words "attack on a bitcoin network".

Second Bitcoin.com :
Quote
In the two blocks they mined, 456545 and 456552, they changed all the txid inside the blocks. In other words, they “double spent” all transactions.

It's not quite so. Bitclub not change tx signatures inside his blocks.  All transactions in mempool was attacked within few seconds after broadcasting to network.  Same one do attack on mempool. Most of nodes not accept and not relay this tx because double spending tx not accepting for relay in most nodes settings (except RBF txs). But Bitclub accept this txs. Exploiting attack is not good thing, good thing is fix vulnerability in bitcoin protocol.

achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3430
Merit: 6705


Just writing some code


View Profile WWW
March 12, 2017, 08:31:59 PM
 #20

so how "malleation attack" fucked up Mt Gox ? they were complaing about that if i good remember that they lost BTC in that process.
Chains of unconfirmed transactions can be invalidated by malleating a transaction in that chain and having that malleated transaction confirm. So it is possible that people send an exchange like Mt. Gox Bitcoin being spent from an unconfirmed transaction, and one transaction in the chain is malleated thus invalidating the whole chain and the service never actually receives the Bitcoin.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!