David A. Harding [ARCHIVE] on Nostr: 📅 Original date posted:2023-06-07 🗒️ Summary of this message: A proposed ...
📅 Original date posted:2023-06-07
🗒️ Summary of this message: A proposed scenario for double-spending in Bitcoin transactions is questioned due to the lack of clarity on the identity of the parties involved.
📝 Original message:
On 2023-06-07 03:30, Burak Keceli wrote:
> If the service provider double-spends a transaction that enforces a
> one-time signature where Bob is the vendor, Bob can forge the service
> provider’s signature from the 2-of-2 and can immediately claim his
> previously-spent vTXO(s).
Hi Burak,
I'm confused. Bob owns some bitcoins that are timelocked against
immediate withdrawal, but where he can spend immediately with the
cooperation of service provider Sally. Bob transfers some bitcoins to
Sally contingent on her spending an equal amount of bitcoins (minus a
fee) to Carol. You already have a mechanism to enforce this contingency
(tx outpoints), so if Carol doesn't receive the bitcoins from Sally,
then Sally also doesn't receive the bitcoins from Bob. In other words,
you already have atomicity for a single transfer.
Are you describing the effect over multiple transfers? For example, Bob
previously transferred bitcoins to Sally and she paid users X, Y, and Z
in transactions that are now confirmed onchain, although she hasn't yet
swept Bob's funds. Now when Sally double spends the payment to Carol,
Bob can not only reclaim the funds he gave Sally to pay to Carol (which
was guaranteed by the atomicity), he can also reclaim the unswept funds
he gave Sally to pay X, Y, and Z.
If so, I don't think that works. In a private protocol, Carol can't be
sure that Bob and Sally are separate individuals. If they're the same
entity, then any forfeit that Sally needs to pay Bob is just an internal
transfer, not a penalty.
I'd appreciate any clarification you can offer. Thanks!,
-Dave
Published at
2023-06-15 00:54:55Event JSON
{
"id": "9373ad60b2e99f2d7d6ddee2ea13ac8eb8799e3fc27e2a161eea94c6a7b3fdbc",
"pubkey": "d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2",
"created_at": 1686790495,
"kind": 1,
"tags": [
[
"e",
"637c96dce499cccc5da5a1d7c30edbd46d958fd25c4c85af2a1d6f0aa1f7e6ef",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2023-06-07\n🗒️ Summary of this message: A proposed scenario for double-spending in Bitcoin transactions is questioned due to the lack of clarity on the identity of the parties involved.\n📝 Original message:\nOn 2023-06-07 03:30, Burak Keceli wrote:\n\u003e If the service provider double-spends a transaction that enforces a\n\u003e one-time signature where Bob is the vendor, Bob can forge the service\n\u003e provider’s signature from the 2-of-2 and can immediately claim his\n\u003e previously-spent vTXO(s).\n\nHi Burak,\n\nI'm confused. Bob owns some bitcoins that are timelocked against\nimmediate withdrawal, but where he can spend immediately with the\ncooperation of service provider Sally. Bob transfers some bitcoins to\nSally contingent on her spending an equal amount of bitcoins (minus a\nfee) to Carol. You already have a mechanism to enforce this contingency\n(tx outpoints), so if Carol doesn't receive the bitcoins from Sally,\nthen Sally also doesn't receive the bitcoins from Bob. In other words,\nyou already have atomicity for a single transfer.\n\nAre you describing the effect over multiple transfers? For example, Bob\npreviously transferred bitcoins to Sally and she paid users X, Y, and Z\nin transactions that are now confirmed onchain, although she hasn't yet\nswept Bob's funds. Now when Sally double spends the payment to Carol,\nBob can not only reclaim the funds he gave Sally to pay to Carol (which\nwas guaranteed by the atomicity), he can also reclaim the unswept funds\nhe gave Sally to pay X, Y, and Z.\n\nIf so, I don't think that works. In a private protocol, Carol can't be\nsure that Bob and Sally are separate individuals. If they're the same\nentity, then any forfeit that Sally needs to pay Bob is just an internal\ntransfer, not a penalty.\n\nI'd appreciate any clarification you can offer. Thanks!,\n\n-Dave",
"sig": "782fe46e0724a32ac4c5b7068e8f09f2c84e141d7f8fb8fe6782b9927570ad3d89bbd554b4429c406657f6a14a18c4ca1369ec15552d4f43b44bc82ad8729a94"
}