Bitcoin Forum
December 03, 2016, 10:05:22 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: bitcoin broken?  (Read 1313 times)
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
May 09, 2011, 06:18:30 PM
 #1

https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
1480802722
Hero Member
*
Offline Offline

Posts: 1480802722

View Profile Personal Message (Offline)

Ignore
1480802722
Reply with quote  #2

1480802722
Report to moderator
1480802722
Hero Member
*
Offline Offline

Posts: 1480802722

View Profile Personal Message (Offline)

Ignore
1480802722
Reply with quote  #2

1480802722
Report to moderator
1480802722
Hero Member
*
Offline Offline

Posts: 1480802722

View Profile Personal Message (Offline)

Ignore
1480802722
Reply with quote  #2

1480802722
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480802722
Hero Member
*
Offline Offline

Posts: 1480802722

View Profile Personal Message (Offline)

Ignore
1480802722
Reply with quote  #2

1480802722
Report to moderator
1480802722
Hero Member
*
Offline Offline

Posts: 1480802722

View Profile Personal Message (Offline)

Ignore
1480802722
Reply with quote  #2

1480802722
Report to moderator
1480802722
Hero Member
*
Offline Offline

Posts: 1480802722

View Profile Personal Message (Offline)

Ignore
1480802722
Reply with quote  #2

1480802722
Report to moderator
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
May 09, 2011, 06:21:57 PM
 #2

No, it is not possible, there is a rule against that.

How often do you get the chance to work on a potentially world-changing project?
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 09, 2011, 06:28:02 PM
 #3

https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible.  Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start.  In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself.  This kind of theft attack would only affect one user.

As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have.  If you cannot sign the modified transaction, the transaction would fail on that point.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
May 09, 2011, 06:40:23 PM
 #4

https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible.  Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start.  In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself.  This kind of theft attack would only affect one user.

As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have.  If you cannot sign the modified transaction, the transaction would fail on that point.
what i can read from the source and the wiki is:
not the whole transaction that is signed. Sad only the TxIns.

its like signing "i would like to give some btcs away"

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
May 09, 2011, 06:43:07 PM
 #5

No, it is not possible, there is a rule against that.
rules is here to be broken. Smiley

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 09, 2011, 06:55:50 PM
 #6

https://en.bitcoin.it/wiki/Protocol_specification#tx

how are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw?
or is there some kind mecanisme that prevent that?
a simple attack scenario:
1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client.
2. when the isolated client makes a Tx it transmits it to you.
3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection.
4. wait for it to be included in a block.
5. PROFIT! Smiley

is this possible? it is a BIG BIG flaw if its real!

Sad

Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible.  Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start.  In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself.  This kind of theft attack would only affect one user.

As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have.  If you cannot sign the modified transaction, the transaction would fail on that point.
what i can read from the source and the wiki is:
not the whole transaction that is signed. Sad only the TxIns.

its like signing "i would like to give some btcs away"


Hmmm, I see what you are saying.  Good eye.  This might be a possible exploit, indeed.  You deserve kudos if this is true.  This could be fixed by requiring that the transaction as a whole be signed by the first input private key.  This would still require absolute isolation to work consistantly, but might work often enough by forcing a double spend type event to be a worthwhile criminal endeavor.

Gavin, thoughts?

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
May 09, 2011, 07:01:15 PM
 #7

The entire transaction is signed.  See:  https://en.bitcoin.it/wiki/OP_CHECKSIG  for the rules.

How often do you get the chance to work on a potentially world-changing project?
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
May 09, 2011, 07:05:13 PM
 #8

The entire transaction is signed.  See:  https://en.bitcoin.it/wiki/OP_CHECKSIG  for the rules.

Quote
OP_CHECKSIG is script opcode used to verify that the signature for a tx input is valid
first line.

the entire transaction can't be signed. its logicly impossible.
its like have in a hash of a hash, which is equal. sha256(a)!=a

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
May 09, 2011, 07:10:19 PM
 #9

Fine, the entire transaction except for:
  "The scripts for all transaction inputs in txCopy are set to empty scripts"

... is signed.   You're starting to make me grumpy...

How often do you get the chance to work on a potentially world-changing project?
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
May 09, 2011, 07:17:31 PM
 #10

Fine, the entire transaction except for:
  "The scripts for all transaction inputs in txCopy are set to empty scripts"

... is signed. 
thanks you!
i see it now, in script.cpp lines 870-930. looks right to me. Cheesy

You're starting to make me grumpy...
sorry for that...
i just didn't seemt right.
and i though if it was a flaw, it was best to make it public as fast as possible. so it could be corrected.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 09, 2011, 07:19:20 PM
 #11

And the confidence in the Bitcoin system increases by one Brownie point.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Enochian
Full Member
***
Offline Offline

Activity: 126


View Profile
May 09, 2011, 09:53:26 PM
 #12

what i can read from the source and the wiki is:
not the whole transaction that is signed. Sad only the TxIns.

its like signing "i would like to give some btcs away"

The documentation is somewhat unclear.  What gets signed is the entire transaction, with all the input scripts nulled except the one that is being signed, which is replaced by the output script it references containing the OP_CHECKSIG, with the hashtype appended to the end as an int.

So the only thing you could change without making the signature invalid is the input script.  Who the money goes to and where it comes from gets signed, which is the stuff that matters.  So you can't change that, and all you could do by modifying the input script is make it fail, in which case the transaction would be tossed.





Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!