Bitcoin Forum
May 09, 2024, 02:07:32 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Are Transaction IDs unpredictable?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Are Transaction IDs unpredictable?  (Read 1103 times)
Sothh (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 17, 2013, 04:38:58 PM
 #1
Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?

I want to use this for a provably fair betting system.
1715220452
Hero Member
*
Offline Offline

Posts: 1715220452

View Profile Personal Message (Offline)

Ignore
1715220452
1715220452
Reply with quote  #2
1715220452
Report to moderator
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1078


Ian Knowles - CIYAM Lead Developer


View Profile WWW
September 17, 2013, 04:46:28 PM
 #2
As the ECDSA signatures require a random K value (which unfortunately was shown *not* to be random for some broken Java implementations which caused people to lose BTC) and the tx hash includes this information (am pretty sure the tx hash is a hash of all of the raw tx bytes) then I think you should be pretty safe in assuming it should *normally* be random.

Understand that as K values that are non-random *can* be used it could be a potential vector of attack to use non-random values in order to screw up the "fairness" (at the risk of losing at least some small amount of BTC).
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
September 17, 2013, 04:47:57 PM
 #3
Quote from: Sothh on September 17, 2013, 04:38:58 PM
Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?

I want to use this for a provably fair betting system.
depending on your system, an attacker might only broadcast transactions which he will win on.
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
pc
Sr. Member
****
Offline Offline

Activity: 253
Merit: 250


View Profile
September 17, 2013, 05:38:03 PM
 #4
Exactly. One can't know the hash before the transaction has been made, but one does know the hash before one sends that transaction to anybody else. If your betting system is "hash wins if it ends in a 0 bit", then it's easy to only send you winning transactions. If your betting system is "hash txid along with a secret-of-the-day-that-gets-revealed-tomorrow, win if that ends in a 0 bit", then you're probably fine.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
September 17, 2013, 05:50:29 PM
 #5
As others have pointed out each tx hash is random however an atacker can generate as many as he wants and only broadcast the ones he wants to.

Compare that to a dice roll is random but allowing a gambler to roll as many times as he wants and then pick the dice roll would not be a good idea.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
September 17, 2013, 07:48:41 PM
 #6
Quote from: Sothh on September 17, 2013, 04:38:58 PM
I want to use this for a provably fair betting system.

SatoshiDICE uses the transaction ID to determine the lucky number but the reason it doesn't matter if it is random is because the transaction ID is just part of the input used to get the results, with the remainder kept secret at the time the bet is placed.

Another "provably fair" service, BitLotto (whose operator has since cut and run with the last month's worth of winnings) used the results of an external event (a state-run lottery) that occurred after the betting deadline as its apporach to offering provably fair.

But as others mentioned, the Trx ID is the result of the contents of a transaction, and thus can be manipulated.
Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
September 18, 2013, 12:43:08 AM
 #7
I run a lotto where I use 7 secrets.

1. My secret.
2 to 6. Other gambling site secrets
7. Random.org secret.

All secrets are verifiable, and all secrets except for the last one have hashes.

So I have a secret I control which no one else has, a bunch of other secrets which their owners will never give to me, and the planet has a secret that won't be known until the morning of that day.
Escrow Service (Historical) - Feed Some Children by Dabs (Historical) - GPG ID: 32AD7565, OTC ID: Dabs
DAM Datamine Network. FLUX. Time is money 2.0 https://datamine-crypto.github.io/realtime-decentralized-dashboard/
https://freebitcoins.com/?aKey=df2c471a520b751715065b0b3ac9359043e9993c
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Are Transaction IDs unpredictable?
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!