Bitcoin Forum
October 23, 2017, 05:00:35 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Are Transaction IDs unpredictable?  (Read 1031 times)
Sothh
Full Member
***
Offline Offline

Activity: 238



View Profile
September 17, 2013, 04:38:58 PM
 #1

Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?

I want to use this for a provably fair betting system.
1508734835
Hero Member
*
Offline Offline

Posts: 1508734835

View Profile Personal Message (Offline)

Ignore
1508734835
Reply with quote  #2

1508734835
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508734835
Hero Member
*
Offline Offline

Posts: 1508734835

View Profile Personal Message (Offline)

Ignore
1508734835
Reply with quote  #2

1508734835
Report to moderator
1508734835
Hero Member
*
Offline Offline

Posts: 1508734835

View Profile Personal Message (Offline)

Ignore
1508734835
Reply with quote  #2

1508734835
Report to moderator
CIYAM
Legendary
*
Offline Offline

Activity: 1862


Ian Knowles - CIYAM Lead Developer


View Profile WWW
September 17, 2013, 04:46:28 PM
 #2

As the ECDSA signatures require a random K value (which unfortunately was shown *not* to be random for some broken Java implementations which caused people to lose BTC) and the tx hash includes this information (am pretty sure the tx hash is a hash of all of the raw tx bytes) then I think you should be pretty safe in assuming it should *normally* be random.

Understand that as K values that are non-random *can* be used it could be a potential vector of attack to use non-random values in order to screw up the "fairness" (at the risk of losing at least some small amount of BTC).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
September 17, 2013, 04:47:57 PM
 #3

Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?

I want to use this for a provably fair betting system.
depending on your system, an attacker might only broadcast transactions which he will win on.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
pc
Sr. Member
****
Offline Offline

Activity: 253


View Profile
September 17, 2013, 05:38:03 PM
 #4

Exactly. One can't know the hash before the transaction has been made, but one does know the hash before one sends that transaction to anybody else. If your betting system is "hash wins if it ends in a 0 bit", then it's easy to only send you winning transactions. If your betting system is "hash txid along with a secret-of-the-day-that-gets-revealed-tomorrow, win if that ends in a 0 bit", then you're probably fine.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
September 17, 2013, 05:50:29 PM
 #5

As others have pointed out each tx hash is random however an atacker can generate as many as he wants and only broadcast the ones he wants to.

Compare that to a dice roll is random but allowing a gambler to roll as many times as he wants and then pick the dice roll would not be a good idea.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2296



View Profile
September 17, 2013, 07:48:41 PM
 #6

I want to use this for a provably fair betting system.

SatoshiDICE uses the transaction ID to determine the lucky number but the reason it doesn't matter if it is random is because the transaction ID is just part of the input used to get the results, with the remainder kept secret at the time the bet is placed.

Another "provably fair" service, BitLotto (whose operator has since cut and run with the last month's worth of winnings) used the results of an external event (a state-run lottery) that occurred after the betting deadline as its apporach to offering provably fair.

But as others mentioned, the Trx ID is the result of the contents of a transaction, and thus can be manipulated.

Dabs
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
September 18, 2013, 12:43:08 AM
 #7

I run a lotto where I use 7 secrets.

1. My secret.
2 to 6. Other gambling site secrets
7. Random.org secret.

All secrets are verifiable, and all secrets except for the last one have hashes.

So I have a secret I control which no one else has, a bunch of other secrets which their owners will never give to me, and the planet has a secret that won't be known until the morning of that day.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!