Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Topic OP
Is my layman's understanding of transaction malleability correct?
by
pythonscript
on 17/02/2014, 21:55:25 UTC
I'm trying to build a rough, layman's understanding of how transaction malleability works (just for my own understanding; I'm not doing anything with it). This is the rough outline I have so far based on what I've read; is this correct?

1. In the simplest case, Alice wants to send bitcoins to Bob. This creates a transaction record that consists of a signature, which proves that Alice actually holds the bitcoins she's transferring to Bob, an ID (the txid?) for the previous transaction(s) in which Alice received these coins, Bob's address, and the amount.

2. The transaction record is broadcast to the entire miner network, who verify it, add it to a block, and attempt to "solve" that block.

3. In order for Bob to spend the bitcoins that he receives, he needs to refer to it in the blockchain (using the same type of ID that Alice used in step 1). This ID is created by hashing the pieces of the transaction record.

4. Transaction malleability comes into play because, as the wiki page states, the signature doesn't cover all of the data in a transaction that's hashed to create the transaction hash. Specifically, the signature doesn't cover itself, but the hash *does* include the signature. Therefore, it's possible to change either the format of the signature or the script used to make the signature in a way that won't invalidate the validity of the transaction, but that *will* change the hash.

5. Both transactions are submitted to miners and included in blocks, and whichever block is completed first, the transaction included in that block is considered to have 1 confirmation.

Here's where I'm a little unclear. Transaction malleability isn't a problem after a transaction has at least one confirmation, right? Once a transaction has at least one confirmation, any other identical transactions (identical except for the signature, that is) won't be verified by miners, I don't think. The issue arises if a bitcoin processor/exchange allows someone to spend coins they withdrew before waiting for at least one confirmation?

This means that it's not possible for both transactions to be in the blockchain, so people/organizations affected by this won't have to go through the blockchain to find people who double-withdrew, right?

I'm still getting a grasp on this, but any feedback is most welcome.