This week, a term emerged that many bitcoiners won’t have heard before: transaction malleability. Mt Gox cited it as a key reason for suspending withdrawals‚ and it was also mentioned as the basis for an exploit used in a massive attack against the bitcoin network this week. So, what is it‚ how does it work‚ and should we be worried? Here′s what we know.
What is transaction malleability?
It’s an attack that lets someone change the unique ID of a bitcoin transaction before it is confirmed on the bitcoin network. The change makes it possible for someone to pretend that a transaction didn’t happen, if all the right conditions are in place.
Is it the same as double spending?
No. Double spending involves spending coins once, then creating a different transaction with those same coins before the first transaction is confirmed. The trick is then to get the fraudulent transaction confirmed on the bitcoin network first, so that the first transaction didn’t happen. That effectively means that you get to spend them twice.
How does transaction malleability work?
To understand that, you have to know how a bitcoin transaction works.
When you send bitcoins to someone, you don’t withdraw them from an account and send them whizzing along the wires. Bitcoins are never sent this way. Instead, a transaction is created on the bitcoin block chain.
The block chain acts like a giant general ledger for the whole of the bitcoin network. It keeps records of which bitcoin addresses sent funds to other bitcoin addresses, and when. This gives it a complete record of how many bitcoins can be attributed to which addresses on the network at any one time.
When a bitcoin transaction is made, it includes information such as the addresses that the bitcoins came from (the inputs), where they’re going (the outputs), the amounts transferred, and which addresses sent those funds to the sender’s address.
“Transaction malleability will help prove the decentralized network′s resilience against discrete network events”
Each transaction must be uniquely identified, so that it can be referenced in the block chain. That transaction ID (TX ID) is produced by taking the information in the transaction, and running it through a hash function.
Hashing is a mathematical procedure that takes different pieces of data and combines them to produce a shorter piece of information, known as a hash. One of the things that’s included in a transaction hash is the user’s digital signature, which proves that the transaction came from them. It’s a way for them to digitally ‘sign’ the transaction.
One of the key qualities of a hashing function is that it is impossible to tell what the original information was simply by looking at the hash. It is also impossible to predict what the hash will be, based on the pieces of information that you start with. If any small detail changes in any of those pieces of data, it will change the hash in a completely unpredictable way.
This makes transaction IDs practically impossible to spoof. Each transaction should only have one possible hash. You can prove that a transaction is valid by simply running all of the pieces of information that made up that transaction through the hashing function, to check that you get the same hash.
At least, that’s the idea. But here’s where malleability comes in. The user’s digital signatures used as part of the hash to ‘sign’ the transaction are meant to be in a certain format. That format wasn’t always properly checked. This meant that a badly-formatted one could be introduced, and still accepted. Altering the signature in this way makes it possible to create different hashes for the same transaction.
That’s not good. But, as it turns out, it’s not world–endingly bad either.