From: Gregory Maxwell <gmaxwell@gmail•com>
To: Arthur Gervais <arthur.gervais@inf•ethz.ch>
Cc: Ghassan Karame <ghassan@karame•org>,
bitcoin-development@lists•sourceforge.net,
Hubert Ritzdorf <rihubert@inf•ethz.ch>
Subject: Re: [Bitcoin-development] Double-Spending Fast Payments in Bitcoin due to Client versions 0.8.1
Date: Thu, 27 Jun 2013 04:04:06 -0700 [thread overview]
Message-ID: <CAAS2fgRg8B_j=Luf31R8-+vqOWQOUcUDof8wdq79_Ar9YuUm9g@mail.gmail.com> (raw)
In-Reply-To: <51CC12A6.3090100@inf.ethz.ch>
On Thu, Jun 27, 2013 at 3:23 AM, Arthur Gervais
<arthur.gervais@inf•ethz.ch> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear Bitcoin developers,
>
> We would like to report a vulnerability which might lead, under some
> assumptions, to a double-spending attack in a fast payment scenario.
> The vulnerability has been introduced due to signature encoding
> incompatibilities between versions 0.8.2 (or 0.8.3) and earlier
> Bitcoin versions.
>
> Please find at the following link a detailed description of this
> vulnerability:
> ftp://ftp.inf.ethz.ch/pub/publications/tech-reports/7xx/789.pdf
It would be kind if your paper cited the one of the prior discussions
of this transaction pattern:
E.g. https://bitcointalk.org/index.php?topic=196990.msg2048297#msg2048297
(I think there are a couple others)
The family of transaction patterns you describe is one of the ones I
specifically cite as an example of why taking non-reversible actions
on unconfirmed transactions is unsafe (and why most of the Bitcoin
community resources) council the same. You can get similar patterns
absent changes in the IsStandard rule through a number of other means.
One obvious one is through concurrent announcement: You announce
conflicting transactions at the same time to many nodes and one
excludes another. By performing this many times and using chains of
unconfirmed transactions and seeing which family your victim observes
you can create input mixes that are only accepted by very specific
subsets of the network.
next prev parent reply other threads:[~2013-06-27 11:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-27 10:23 Arthur Gervais
2013-06-27 11:04 ` Gregory Maxwell [this message]
2013-06-27 16:03 ` Arthur Gervais
2013-06-27 16:13 ` Gregory Maxwell
2013-06-27 16:16 ` Jeff Garzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAS2fgRg8B_j=Luf31R8-+vqOWQOUcUDof8wdq79_Ar9YuUm9g@mail.gmail.com' \
--to=gmaxwell@gmail$(echo .)com \
--cc=arthur.gervais@inf$(echo .)ethz.ch \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=ghassan@karame$(echo .)org \
--cc=rihubert@inf$(echo .)ethz.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox