Bitcoin Forum
December 16, 2017, 04:07:43 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What happens when two users import a private key/wallet.dat  (Read 656 times)
hayek
Sr. Member
****
Offline Offline

Activity: 373


View Profile
May 14, 2013, 04:00:56 AM
 #1

Say a friend and I have wallets and find a third wallet.dat. We both import that wallet. The only thing I've found is "Weird things happen"
1513440463
Hero Member
*
Offline Offline

Posts: 1513440463

View Profile Personal Message (Offline)

Ignore
1513440463
Reply with quote  #2

1513440463
Report to moderator
1513440463
Hero Member
*
Offline Offline

Posts: 1513440463

View Profile Personal Message (Offline)

Ignore
1513440463
Reply with quote  #2

1513440463
Report to moderator
1513440463
Hero Member
*
Offline Offline

Posts: 1513440463

View Profile Personal Message (Offline)

Ignore
1513440463
Reply with quote  #2

1513440463
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513440463
Hero Member
*
Offline Offline

Posts: 1513440463

View Profile Personal Message (Offline)

Ignore
1513440463
Reply with quote  #2

1513440463
Report to moderator
1513440463
Hero Member
*
Offline Offline

Posts: 1513440463

View Profile Personal Message (Offline)

Ignore
1513440463
Reply with quote  #2

1513440463
Report to moderator
1513440463
Hero Member
*
Offline Offline

Posts: 1513440463

View Profile Personal Message (Offline)

Ignore
1513440463
Reply with quote  #2

1513440463
Report to moderator
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 14, 2013, 04:07:24 AM
 #2

Say a friend and I have wallets and find a third wallet.dat. We both import that wallet. The only thing I've found is "Weird things happen"

It really depends on the client that you import it to, and the method you use to import it.

Assuming that all three wallets are using Bitcoin-Qt, and that you each use importprivkey to import the the private keys from the third wallet:

If that third wallet has any bitcoins in it, both you and your friend will see those bitcoins added to the balance of your wallets.

Whichever of you spends the various outputs from the third wallet first will most likely see your transactions go through.  The other of you might see the coins get sent out of their wallet.  If they try to spend the same outputs before their wallet sees the updated blockchain with the spent outputs, they will find their transaction is a double spend attempt that the network will reject.

hayek
Sr. Member
****
Offline Offline

Activity: 373


View Profile
May 15, 2013, 03:50:30 AM
 #3

Interesting and thank you for the answer.

To explain it back to make sure I have it and assuming we are using the same wallets:
Wallet A: 1 BTC
Wallet B: 1 BTC
Wallet C: 10 BTC

Both A & B import C

Wallet A: 11 BTC
Wallet B: 11 BTC

But 10 BTC is "shared" between them until it is spent. As they are spent the balance of both wallets would change?
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 15, 2013, 04:04:40 AM
 #4

Interesting and thank you for the answer.

To explain it back to make sure I have it and assuming we are using the same wallets:
Wallet A: 1 BTC
Wallet B: 1 BTC
Wallet C: 10 BTC

Both A & B import C

Wallet A: 11 BTC
Wallet B: 11 BTC

But 10 BTC is "shared" between them until it is spent. As they are spent the balance of both wallets would change?

It's a bit more complicated than that, and it depends on which wallet you use and how you import it, but at a basic level yes.

A wallet actually keeps track of the set of transactions that were sent to addresses that the wallet knows about.  It doesn't combine them together into a single amount (even though it displays it to you that way).  So if you receive four separate transactions that pay you 1 BTC, 2 BTC, 3 BTC, and 4 BTC then the wallet will show that you have 10 BTC.  But if you then spend 1.5 BTC, the wallet might choose to spend the 1 BTC and the 2 BTC (for a total of 3 BTC).  It would create a transaction that would send 1.5 BTC to the intended recipient.  Then it would create a new address that it doesn't tell you about.  It sends the remaining 1.5 BTC back into the wallet at this new address.

So if Wallet C had received the 4 transactions I just mentioned, and then after importing if Wallet A were to send 1.5 BTC somewhere, then Wallet B might see 3 BTC suddenly disappear while Wallet A saw its balance reduced by 1.5BTC.  Then if Wallet B sent 5 BTC, it might choose to spend the remaining 4 BTC and 3 BTC outputs, sending the change to a new address in Wallet B.  So Wallet A would see it's balance suddenly drop by 7 BTC, while Wallet B sees its balance drop by 5 BTC.

It is also possible that one wallet sends the bitcoins in a transaction that the other wallet doesn't hear about right away.  Then when you create a transaction with the second wallet, it attempts to re-spend the same previous output.  This is a "double spend" attempt and will cause some confusion as the second wallet never sees its transaction confirm, and the rest of the network never sees the second transaction.

Swapster
Member
**
Offline Offline

Activity: 108


View Profile
May 15, 2013, 04:24:33 AM
 #5

IT sounds to me that if 20 people all have the same wallet.dat file  and they went out to a bunch of merchants and spent the money at the same time - only one merchant would get their BTC... the others would find the BTC to already be spent.

Is this not a problem?
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 15, 2013, 04:59:50 AM
 #6

IT sounds to me that if 20 people all have the same wallet.dat file  and they went out to a bunch of merchants and spent the money at the same time - only one merchant would get their BTC... the others would find the BTC to already be spent.

Is this not a problem?

Yes, and no.

This is a known behavior of bitcoin.  Nearly all 0 confirmation double spend attacks take advantage of this behavior.

If the merchant is able to wait for 1 confirmation, then this is no longer a problem.  As soon as a confirmation happens, all the other attempted transactions vanish and all the other merchants know that they have not really received any transaction.  Accepting a transaction with 0 confirmations is a bit like accepting a check from someones checking account.  There is no way to be confident that you are actually going to get paid until you get a confirmation.

Now, if the merchant isn't able to wait for one confirmation, there are a few other options for ensuring that they get paid.  First, the merchant can acquire identifying information on the consumer that could assist in prosecuting theft.  Video cameras, government issued ID, or even a customer loyalty program can go a long way towards discouraging fraud.

Second, the merchant can partner with a third party vender for payment processing.  Perhaps a company comes along (lets call them Asiv) that issues to consumers a 3 ⅜ × 2 ⅛ in (85.60 × 53.98 mm) plastic card with a an account number and a magnetic strip on the back.  Then Asiv partners with merchants providing them with a piece of equipment they can connect to their point of sale system.  When a consumer visits the merchant, they swipe their plastic card through the device and Asiv registers a transaction.  Asiv contracts to pay the merchant on a regular basis (maybe nightly?) the total of all the transactions processed by the merchant (minus a small fee).  Now the merchant doesn't have to be concerned about payment from the consumer since they know they'll be paid by Asiv.  Then once a month or so, Asiv send out an invoice to all the consumers that have used their card and collects payment from them.

Other solutions will be possible as well.  Perhaps the paradigm will change, and consumers will make a bitcoin deposit to the merchant as the enter the store.  By the time they are ready to check out, their deposit will already have at least 1 confirmation.  Then the merchant just sends the "change" back to the consumer before they leave.

hayek
Sr. Member
****
Offline Offline

Activity: 373


View Profile
May 17, 2013, 02:08:28 PM
 #7

Interesting.

I have been chewing on the idea of services similar to an exchange/wallet to satisfy that.

For example, a third party company where you deposit bitcoins. That company vouches you have X balance. The vendor could rely on that companies integrity to deal with random unknowns. It might cut down on the number of transactions.

E.g. two people trade btc and belong to the same voucher company. The voucher company doesn't need to move any bitcoin, just change the balance in their records. Then you are entitled to withdraw your new balance when you need to.

I don't really like the idea, it feels too much like a credit company to me and it's kind of an "All your eggs in one basket approach"
dancupid
Hero Member
*****
Offline Offline

Activity: 956



View Profile
May 17, 2013, 02:26:31 PM
 #8

This is one case (notice the massive amount of unconfirmed transactions)

http://blockchain.info/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

This is the 'correct horse battery staple' brainwallet address that it defaults to when you visit the site.

It seems people are importing this address' private key in the hope that they'll be able to move the bitcoins quickly enough as they arrive.

I suspect some of these people doing this don't realise that when they make a transaction from a different address in their wallet the change may be sent the this address

edit - just looked at this again - it seems someone is actually trying to attack the blockchain. Hadn't noticed this before today.
an0nymous
Newbie
*
Offline Offline

Activity: 11


Personal text


View Profile WWW
May 18, 2013, 10:59:38 PM
 #9

http://globalnerdy.com/wordpress/wp-content/uploads/2007/12/bug_vs_feature.gif

- In what we trust ? :/ -
occsceo
Newbie
*
Offline Offline

Activity: 13



View Profile WWW
May 18, 2013, 11:19:10 PM
 #10

well put...i lol'd

occsceo

.: PHP - PY - JS - MYSQL - HTML5 - CSS - SEO :.
btc:  1Cj7hUgN1hT4F7eLYUhPuhgXj9xHhD9GKF
ltc:  Lfp1UvW54KxpCky55HnD5tq6m7QaDAMFCM
wietrzny
Newbie
*
Offline Offline

Activity: 3


View Profile
May 19, 2013, 12:04:59 AM
 #11

Imagine situation where A and B use the same private key/wallet.dat - can it be compared to using one bank account by two persons?
For example A & B have one bank account, each of them hold own credit card and can use money in this account until they spend all.

Is this possible?
Would it be reasonable way of reaching such goal with Bitcoins? (imagine company or family account or similar situations)

One thing that bothers me is double spending. When it will occur:
1) When A and B try to spend more bitcoin than they have in wallet
2) When A and B try to spend bitcoins at the same moment, even if they don't spend all money in their wallet

Which one is true?
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 19, 2013, 02:06:04 AM
 #12

One thing that bothers me is double spending. When it will occur:
1) When A and B try to spend more bitcoin than they have in wallet
2) When A and B try to spend bitcoins at the same moment, even if they don't spend all money in their wallet

Which one is true?

Neither (or both) depending on how you look at it.

At the protocol level, bitcoin separately keeps track of every transaction received.  It does not "blend together" these balances.  If you receive, at a single bitcoin address, three transactions each for a different balance for example 3 BTC, then 4 BTC, and 6 BTC then the wallet might show you a balance of 13 BTC, but it is actually keeping track of each of those transaction outputs individually.

When spending bitcoins, the protocol requires that you spend one or more outputs in their entirety.  If, given the example, you want to send someone 1 BTC, your wallet would have to spend one or more of the listed outputs completely.  Assuming for the moment that the wallet chose to spend the 3 BTC output, it would create a transaction that used the 3 BTC output as an input to the transaction.  The transaction would then have 2 outputs, an output for 1 BTC sent to the recipient's address, and a separate output for 2 BTC to an address in your wallet as "change".  Once this transaction is confirmed, the previous 3 BTC output is considered "spent" and can never be spent again.  Any further attempt to spend the 3 BTC output would be considered a failed "double spend" attempt.  If you want to spend the remaining 2 BTC, you'd have to know about and spend the new 2 BTC output.

So, a double spend attempt will occur any time two separate attempts are made to spend the same previously received output.

If A spends all the bitcoins in their wallet, then obviously this will mean that they have spent all the outputs that any copy of the wallet might be tracking.  If the wallet that B is running hasn't yet been updated with the information that A's wallet already spent those outputs, then B could attempt to "spend more than they have in the wallet" and as such attempt to spend one or more of the already spent outputs.  This would be a double spend attempt.

If A and B try to spend bitcoins at the same moment, both wallets could choose to spend one or more of the same previously received unspent outputs.  This would be a double spend attempt.

It is generally a bad idea to attempt to run two separate wallets that are both attempting to track and spend bitcoins received at the same addresses.  There are many opportunities for one wallet to be unaware that the other wallet already spent some of the outputs.  Perhaps in the future someone will come out with a wallet that synchronizes well between multiple instances to avoid such issues, but at the moment, the only wallets that do this, do so by sending all communications through a centralized server that keeps track of each of the unspent outputs in one place.  Each "instance" of the wallet is really just a separate connection to the one server that is tracking the balances and addresses.

wietrzny
Newbie
*
Offline Offline

Activity: 3


View Profile
May 19, 2013, 10:31:41 PM
 #13

Thanks, now i understand it more less. So using two wallets with the same private key would be something similar to attacking myself.
Question of multiuser wallet still seem to be interesting.
Unfortunately i've found only one attempt in bitcoinj Google groups. No real conclusion.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!