2
1
i'm very new to bitcoins (started learning it today). i hope i get the question right:
i understand when a transaction is created, using my private key i sign the transaction, but i also provide the public key with it right?
if so, what denies a man in the middle to take it, re-sign using his own private key, and provide his own public key?
- regular https handles this issue using a root CA, which i understand doesn't exist in bitcoins concept
- encryption is usually used using the public keys, to avoid someone else changing the transaction and re-encrypt it (as it doesn't have the private key to open the data)
so, i don't quite understand what makes it secure as the bitcoin wallet creates a data that is not encrypted, and anyone else can take this data, and alter whatever it wants before it leaves the network
thanks!
1Cant i sign the funds with my own private key instead of the original? – ArielB – 2016-05-03T05:45:49.713
1The funds are associated with the owner's public key, not yours so any signature you provide does not authorized the Transfer. – cdecker – 2016-05-03T10:11:31.380
how? i understand that by spending the funds, you supply your unlocking script with the locking script (usually hash with the private key) - is this what makes it unchangable? also, besides the scripts, the transaction is signed by whole? – ArielB – 2016-05-03T12:53:37.280
Yes, the script attached to the output dictates which public keys are allowed to spend the funds, signatures by other private keys are invalid. Usually the signature signs the entire transaction, but that behavior can be fine tuned using the SIGHASH flags. – cdecker – 2016-05-03T14:00:28.530
uhm. i still didnt understand something. let's say i'm eavesdropping the network, grabbing the transaction that Bob sent to Alice, he supplied his unlocking script, and added Alice's locking script. why can't i just take that transaction, change the output to me, change the locking script to my keys, and then it's like Bob sent the money to me? – ArielB – 2016-05-05T14:12:47.180
Because the keys that are required to unlock the funds were specified in the previous transaction, the one that transferred the funds to Bob. – cdecker – 2016-05-07T18:16:57.007
1i know, they were specified in the previous transaction, but the transaction wasn't broadcasted yet to any node, so, i'm still using Bob's unlock scripts, i'm just faking the part that he supposed to send the funds to alice - transferring them to me - isn't it similar to a malware that for example changes the address while user pastes it in his wallet? just instead of making the wallet software create the transaction with the new address, i'll "re-create" it with a created transaction? – ArielB – 2016-05-08T07:40:42.307
See this: http://stripcoin.com/security/mitm/ - "In the same context, any time you transmit a Bitcoin address over a non cryptographic connection like HTTP or Email, every service provider who can see that transfer has the ability to change your Bitcoin address to theirs. " - that's what i meant.
– ArielB – 2016-05-08T13:02:02.470That MITM attack targets a communication channel that is external to the Bitcoin protocol. Bitcoin is only concerned with securing the transaction once the payee address has been securely communicated to the payer. Once that is done and the payer has correctly created a transaction it is no longer vulnerable to MITM attacks. – cdecker – 2016-05-08T14:12:23.857
yep, u described it well. so before broadcast - you are in risk, after confirmations - all good. thanks! – ArielB – 2016-05-08T14:22:05.080
Well even during the broadcast it is safe, it's just safely communicating the payee's address which is in danger of incurring a MITM attack :-) – cdecker – 2016-05-08T15:07:25.263