How to deal with malleability of BitCoin transactions

Preprint English OPEN
Andrychowicz, Marcin; Dziembowski, Stefan; Malinowski, Daniel; Mazurek, Łukasz;
(2013)
  • Subject: Computer Science - Cryptography and Security

BitCoin transactions are malleable in a sense that given a transaction an adversary can easily construct an equivalent transaction which has a different hash. This can pose a serious problem in some BitCoin distributed contracts in which changing a transaction's hash ma... View more
  • References (17)
    17 references, page 1 of 2

    1. M. Andrychowicz, S. Dziembowski, D. Malinowski, and Ł. Mazurek. Fair Two-Party Computations via the BitCoin Deposits. Cryptology ePrint Archive, 2013.

    2. M. Andrychowicz, S. Dziembowski, D. Malinowski, and Ł. Mazurek. Secure Multiparty Computations on BitCoin. Cryptology ePrint Archive, 2013. http://eprint.iacr.org/2013/784.

    3. Adam Back and Iddo Bentov. Note on fair coin toss via bitcoin, 2013. http://www.cs.technion.ac.il/˜idddo/cointossBitcoin.pdf.

    4. S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008.

    1. A holds the key pair A and B holds the key pair B.

    2. A knows the secret sA, B knows the secret sB , both players know the hashes hsA = H (sA) and hsB = H (sB).

    3. There are four unredeemed transactions T1A, T2A and T1B , T2B, which can be redeemed with the keys A and B respectively, each having the value of d B.

    1. A draws a random string rA and B draws a random string rB.

    2. The parties execute CS.Commit(A, B, d, t, rA) and CS.Commit(B, A, d, t, rB) using T1A and T1B respectively. The former execution will be denoted CSA and the latter CSB . Recall that the parties quit the whole NewSCS protocol if they detect the misbehavior of the other party during one of the CS.Commit executions.

    3. Both players compute the body of the transaction Commit using T2A and T2B as inputs.

  • Metrics
Share - Bookmark