How malleability ussue works?

0

1

Can you explain malleability issue, please?

This is what I read here: https://qz.com/175565/why-nobody-can-withdraw-bitcoins-from-one-of-the-currencys-largest-exchanges/

"When a transaction record is sent out to the network of bitcoin miners, it’s possible for a hacker to tweak it enough to change the hash, but not enough to make the transfer invalid. One of the ways the hacker can do this is by slightly modifying the digital signature in a way that it is still recognized as the right signature, but, again, results in a completely different hash."

I can't understand how, say, Bob can change Alice's signature in a Alice->Bob transaction if that signature doesn't belong to him in the first place.

D-Samp

Posted 2018-11-04T10:15:24.443

Reputation: 61

2

Possible duplicate of What is Transaction Malleability?

chytrik 2018-11-04T10:21:14.643

This question primarily addresses what it is. I wanted to clarify how exactly it is possible that third parties can change signatures of othersD-Samp 2018-11-04T10:54:52.647

Answers

1

First of all, exchanges keep track of transactions by their TXIDs. The TXID can be changed by 3rd parties, but not the transaction data.

I can't understand how, say, Bob can change Alice's signature in a Alice->Bob transaction if that signature doesn't belong to him in the first place.

Old versions of Bitcoin Core used OpenSSL to verify signatures (now libsecp256k1). OpenSSL is lenient about signature encoding.

  • An ECDSA signature is an (R,s) pair. (R,-s) also makes a valid signature.
  • OpenSSL allows encoding algorithms other than DER.

which means there are more than one possible way to encode signatures. Different but equivalent signatures allow 3rd parties to change the signatures without knowing the private key, thus changing the TXID.

Details: BIP 62

MCCCS

Posted 2018-11-04T10:15:24.443

Reputation: 5 827

"Old versions of Bitcoin Core used OpenSSL to verify signatures (now libsecp256k1). OpenSSL is lenient about signature encoding." Doesn't this issue still on since not everyone accepted SegWit?D-Samp 2018-11-04T10:48:51.023

No, transactions with non-der signatures are not relayed. And no software, even pre-segwit, uses non-der signatures.MCCCS 2018-11-04T11:36:12.497

Asked: 2018-11-04T10:15:24.443

Viewed: 36 times

Active: 2018-11-04T10:31:13.240