📅 Original date posted:2018-01-24
📝 Original message:On Wed, 2018-01-24 at 19:51 +0100, Natanael wrote:
>
> That's not the type of attack I'm imagining. Both versions of your
> scheme are essentially equivalent in terms of this attack.
>
> Intended steps:
> 1: You publish a hash commitment.
> 2: The hash ends up in the blockchain.
> 3: You publish the transaction itself, and it matches the hash
> commitment.
> 4: Because it matches, miners includes it. It's now in the
> blockchain.
I think you misread my second proposal. The first step is not only to
publish the hash but to publish a *pair* consisting of the hash and the
transaction.
If the attacker changes the transaction on the wire, the user does not
care and will try again.
By the way: As described here, everybody could do this first step and
flood the blockchain with it. We cannot immediately subtract a fee,
because it's not clear that some transaction will take place at all. So
we need to take the fee from somewhere else or do something else to
prevent spam. But that's entirely different issue...
Tim Ruffing [ARCHIVE] /
npub1cm…dwkls
2023-06-07 18:10:10
in reply to nevent1q…hc9r
Author Public Key
npub1cmt6gqyfw3sdngkq0wadtpe3kmgyyeld6ad0g2h5tar3kpzcrmpqddwklsPublished at
2023-06-07 18:10:10Event JSON
{
"id": "de8732ba10777f55debb2da4ea8393e8fe3d815edd14e6aafeb3097382982fb4",
"pubkey": "c6d7a400897460d9a2c07bbad58731b6d04267edd75af42af45f471b04581ec2",
"created_at": 1686161410,
"kind": 1,
"tags": [
[
"e",
"3098b6cd22aeee78f0db7c45c94594dc578b6094452b2f8e3129789af2cd6fd4",
"",
"root"
],
[
"e",
"b9a31490156414b939fc28a3291b70abab656bdb4fc8bf12953a6a10e326d692",
"",
"reply"
],
[
"p",
"f14f3c71a4e63a12c842e4a50471263ada4b6cfde093fcb6588693a726b9b018"
]
],
"content": "📅 Original date posted:2018-01-24\n📝 Original message:On Wed, 2018-01-24 at 19:51 +0100, Natanael wrote:\n\u003e \n\u003e That's not the type of attack I'm imagining. Both versions of your\n\u003e scheme are essentially equivalent in terms of this attack. \n\u003e \n\u003e Intended steps: \n\u003e 1: You publish a hash commitment. \n\u003e 2: The hash ends up in the blockchain. \n\u003e 3: You publish the transaction itself, and it matches the hash\n\u003e commitment. \n\u003e 4: Because it matches, miners includes it. It's now in the\n\u003e blockchain. \n\nI think you misread my second proposal. The first step is not only to\npublish the hash but to publish a *pair* consisting of the hash and the\ntransaction.\n\nIf the attacker changes the transaction on the wire, the user does not\ncare and will try again.\n\nBy the way: As described here, everybody could do this first step and\nflood the blockchain with it. We cannot immediately subtract a fee,\nbecause it's not clear that some transaction will take place at all. So\nwe need to take the fee from somewhere else or do something else to\nprevent spam. But that's entirely different issue...",
"sig": "799f1f19b242bfb1f8622ac7d7d2340bd63364b006015bc9efc3790c026a75a8222d85b492e91fb9cd101982f2fe1b4a00477c2e02a4a3b63b4700d8e443cfb9"
}