Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to understand transaction malleability in Bitcoin Technology

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to understand transaction malleability in Bitcoin technology". The explanation in this article is simple, clear and easy to learn and understand. let's study and learn "how to understand transaction malleability in Bitcoin technology".

Transaction malleability

Trading malleability is called Transaction Malleability in English. Malleability is similar to recasting steel. What are the characteristics of recasting? That is, do not change the density and quality, only change the shape.

We judge whether a person is a person or not, the most authoritative judgment is through the ID card number, but this is too troublesome, in order to simplify, it is judged by the appearance of a person.

The bill is similar. First review the contents of the bill, including the bill content (input and output quantity, etc.), the signature of the statement content, and the bill ID. The bill ID is the Hash of the bill content and signature, as shown below:

So how can the Bitcoin system quickly validate a bill? Just look at its ID. As long as the ID is different, it will be regarded as two bills.

Due to the problem of the bitcoin system signature algorithm ECDSA, the node can use the previous signature and the bill content to generate a different valid signature, thus the bill ID will be changed accordingly. This algorithm has only two valid signatures for a content, so the bill can only be forged once.

The point here is that the signature is valid and the bill is legal. As a result, there will be two bills in the Bitcoin network at the same time, the contents of the two bills are the same, but the bill ID is different. If the transaction sent by the user is A, the hacker changes it to B.

The premise here is that the inputs of An and B are the same. for a node, as long as one transaction is written on the chain, the other transaction will be invalidated. This is because when this node writes a transaction, it will first check whether the input of the bill on the local chain has been consumed. When both bills are spread across the network, when a node receives two bills, it will write the first one and discard the other.

Actual harm

It doesn't seem to hurt that only one of these two bills with the same content and different ID will end up in the blockchain. Remember that the bill we just mentioned is distinguished by ID? Suppose I save my money through a third-party platform and initiate a withdrawal operation A, and change the withdrawal transaction from ID to B. Finally, B was written on the chain first, that is, I got the money, but the cash withdrawal operation A failed. At this time, I can continue to initiate the withdrawal transaction.

What ability do I need for this? Do you need my computing resources? I don't need it. This has nothing to do with double payment, this kind of attack does not require the hacker node to dig a mine, the hacker node only needs to send the new bill to as many nodes as possible, and other nodes will eventually write the new bill on the chain.

Solution idea

There are two solutions to the problem of billing malleability. The first is to start with transaction verification, which was previously verified by ID and now can be verified by billing content, but this is time-consuming. Another way is to start with the billing ID, which makes the billing ID unchangeable.

The isolation proof combines these two approaches. Separate the bill ID from the signature and reflect the bill content. The isolation certificate moves the signature information from the middle of the bill to the end, and modifies the method of generating the bill ID, so that the ID is still short, is a Hash result, and is only related to the content of the bill, not to the signature.

In this way, it is useless for the hacker to sign it again, because it is still a bill.

Thank you for your reading. the above is the content of "how to understand transaction malleability in Bitcoin Technology". After the study of this article, I believe you have a deeper understanding of how to understand transaction malleability in Bitcoin technology. the specific use also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report