Bitcoin Forum
July 18, 2018, 11:10:32 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Explain the gox transaction malleability issue like you are five  (Read 9920 times)
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 10, 2014, 01:45:25 PM
 #1

Let's assume we have a bank called "Bitcoin Bank". People can open accounts at the bank, get an account number (bitcoin address), and send money to their account. Money is transferred with cheque.

Gox opened many accounts at the Bitcoin Bank, with many account numbers. They give one account number to one customer. By monitoring these accounts, gox will know which customer has sent money to them, and credit to their gox account

When a customer submits a withdrawal request, gox will sign a cheque for one of its accounts at the bitcoin bank. They take a photo of the cheque, and use it as an evidence of delivery. However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.

Unlike a traditional bank, the bitcoin bank will publish the photos of all accepted cheques. Gox compares their photo records with the public records. Since the accepted cheque looks different from the original cheque (dirt is removed), gox can't recognize it and falsely believes that the related bank accounts still have money. Therefore, when another customer requests for withdrawal, they try to sign another cheque with the now emptied bank account. The Bitcoin Bank will reject this double spending cheque, and lead to all those withdrawal issues we have seen.

Even worse, some customers find the gox's bug and try to exploit it. After they cashed the cleaned cheque, they complain to gox saying that they have not received a cheque. Since gox can't find the cheque in the record of Bitcoin Bank, they credit the bitcoin back to the customer's gox account so the customer doubled his bitcoin at the expense of gox's fund (there is NO double-spending at the Bitcoin Bank)

So gox now blames the Bitcoin Bank that it should not accept the altered but yet valid cheque.

Gox also proposes that people should not trace a cheque by comparing photo. Instead, they should trace the unique ID of each cheque, as the ID is non-modifiable. They require the Bitcoin Bank officially endorse this practice before the re-open bitcoin withdraw.

-----------------

So what is the practice of the standard bitcoin client (i.e. bitcoin-qt)? Instead of comparing the photo of cheque, bitcoin-qt actually monitors the account balance. Therefore, whether the cheque is altered is totally irrelevant.

Conclusion: Gox uses a WRONG way to trace transaction, and blame the Bitcoin Bank when everything is fucked up

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
1531912232
Hero Member
*
Offline Offline

Posts: 1531912232

View Profile Personal Message (Offline)

Ignore
1531912232
Reply with quote  #2

1531912232
Report to moderator
1531912232
Hero Member
*
Offline Offline

Posts: 1531912232

View Profile Personal Message (Offline)

Ignore
1531912232
Reply with quote  #2

1531912232
Report to moderator
1531912232
Hero Member
*
Offline Offline

Posts: 1531912232

View Profile Personal Message (Offline)

Ignore
1531912232
Reply with quote  #2

1531912232
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
wang_yan
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
February 10, 2014, 01:47:17 PM
 #2

Let's assume we have a bank called "Bitcoin Bank". People can open accounts at the bank, get an account number (bitcoin address), and send money to their account. Money is transferred with cheque.

Gox opened many accounts at the Bitcoin Bank, with many account numbers. They give one account number to one customer. By monitoring these accounts, gox will know which customer has sent money to them, and credit to their gox account

When a customer submits a withdrawal request, gox will sign a cheque for one of its accounts at the bitcoin bank. They take a photo of the cheque, and use it as an evidence of delivery. However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox account is then emptied.

Unlike a traditional bank, the bitcoin bank will publish the photos of all accepted cheques. Gox compares their photo records with the public records. Since the accepted cheque looks different from the original cheque (dirt is removed), gox can't recognize it and falsely believes that the related accounts still have money. Therefore, when another customer requests for withdrawal, they try to sign another cheque with the now emptied account. The bitcoin bank will reject this double spending cheque, and lead to all those withdrawal issues we have seen.

Even worse, some customers find the gox's bug and try to exploit it. After they cashed the cleaned cheque, they complain to gox saying that they have not received a cheque. Since gox can't find the cheque in the record of Bitcoin Bank, they credit the bitcoin back to the customer's gox account so the customer doubled his bitcoin at the expense of gox's fund

So gox now blames the Bitcoin Bank that it should not accept the altered but yet valid cheque.

Gox also proposes that people should not trace a cheque by comparing photo. Instead, they should trace the unique ID of each cheque, as the ID is non-modifiable. They require the Bitcoin Bank officially endorse this practice before the re-open bitcoin withdraw.

-----------------

So what is the practice of the standard bitcoin client (i.e. bitcoin-qt)? Instead of comparing the photo of cheque, bitcoin-qt actually monitors the account balance. Therefore, whether the cheque is altered is totally irrelevant.

Conclusion: Gox uses a WRONG way to trace transaction, and blame the Bitcoin Bank when everything is fucked up

Great post, thank you so much!

Danglebee
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
February 10, 2014, 01:49:38 PM
 #3

stupid developer does no follow rule. i hungry. maybe soiled Sad

bleukind
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
February 10, 2014, 01:50:46 PM
 #4

I really love your explanation! Thx For it!

Bad english? Don't blame me, blame my english teacher.
Proud dutch
leopard2
Legendary
*
Offline Offline

Activity: 1348
Merit: 1004



View Profile
February 10, 2014, 01:52:50 PM
 #5

stupid developer does no follow rule. i hungry. maybe soiled Sad

still need diapers at five? bit of a retarted kid hm?

Truth is the new hatespeech.
Lauda
Legendary
*
Offline Offline

Activity: 1904
Merit: 1562


GUNBOT Licenses -15% with ref. code 'GrumpyKitty'


View Profile WWW
February 10, 2014, 02:03:46 PM
 #6

Good explanation. Thank you.
Now I wonder, why someone doesn't open a bank called 'The Bitcoin Bank' and operate it in a country like Germany, Finland or the other few that actually regulated bitcoin in a positive way?

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
georgeb657
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
February 10, 2014, 02:04:36 PM
 #7

Great post. You should post this on reddit and some generous users may tip you a beer
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 10, 2014, 02:06:29 PM
 #8

Great post. You should post this on reddit and some generous users may tip you a beer

Did it already: http://www.reddit.com/r/Bitcoin/comments/1xiowj/explain_the_gox_transaction_malleability_issue/

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
rammy2k2
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


View Profile WWW
February 10, 2014, 02:20:10 PM
 #9

nice !
il--ya
Jr. Member
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 10, 2014, 02:26:43 PM
 #10

However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.


One important point here is that this all was fine, as long as banks accepted both dirty and clean receipts, and dirty receipts issued by gox were actually more likely to reach the bank, because all receipts are sent by post, and it would take significant amount of effort for the customer to intercept those receipts and modify them.

But at some point banks have changed their policy and decided not to accept dirty receipts to prevent exactly this form of of fraud - modification of receipts. There are many ways to produce dirty receipt, but only way to produce clean. So they rejected them and simply throw dirty receipts away. And that's when some customers were able to collect those rejected recepts, clean them and re-submit to make them processed (unnoticed by Gox).

There is still exist a hypothetical problem of malicious banks, but it has very low impact, and will be addressed in the future bitcoin releases.
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 10, 2014, 02:31:48 PM
 #11

However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.


One important point here is that this all was fine, as long as banks accepted both dirty and clean receipts, and dirty receipts issued by gox were actually more likely go to the bank, because all receipts are actually sent by post, and it would take significant amount of effort for the customer to intercepts those receipts and modify them.

But at some point banks have changed their policy and decided not to accept dirty receipts to prevent some forms of fraud. They simply throw them away. And that's when some customers were able to collect those rejected recepts, clean them and re-submit to make them processed (unnoticed by Gox).

A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
il--ya
Jr. Member
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 10, 2014, 02:39:57 PM
 #12


A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

Valid point, it's not a network rule, although it may become one at some point.
Still it's a good practice accepted nowadays in most of the "banks" and post offices - not to accept dirty receipts, which exposed those MtGox vulnerabilities.
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 10, 2014, 02:47:32 PM
 #13


A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

Valid point, it's not a network rule, although it may become one at some point.
Still it's a good practice accepted nowadays in most of the "banks" and post offices - not to accept dirty receipts, which exposed those MtGox vulnerabilities.


The problem is, there is indefinite ways to alter a cheque without invalidate it. We need to live with transaction malleability and actually it's no big deal

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
whtchocla7e
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
February 10, 2014, 03:22:53 PM
 #14

If you are five, you probably will not be able to explain the Bitcoin malleability issue.

The title of this thread is a huge fail.
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
February 10, 2014, 03:25:31 PM
 #15

I don't understand what getting dirt on a check means.  Can you explain it like you're an adult?

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 10, 2014, 04:02:49 PM
 #16

I don't understand what getting dirt on a check means.  Can you explain it like you're an adult?

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile WWW
February 10, 2014, 04:09:00 PM
 #17

Code:
2 + 3 = 5
is a mathematically true statement.

Code:
2 + 3 + 0 = 5
is mathematically true, and in fact is the same statement.

They've got different hash values though, because hash functions care about binary representations, not mathematical equivalence.
Barek
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
February 10, 2014, 04:12:43 PM
 #18

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

The big question is how long has this been going on and has someone actively exploited it?
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 10, 2014, 04:18:34 PM
 #19

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

The big question is how long has this been going on and has someone actively exploited it?

This is simply gox's problem, as they shouldn't follow the transaction flow this way in the first place.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
dynodog
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile
February 10, 2014, 04:24:22 PM
 #20

for those who own btc with gox, it seems like the issue is going to be the extent to which gox "re-issued" bitcoin deliveries to customers bc the recipients lied and said they had not received it.  if there were many double deliveries, then gox may not have the bitcoin to pay remaining owners all the bitcoin to which they are entitled.  a few issues/questions come to mind:

1. why the other exchanges are not having the same problem
2. would mtgox be able to figure out which customers claimed failed delivery but lied, and were then paid twice.
3. it seems like the gox omnibus acct should net out even at the end of the day.  double deliveries would raise red flags (one would think) when all has been netted
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!