Advertisement

On the Malleability of Bitcoin Transactions

  • Marcin Andrychowicz
  • Stefan Dziembowski
  • Daniel Malinowski
  • Łukasz MazurekEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8976)

Abstract

We study the problem of malleability of Bitcoin transactions. Our first two contributions can be summarized as follows:
  1. (i)

    we perform practical experiments on Bitcoin that show that it is very easy to maul Bitcoin transactions with high probability, and

     
  2. (ii)

    we analyze the behavior of the popular Bitcoin wallets in the situation when their transactions are mauled; we conclude that most of them are to some extend not able to handle this situation correctly.

     
The contributions in points (i) and (ii) are experimental. We also address a more theoretical problem of protecting the Bitcoin distributed contracts against the “malleability” attacks. It is well-known that malleability can pose serious problems in some of those contracts. It concerns mostly the protocols which use a “refund” transaction to withdraw a financial deposit in case the other party interrupts the protocol. Our third contribution is as follows:
  1. (iii)

    we show a general method for dealing with the transaction malleability in Bitcoin contracts. In short: this is achieved by creating a malleability-resilient “refund” transaction which does not require any modification of the Bitcoin protocol.

     

Keywords

Hash Function Signature Scheme Commitment Scheme Malleability Problem Elliptic Curve Digital Signature Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    bips/bip-0065.mediawiki. http://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki. Accessed on 10 December 2014
  2. 2.
    bitcoinj library homepage. http://bitcoinj.github.io. Accessed on 20 October 2014
  3. 3.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, pp. 105–121. Springer, Berlin Heidelberg (2014)Google Scholar
  4. 4.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), May (2014)Google Scholar
  5. 5.
    Back, A., Bentov, I.: Note on fair coin toss via bitcoin (2013). http://www.cs.technion.ac.il/7Eidddo/cointossBitcoin.pdf
  6. 6.
    Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014) Google Scholar
  7. 7.
    Bentov, I., Kumaresan, R.: How to use Bitcoin to design fair protocols. Cryptology ePrint Archive, Report 2014/129 (2014). http://eprint.iacr.org/2014/129. Accepted to ACM CCS 2014
  8. 8.
    Bitcoin.org. Developer reference. http://bitcoin.org/en/developer-reference. Accessed on 20 October 2014
  9. 9.
    Bitcoin.org. List of bitcoin wallets. http://bitcoin.org/en/choose-your-wallet. Accessed on 20 October 2014
  10. 10.
    Boldyreva, A., Cash, D., Fischlin, M., Warinschi, B.: Foundations of non-malleable hash and one-way functions. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 524–541. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    Vitalik, B.: Bitcoin network shaken by blockchain fork, March 2013. Bitcoin Magazine. http://bitcoinmagazine.com/3668/bitcoin-network-shaken-by-blockchain-fork
  12. 12.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th Annual ACM Symposium on Theory of Computing, pp. 494–503. ACM Press (2002)Google Scholar
  13. 13.
    Decker, C., Wattenhofer, R.: Bitcoin transaction malleability and mtgox. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 313–326. Springer, Heidelberg (2014) Google Scholar
  14. 14.
    Dodis, Y., Wichs, D.: Non-malleable extractors and symmetric key cryptography from weak secrets. In: Mitzenmacher, M. (ed.) 41st Annual ACM Symposium on Theory of Computing, pp. 601–610. ACM Press (2009)Google Scholar
  15. 15.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)zbMATHMathSciNetCrossRefGoogle Scholar
  16. 16.
    Dziembowski, S., Kazana, T., Obremski, M.: Non-malleable codes from two-source extractors. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 239–257. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  17. 17.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1, 28 (2008)Google Scholar
  18. 18.
    Weisenthal, J.: Bitcoin just completely crashed as major exchange says withdrawals remain halted, Business Insider (2014). http://www.businessinsider.com/mtgox-statement-on-withdrawals-2014-2
  19. 19.
    Bitcoin Wiki. Contracts. http://en.bitcoin.it/wiki/Contracts. Accessed on 20 October 2014
  20. 20.
    Bitcoin Wiki. Main page. http://en.bitcoin.it/. Accessed on 20 October 2014
  21. 21.
    Bitcoin Wiki. Transaction malleability. http://en.bitcoin.it/wiki/Transaction_Malleability. Accessed on 20 October 2014
  22. 22.
    Wuille, P.: Bitcoin improvement proposal: dealing with malleability. http://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki. Accessed on 20 October 2014

Copyright information

© International Financial Cryptography Association 2015

Authors and Affiliations

  • Marcin Andrychowicz
    • 1
  • Stefan Dziembowski
    • 1
  • Daniel Malinowski
    • 1
  • Łukasz Mazurek
    • 1
    Email author
  1. 1.University of WarsawWarsawPoland

Personalised recommendations