Can an attacker steal a very recent tx and alter it, broadcasting a new tx with his address on the output?

2

1

I'm reading the technical FAQs on the wiki, and what I don't see is, if I create a transaction with signed prev_outs and new outputs, do I also sign the ENTIRE new tx before broadcasting? I don't see any field in the spec for a final overall signature.

So what I'm asking is, if I receive a tx from a peer, what is stopping me from altering that tx message so the output is now my own address, and trying to broadcast my new fraudulent tx to the network faster and to more peers than the original honest tx?

pinhead

Posted 2014-01-04T10:38:41.837

Reputation: 2 356

Answers

4

In a typical transaction, every signature in the transaction is a signature over all the outputs. So you can't change any of the outputs without invalidating all the signatures.

David Schwartz

Posted 2014-01-04T10:38:41.837

Reputation: 46 931

Thanks. For some reason I thought scriptsig just signed the output of the old tx, didn't realize it was a sort of combo of old and new TXs together.pinhead 2014-01-05T01:14:32.727

1

The digital signature (with the SHA-hashed message) required for peers to accept the transaction.

Jori

Posted 2014-01-04T10:38:41.837

Reputation: 1 522