Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: New research proves: MtGox bitcoins NOT stolen using transaction malleability
by
sturle
on 28/03/2014, 21:36:11 UTC
Quote from: ifritsultan on March 28, 2014, 09:07:42 PM
Quote from: sturle on March 28, 2014, 08:29:40 AM
Quote from: Jamestty on March 28, 2014, 07:32:21 AM
Looks good, I hope this result can be verified!
It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.
Can you explain that? How can transactions be made "invisible"?
Because the transactions will not be accepted by bitcoin nodes.  Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data.  It may even disconnect the other node and blacklist it.  (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)
Quote
Of course the API would have been a better source, but still they also must have appeared in the public history... that is why they had the data.
They don't have the data.  They would have to connect directly to MtGox's bitcoin nodes to get the transactions directly from them, and it is safe to assume they didn't.  From their paper:
Quote
In average we connected to 992 peers, which at the time of writing is approximately 20% of the reachable nodes. According to Bamert et al. [4] the probability of detecting a double spending attack quickly converges to 1 as the number of sampled peers increase
Bamert et al. assumes the double spending transactions will be relayed through the network.  The vulnerable transactions from MtGox lacked this property, and it is unlikely to detect them when only conncted to 20% of all bitcoin nodes.  (Assuming they removed the standard test before compiling their own node; otherwise they wouldn't be able to detect the vulnerable transactions at all.)

Also: the problem with MtGox's vulnerable transactions was invalid padding of the S- or R-value in the signature.  Those were easy to fix by removing the extra padding.  The "researchers" didn't detect a single incident of this modification.  Indicating that they probably had the standard test in place in their client.

The paper is worthless.