Bitcoin Forum
November 13, 2024, 08:48:02 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Transaction Hash  (Read 3144 times)
aldenpogi (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
August 09, 2012, 02:52:16 AM
 #1

I'm new to bitcoin and web development. I want to know if someone plans to send bitcoins, will he be able to predict the transaction hash before the actual transaction?
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
August 09, 2012, 07:31:44 AM
 #2

It depends on what you mean by "predict". If you mean can he calculate the hash after creating the transaction, but before transmitting it to the network, then yes. If you mean can he somehow construct a transaction to have specific hash, for example, to create a transaction with the same hash as a previous transaction, then no. Hashes are essentially random and (unless the algorithm is completely broken) the only way to get a specific hash is by brute force (i.e. try all possible permutations of the data until you happen to find one with the hash you're looking for). Brute forcing hashes is "computationally infeasible", meaning that it would take a computer with 100% thermodynamic efficiency more energy than exists in the known universe to do so.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
aldenpogi (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
August 09, 2012, 01:52:28 PM
 #3

Thanks for the reply. I understand it now. What I wanted to achieve is to get some random value through the transaction hash. I guess I can't get it like that since if it will be predictable, it won't be purely random anymore.

Is there a way to get some purely random data that a btc sender can't control the outcome through the transaction hash? For example if I create a gambling site that needs to roll a random dice, and the outcome will depend on the transaction hash, but I want it to be purely unpredictable but unchangeable and verifiable, can it be done?
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


Tangible Cryptography LLC


View Profile WWW
August 09, 2012, 02:03:19 PM
 #4

A semi-random source of data is the block hash.

While it can be manipulated by the miner producing a block any change to the block will require looking for another block hash.  Since a solved block is worth ~$500 right now there is an economic disincentive for a miner to try and "game" the block hash.  Obviously you need to consider that risk vs the cost of an attack.  Using a block hash to protect a game where max prize is $2,000 is probably fine.  Using a block hash to determine the winner of the next power ball ($150 mil) is probably not a good idea. Smiley

Remember the higher order bytes of a block hash are not random (mostly zero to meet difficulty target) so you should use the low order ones.
aldenpogi (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
August 09, 2012, 02:13:30 PM
 #5

A semi-random source of data is the block hash.

While it can be manipulated by the miner producing a block any change to the block will require looking for another block hash.  Since a solved block is worth ~$500 right now there is an economic disincentive for a miner to try and "game" the block hash.  Obviously you need to consider that risk vs the cost of an attack.  Using a block hash to protect a game where max prize is $2,000 is probably fine.  Using a block hash to determine the winner of the next power ball ($150 mil) is probably not a good idea. Smiley

Remember the higher order bytes of a block hash are not random (mostly zero to meet difficulty target) so you should use the low order ones.

I'm sorry I don't quite understand. Please elaborate. Let's say a user sends a coin to an address, is there some value that I can use either based on that transaction or on that transaction's block that the user can't predict in advance?
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


Tangible Cryptography LLC


View Profile WWW
August 09, 2012, 02:32:19 PM
 #6

Yes the block hash.
http://blockchain.info/block-index/259311/00000000000003bb229c98bf628e57ce55104cda625c9b82b88dcc27a8901cd0

Right hand side "hash".    When a user creates a tx, wait for it to be hashed into a block.  You now have the block hash and transaction hash.  Block hash won't be unique for multiple tx in the same block (there is only 1 block hash) so likely you will want to combine both hashes  (xor,  SHA-256(transactionhash + blockhash), etc). 

In order to manipulate the output user would need to control the output of both the transaction and the block.  The transaction is trivial but the block would require massive amounts of computing power.  While a miner with enough hashing power "could" throw away valid block hashes which don't produce the output he wants (and wait for a block/tx combo which produces the output that "wins") block he/she wants that would be expensive as each block is worth 50 BTC.  Unless you prize is many magnitudes larger than the block reward it is unlikely that attack would be economical.

Satoshi Dice uses a slightly different system which doesn't require confirmation (they use a secret which is revealed later).  You may want to visit their site and see how they do it.   
aldenpogi (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
August 09, 2012, 09:51:08 PM
 #7

Thanks Tangible. You've been a great help. Smiley
aldenpogi (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
August 09, 2012, 09:56:38 PM
 #8

Oh by the way, does satoshi dice use encrypted keys so that they won't have to wait for a block to be confirmed to make everything faster? After submitting a transaction, how much time does the block appear in the network on average?
el_rlee
Legendary
*
Offline Offline

Activity: 1600
Merit: 1014



View Profile
August 10, 2012, 12:50:28 AM
 #9

satoshi dice and the double spending problem would be an interesting topic
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
August 10, 2012, 02:14:26 AM
 #10

Oh by the way, does satoshi dice use encrypted keys so that they won't have to wait for a block to be confirmed to make everything faster? After submitting a transaction, how much time does the block appear in the network on average?

satoshi dice and the double spending problem would be an interesting topic

Satoshi Dice uses a neat trick to accept transactions without waiting for confirmations while avoiding the risk of a double-spend. They simply include the output of the user's bet transaction as one of the inputs for the payout transaction. In other words, part of the payout consists of the exact same coins the user originally paid with. Since it is impossible to invalidate only part of a transaction, if the original bet transaction later turns out to be a double spend, or is invalid for any other reason, the entire payout transaction is also invalid.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!