Transaction Malleability Simple Explanation?

[butka]

I've been struggling to understand the problem of "transaction malleability". As a beginner, I was looking for a simple understanding of this concept in layman terms.

I've looked a number of places, but nowhere could I find an answer I could easily understand.

For example, the answer provided on the bitcoin wiki page is way to complicated to me, and demands some technical knowledge of cryptography, transaction formats, etc.

In the following, I will try to summarize my current understanding of it, so please feel free to step in and further clarify the matters, if and when needed:

So what is transaction malleability as I currently understand it?

Say, Bob sends some bitcoins to Ann.

Before the transaction is even confirmed, another person, Tom, may see this transaction and decide to copy it, make small changes to it, and broadcast the changed transaction back to the system.

Tom cannot change the important details of the transaction. Tom cannot change:

• the sender, Bob (or rather Bob's address)
• the recipient, Ann
• the amount of bitcoins sent
• the part of the signature confirming that Bob is the owner of the funds
• I guess Tom cannot change the fee, as well, right?

Tom can change some unimportant details about the transaction:

• add some meaningless data to it, ---> To clear this more, what exactly can he add/change?
• tweak the signature slightly, but only the part that doesn't affect anything important --> To clear this more, what can Tom tweak, and how can he change such an important part as the signature, even a tiny bit of it?

It is not difficult to understand the consequences of Tom's action.

The miners may notice this new transaction before the original Bob's transaction. So the original Tom's transaction will never appear on the blockchain.

As no important things are changed, Ann will still get her money, but if she was monitoring that particular original transaction, she might have been puzzled how is it that she received the money, but the particular original transaction never appeared on the blockchain.

Is this logic correct?
Is there anything else important about transaction malleability that needs to be understood?

Thanks in advance.

[1714113763]

1714113763

[1714113763]

1714113763

[1714113763]

1714113763

[aleksej996]

• add some meaningless data to it, ---> To clear this more, what exactly can he add/change?

There is a part of a transaction that isn't signed. This part contains the signature itself as well as some other data that could be used to prove ownership of those bitcoins in some special types of transactions.

Since this part isn't digitally signed, it means that anyone can change it and use the same old signature. Changing this data too much would usually result in invalid transactions, but some specific changes wouldn't affect the validity of the transaction.

So this data isn't meaningless, it is just not used in most of regular transactions and it's only purpose is to provide proof of ownership of bitcoins that are being spent. Most Bitcoin nodes will not relay these transaction however, since they are not standard, but they will not reject them as invalid when they see them in blocks.

• tweak the signature slightly, but only the part that doesn't affect anything important --> To clear this more, what can Tom tweak, and how can he change such an important part as the signature, even a tiny bit of it?

Most of this is patched I think and you probably need to know a bit of cryptography to understand these issues.
One part of it is that you can sign same data in different ways if you want and still provide valid proof that you got private keys.

Some of these changes require a private key, but I think one or few don't.

When you sign a paper with your name no two signatures are the same, so you can think of it like this if you wish.
Computers will sign it in a same way however, since they are precise and deterministic, but if you purposely change it, they can still make a valid signature, just a little different, if you prefer it.

[butka]

Most of this is patched I think and you probably need to know a bit of cryptography to understand these issues.
One part of it is that you can sign same data in different ways if you want and still provide valid proof that you got private keys.

Some of these changes require a private key, but I think one or few don't.

When you sign a paper with your name no two signatures are the same, so you can think of it like this if you wish.
Computers will sign it in a same way however, since they are precise and deterministic, but if you purposely change it, they can still make a valid signature, just a little different, if you prefer it.

That makes sense, thanks for your reply. There are no shortcuts when it comes to fully understanding these things, so I would have to learn more about cryptography after all.

[Xynerise]

That makes sense, thanks for your reply. There are no shortcuts when it comes to fully understanding these things, so I would have to learn more about cryptography after all.

Ken Shirriff has an excellent post on Transaction malleability, so start from there

[butka]

Ken Shirriff has an excellent post on Transaction malleability, so start from there

That's exactly what I was looking for. Thanks.