Transaction malleability problem

Last updated

The transaction malleability problem is a vulnerability in blockchain which can be exploited by altering a cryptographic hash, such as the digital signature used to identify a cryptocurrency transaction. [1] [2] Transaction malleability is considered to be one of the largest ongoing threats to blockchain technology, [3] as it can compromise financial transactions such as Bitcoin and other cryptocurrency transactions, and cause other issues in the network. [4]

Contents

Discovery

The transaction malleability problem became known to the Bitcoin community in 2011.

In February 2014, Japanese Bitcoin exchange Mt. Gox revealed that they had been targeted by an exploit in Bitcoin protocol called "Transaction Malleability". At the time, Mt. Gox was the world's largest bitcoin exchange, handling approximately 70% of all bitcoin transactions. The company reportedly lost hundreds of millions of dollars worth of Bitcoin due to this bug. [5] After failing to attract enough investors to offset its losses, Mt. Gox suspended withdrawals, and closed its website. [6] The company soon filed for bankruptcy with CEO Mark Karpelès resigning. [7]

Shortly after Mt. Gox's announcement, it was revealed that Silk Road 2.0 had lost $2.7 million worth of Bitcoin due to an unknown hacker who exploited transaction malleability. [8]

A 2014 study published by Christian Decker and Roger Wattenhofer found that no major transaction malleability exploitations had occurred prior to the MT. Gox attack. [9]

Applications and threats

Transaction malleability can be used to alter the unique ID of a monetary transaction before it is confirmed. [10] For example, it is possible for a hacker to fool computer systems into erroneously sending multiple transactions by manipulating the TX ID of a bitcoin transaction. [11]

Related Research Articles

Proof of work (PoW) is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Moni Naor and Cynthia Dwork in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels.

A smart contract is a computer program or a transaction protocol that is intended to automatically execute, control or document events and actions according to the terms of a contract or an agreement. The objectives of smart contracts are the reduction of need for trusted intermediators, arbitration costs, and fraud losses, as well as the reduction of malicious and accidental exceptions. Smart contracts are commonly associated with cryptocurrencies, and the smart contracts introduced by Ethereum are generally considered a fundamental building block for decentralized finance (DeFi) and NFT applications.

<span class="mw-page-title-main">Bitcoin</span> Decentralized digital currency

Bitcoin is a decentralized digital currency. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. The cryptocurrency was invented in 2008 by an unknown person or group of people using the name Satoshi Nakamoto. The currency began use in 2009, when its implementation was released as open-source software. The word "bitcoin" was defined in a white paper published on October 31, 2008. It is a compound of the words bit and coin.

Namecoin is a cryptocurrency originally forked from bitcoin software. It uses proof-of-work algorithm. Like bitcoin, it is limited to 21 million.

<span class="mw-page-title-main">Cryptocurrency</span> Encrypted medium of digital exchange

A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. It is a decentralized system for verifying that the parties to a transaction have the money they claim to have, eliminating the need for traditional intermediaries, such as banks, when funds are being transferred between two entities.

<span class="mw-page-title-main">Mt. Gox</span> Defunct Bitcoin exchange based in Japan

Mt. Gox was a bitcoin exchange based in Shibuya, Tokyo, Japan. Launched in 2010, it was handling over 70% of all bitcoin (BTC) transactions worldwide by early 2014, when it abruptly ceased operations amid revelations of its involvement in the loss/theft of hundreds of thousands of bitcoins, then worth hundreds of millions in US dollars.

<span class="mw-page-title-main">Bitcoin network</span> Peer-to-peer network that processes and records bitcoin transactions

The Bitcoin network is a peer-to-peer network of nodes which implement the Bitcoin protocol. The protocol itself implements a highly available, public, and decentralized ledger. The nodes verify that each update to the ledger follows the rules of the Bitcoin protocol.

<span class="mw-page-title-main">History of bitcoin</span> History of Bitcoin, a cryptocurrency

Bitcoin is a cryptocurrency, a digital asset that uses cryptography to control its creation and management rather than relying on central authorities. Originally designed as a medium of exchange, Bitcoin is now primarily regarded as a store of value. The history of bitcoin started with its invention and implementation by Satoshi Nakamoto, who integrated many existing ideas from the cryptography community. Over the course of bitcoin's history, it has undergone rapid growth to become a significant store of value both on- and offline. From the mid-2010s, some businesses began accepting bitcoin in addition to traditional currencies.

Proof-of-stake (PoS) protocols are a class of consensus mechanisms for blockchains that work by selecting validators in proportion to their quantity of holdings in the associated cryptocurrency. This is done to avoid the computational cost of proof-of-work (POW) schemes. The first functioning use of PoS for cryptocurrency was Peercoin in 2012, although the scheme, on the surface, still resembled a POW.

<span class="mw-page-title-main">Stellar (payment network)</span> Cryptocurrency

Stellar, or Stellar Lumens, is an open-source, decentralized protocol for digital currency to fiat money low-cost transfers which allows cross-border transactions between any pair of currencies. The Stellar protocol is supported by a Delaware nonprofit corporation, the Stellar Development Foundation, though this organization does not enjoy 501(c)(3) tax-exempt status with the IRS.

A blockchain is a distributed ledger with growing lists of records (blocks) that are securely linked together via cryptographic hashes. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. Since each block contains information about the previous block, they effectively form a chain, with each additional block linking to the ones before it. Consequently, blockchain transactions are irreversible in that, once they are recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

Roger Wattenhofer, born in 1969, is a Swiss computer scientist, active in the field of distributed computing, networking, and algorithms. He is a professor at ETH Zurich (Switzerland) since 2001. He has published numerous research articles in computer science and a book on Bitcoin.

<span class="mw-page-title-main">Cardano (blockchain platform)</span> Public blockchain platform

Cardano is a public blockchain platform. It is open-source and decentralized, with consensus achieved using proof of stake. It can facilitate peer-to-peer transactions with its internal cryptocurrency, ADA.

<span class="mw-page-title-main">Bitcoin scalability problem</span> Scaling problem in bitcoin processing

The Bitcoin scalability problem refers to the limited capability of the Bitcoin network to handle large amounts of transaction data on its platform in a short span of time. It is related to the fact that records in the Bitcoin blockchain are limited in size and frequency.

Segregated Witness, or SegWit, is the name used for an implemented soft fork change in the transaction format of Bitcoin.

A cryptocurrency wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often offers the functionality of encrypting and/or signing information. Signing can for example result in executing a smart contract, a cryptocurrency transaction, identification or legally signing a 'document'.

Cryptocurrency and crime describes notable examples of cybercrime related to theft of cryptocurrencies and some of the methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies that has been used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrencies.

A blockchain is a shared database that records transactions between two parties in an immutable ledger. Blockchain documents and confirms pseudonymous ownership of all transactions in a verifiable and sustainable way. After a transaction is validated and cryptographically verified by other participants or nodes in the network, it is made into a "block" on the blockchain. A block contains information about the time the transaction occurred, previous transactions, and details about the transaction. Once recorded as a block, transactions are ordered chronologically and cannot be altered. This technology rose to popularity after the creation of Bitcoin, the first application of blockchain technology, which has since catalyzed other cryptocurrencies and applications.

<span class="mw-page-title-main">Ouroboros (protocol)</span> Blockchain protocol

Ouroboros is a family of proof-of-stake consensus protocols used in the Cardano and Polkadot blockchains. It can run both permissionless and permissioned blockchains.

Colored Coins is an open-source protocol built on the Bitcoin 2.0 that allows users to represent and manipulate immutable digital resources on top of Bitcoin transactions. They are a class of methods for representing and maintaining real-world assets on the Bitcoin blockchain, which may be used to establish asset ownership. Colored coins are bitcoins with a mark on them that specifies what they may be used for. Colored coins are also considered the initial step toward NFTs built on top of the Bitcoin network.

References

  1. Andrychowicz, Marcin; Dziembowski, Stefan; Malinowski, Daniel; Mazurek, Łukasz (2015). "On the Malleability of Bitcoin Transactions". In Brenner, Michael; Christin, Nicolas; Johnson, Benjamin; Rohloff, Kurt (eds.). Financial Cryptography and Data Security. Lecture Notes in Computer Science. Vol. 8976. Berlin, Heidelberg: Springer. pp. 1–18. doi:10.1007/978-3-662-48051-9_1. ISBN   978-3-662-48051-9.
  2. Rajput, Ubaidullah; Abbas, Fizza; Hussain, Rasheed; Eun, Hasoo; Oh, Heekuck (2015), "A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin", Information Security Applications, Lecture Notes in Computer Science, Cham: Springer International Publishing, vol. 8909, pp. 27–37, doi:10.1007/978-3-319-15087-1_3, ISBN   978-3-319-15086-4 , retrieved 2021-07-10
  3. Khan, Kashif Mehboob; Arshad, Junaid; Khan, Muhammad Mubashir (2021-01-01). "Empirical analysis of transaction malleability within blockchain-based e-Voting". Computers & Security. 100: 102081. doi:10.1016/j.cose.2020.102081. ISSN   0167-4048. S2CID   225135528.
  4. "What is Bitcoin Transaction Malleability & How Can It Affect Me?". Paxful Blog | Crypto Guides & Product Updates. 2020-07-27. Retrieved 2021-07-10.
  5. Rajput, Ubaidullah; Abbas, Fizza; Hussain, Rasheed; Eun, Hasoo; Oh, Heekuck (2015). "A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin". In Rhee, Kyung-Hyune; Yi, Jeong Hyun (eds.). Information Security Applications. Lecture Notes in Computer Science. Vol. 8909. Cham: Springer International Publishing. pp. 27–37. doi:10.1007/978-3-319-15087-1_3. ISBN   978-3-319-15087-1.
  6. "How a bug in bitcoin led to MtGox's collapse". the Guardian. 2014-02-27. Retrieved 2021-07-10.
  7. McLannahan, Ben (2014-02-28). "Bitcoin exchange Mt Gox files for bankruptcy protection" . Financial Times . Retrieved 2021-07-10.
  8. "Silk Road 2 loses $2.7m in bitcoins in alleged hack". BBC News. 2014-02-14. Retrieved 2021-07-10.
  9. Decker, Christian; Wattenhofer, Roger (2014). "Bitcoin Transaction Malleability and MtGox". In Kutyłowski, Mirosław; Vaidya, Jaideep (eds.). Computer Security - ESORICS 2014. Lecture Notes in Computer Science. Vol. 8713. Cham: Springer International Publishing. pp. 313–326. arXiv: 1403.6676 . doi:10.1007/978-3-319-11212-1_18. ISBN   978-3-319-11212-1. S2CID   14555943.
  10. "SegWit: not just a solution to transaction malleability problem" . Retrieved 2021-07-10.
  11. Garling, Caleb (2014-02-15). "Bitcoin's transaction malleability rattles system". SFGATE. Retrieved 2021-07-10.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.