On Thu, Jun 27, 2013 at 3:23 AM, Arthur Gervais <arthur.gerv...@inf.ethz.ch> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear Bitcoin developers, > > We would like to report a vulnerability which might lead, under some > assumptions, to a double-spending attack in a fast payment scenario. > The vulnerability has been introduced due to signature encoding > incompatibilities between versions 0.8.2 (or 0.8.3) and earlier > Bitcoin versions. > > Please find at the following link a detailed description of this > vulnerability: > ftp://ftp.inf.ethz.ch/pub/publications/tech-reports/7xx/789.pdf
It would be kind if your paper cited the one of the prior discussions of this transaction pattern: E.g. https://bitcointalk.org/index.php?topic=196990.msg2048297#msg2048297 (I think there are a couple others) The family of transaction patterns you describe is one of the ones I specifically cite as an example of why taking non-reversible actions on unconfirmed transactions is unsafe (and why most of the Bitcoin community resources) council the same. You can get similar patterns absent changes in the IsStandard rule through a number of other means. One obvious one is through concurrent announcement: You announce conflicting transactions at the same time to many nodes and one excludes another. By performing this many times and using chains of unconfirmed transactions and seeing which family your victim observes you can create input mixes that are only accepted by very specific subsets of the network. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development