The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale. ertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertised sites are notndorsed by theBitcoin Forum.They may beunsafe, untrustworthy, or illegal inyour jurisdiction. Advertise here.

tl121



Offline



Activity: 278

Merit: 251







Sr. MemberActivity: 278Merit: 251 Re: New transaction malleability attack wave? Another stresstest? October 11, 2015, 07:12:13 PM #204 Quote from: coins101 on October 11, 2015, 04:38:18 PM This has been bugging me. I've read elsewhere about the real cost of sending transactions on the Bitcoin network being much, much higher than the banking or Visa network.



The cost per bitcoin transaction includes the cost of running the full nodes. This includes the nodes that forward the unconfirmed transaction to the node that eventually mines the tranaction, the full node that eventually mines the transaction, and the other full nodes that verify and store the block containing mined transaction.



Assuming the software were 100% efficient, this would, at least include the cost of transmitting the transaction to each node, the cost of verifying the transaction and the cost of storing the transaction. (In practice there are additional costs and overheads, but these are the essentials based on the design of bitcoin which requires all full nodes to receive and verify the entire block chain. Most of the extra overheads can, at least potentially, be avoided by clever software design.)



A transaction has an average of two digital signatures to be verified (most of the processing) and 500 bytes of data to be received (and on average transmitted) and stored. The costs can be worked out, but will depend on the users location. Some (SWAG) figures for bandwidth cost and storage cost are $0.10 per GB. You can do your own math and figure out how much it costs a node to process an average bitcoin transaction. This has to be multiplied by the number of nodes in the network (or the number of nodes that you think are useful to have in the network).



The cost of mining is a fixed cost of running the network. It remains constant regardless of the number of transactions that are in the blocks being mined. This is the cost of protecting the value of the bitcoins held by the private key holders. It is not the cost of processing transactions.





The cost per bitcoin transaction includes the cost of running the full nodes. This includes the nodes that forward the unconfirmed transaction to the node that eventually mines the tranaction, the full node that eventually mines the transaction, and the other full nodes that verify and store the block containing mined transaction.Assuming the software were 100% efficient, this would, at least include the cost of transmitting the transaction to each node, the cost of verifying the transaction and the cost of storing the transaction. (In practice there are additional costs and overheads, but these are the essentials based on the design of bitcoin which requires all full nodes to receive and verify the entire block chain. Most of the extra overheads can, at least potentially, be avoided by clever software design.)A transaction has an average of two digital signatures to be verified (most of the processing) and 500 bytes of data to be received (and on average transmitted) and stored. The costs can be worked out, but will depend on the users location. Some (SWAG) figures for bandwidth cost and storage cost are $0.10 per GB. You can do your own math and figure out how much it costs a node to process an average bitcoin transaction. This has to be multiplied by the number of nodes in the network (or the number of nodes that you think are useful to have in the network).The cost of mining is a fixed cost of running the network. It remains constant regardless of the number of transactions that are in the blocks being mined. This is the cost of protecting the value of the bitcoins held by the private key holders. It is not the cost of processing transactions.

tl121



Offline



Activity: 278

Merit: 251







Sr. MemberActivity: 278Merit: 251 Re: New transaction malleability attack wave? Another stresstest? October 11, 2015, 07:48:48 PM #206 Quote from: BitNow on October 11, 2015, 07:17:48 PM Can somebody explains in a simple sentence (subject + verb + object) what's the problem with this attack, besides that can be a possible duplicate for your transaction that never gets accepted by the Blockchain and gets deleted by the Blockchain after 1 week (estimated time)?



There are two problems:



1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.



2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.

There are two problems:1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.

coins101



Offline



Activity: 1456

Merit: 1000









LegendaryActivity: 1456Merit: 1000 Re: New transaction malleability attack wave? Another stresstest? October 11, 2015, 07:58:00 PM #207 Quote from: tl121 on October 11, 2015, 07:12:13 PM Quote from: coins101 on October 11, 2015, 04:38:18 PM This has been bugging me. I've read elsewhere about the real cost of sending transactions on the Bitcoin network being much, much higher than the banking or Visa network.



The cost per bitcoin transaction includes the cost of running the full nodes. This includes the nodes that forward the unconfirmed transaction to the node that eventually mines the tranaction, the full node that eventually mines the transaction, and the other full nodes that verify and store the block containing mined transaction.



Assuming the software were 100% efficient, this would, at least include the cost of transmitting the transaction to each node, the cost of verifying the transaction and the cost of storing the transaction. (In practice there are additional costs and overheads, but these are the essentials based on the design of bitcoin which requires all full nodes to receive and verify the entire block chain. Most of the extra overheads can, at least potentially, be avoided by clever software design.)



A transaction has an average of two digital signatures to be verified (most of the processing) and 500 bytes of data to be received (and on average transmitted) and stored. The costs can be worked out, but will depend on the users location. Some (SWAG) figures for bandwidth cost and storage cost are $0.10 per GB. You can do your own math and figure out how much it costs a node to process an average bitcoin transaction. This has to be multiplied by the number of nodes in the network (or the number of nodes that you think are useful to have in the network).



The cost of mining is a fixed cost of running the network. It remains constant regardless of the number of transactions that are in the blocks being mined. This is the cost of protecting the value of the bitcoins held by the private key holders. It is not the cost of processing transactions.







The cost per bitcoin transaction includes the cost of running the full nodes. This includes the nodes that forward the unconfirmed transaction to the node that eventually mines the tranaction, the full node that eventually mines the transaction, and the other full nodes that verify and store the block containing mined transaction.Assuming the software were 100% efficient, this would, at least include the cost of transmitting the transaction to each node, the cost of verifying the transaction and the cost of storing the transaction. (In practice there are additional costs and overheads, but these are the essentials based on the design of bitcoin which requires all full nodes to receive and verify the entire block chain. Most of the extra overheads can, at least potentially, be avoided by clever software design.)A transaction has an average of two digital signatures to be verified (most of the processing) and 500 bytes of data to be received (and on average transmitted) and stored. The costs can be worked out, but will depend on the users location. Some (SWAG) figures for bandwidth cost and storage cost are $0.10 per GB. You can do your own math and figure out how much it costs a node to process an average bitcoin transaction. This has to be multiplied by the number of nodes in the network (or the number of nodes that you think are useful to have in the network).The cost of mining is a fixed cost of running the network. It remains constant regardless of the number of transactions that are in the blocks being mined. This is the cost of protecting the value of the bitcoins held by the private key holders. It is not the cost of processing transactions.

6,000 nodes x $100/month hosting costs (which would be on the higher end), works out at $7m / year. Lets say 300,000 full nodes x $500/month each, that gets you to $1.8bn in full node costs. Add that to $3bn, no lets say $5bn in mining costs. You still get less than $10bn annual costs to operate the network vs. Visa costs of $18bn - $30bn, before taking into consideration MasterCard, banks costs, etc.



At mass payments scale, Bitcoin running its own decentralized back-ups / disaster recovery network is way more efficient. 6,000 nodes x $100/month hosting costs (which would be on the higher end), works out at $7m / year. Lets say 300,000 full nodes x $500/month each, that gets you to $1.8bn in full node costs. Add that to $3bn, no lets say $5bn in mining costs. You still get less than $10bn annual costs to operate the network vs. Visa costs of $18bn - $30bn, before taking into consideration MasterCard, banks costs, etc.At mass payments scale, Bitcoin running its own decentralized back-ups / disaster recovery network is way more efficient.

Perlover



Offline



Activity: 159

Merit: 100







Full MemberActivity: 159Merit: 100 Re: New transaction malleability attack wave? Another stresstest? October 12, 2015, 10:34:34 AM

Last edit: October 12, 2015, 10:56:05 AM by Perlover #214 Quote from: tl121 on October 11, 2015, 07:48:48 PM Quote from: BitNow on October 11, 2015, 07:17:48 PM Can somebody explains in a simple sentence (subject + verb + object) what's the problem with this attack, besides that can be a possible duplicate for your transaction that never gets accepted by the Blockchain and gets deleted by the Blockchain after 1 week (estimated time)?



There are two problems:



1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.



2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.



There are two problems:1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.

I will tell more



I have Mycelium 2.5.2. It allows to spend from unconfirmed transactions (without this feature a user could not make a next transaction until a next block in blockchechain will be generated but user should have a right to spend a change al least for example from a previous payment without waiting)

But this attack has a biggest problem as you could think - now i cannot spend my money from HD account already 3 days because this attack affected my Mycelium wallet. How it happens:



I did Tx - A. After soon i did other Tx - B. The B uses inputs from Tx A. Both transactions were unconfirmed. But attacker rebroadcasted a changed new transaction - A'. And this transaction was confirmed! After refreshing in the Mycelium wallet the last one forgot about A and replaced it by A' Tx. But after i had the A', the B transaction which used inputs from my other Txs and from the A! But the A already doesn't exist because it was double-spended for blockchain! And the Tx B looks like normal transaction (not double-spend!) because it has input from A transaction (other hash) - there is original TxID and its Tx was forgotten. Miners and full nodes think that they have the B transaction but didn't get a the A yet (other inputs refere to valid Txs of course). And this transaction hangs in mempool already three days and i cannot use other inputs! As a result of this - i as user cannot use other bitcoins already some days. I tried to archive account in Mycelium, wait 1-2 days and activate account again - and this "zombie" B Tx restored again and holds other outputs of other Tx from spending because the B has them (i see it happens because the Mycelium company has own bitcoin blockchain explorer which remembers this B Tx long time).



I think it problem is not only of the Mycelium wallet software.



While malleability will be in current protocol and the BIP62 doesn't work yet - any atacker will be able to make many shit to other users with wallet software - in this case there will be only one way to use bitcoin: to make one transaction in wallet -> wait until confirmation -> doing next transaction... It is stupid and very not comfortable way of bitcoin using.



What do you think about this?



P.S. I am as an advanced user exported xpriv key in Electrum and after this made new transaction and did double-spend of other inputs which were blocked by B Tx... But should what do not-advanced user? He will think that bitcoin sucks and he lost a money... I will tell moreI have Mycelium 2.5.2. It allows to spend from unconfirmed transactions (without this feature a user could not make a next transaction until a next block in blockchechain will be generated but user should have a right to spend a change al least for example from a previous payment without waiting)But this attack has a biggest problem as you could think - now i cannot spend my money from HD account already 3 days because this attack affected my Mycelium wallet. How it happens:I did Tx - A. After soon i did other Tx - B. The B uses inputs from Tx A. Both transactions were unconfirmed. But attacker rebroadcasted a changed new transaction - A'. And this transaction was confirmed! After refreshing in the Mycelium wallet the last one forgot about A and replaced it by A' Tx. But after i had the A', the B transaction which used inputs from my other Txs and from the A! But the A already doesn't exist because it was double-spended for blockchain! And the Tx B looks like normal transaction (not double-spend!) because it has input from A transaction (other hash) - there is original TxID and its Tx was forgotten. Miners and full nodes think that they have the B transaction but didn't get a the A yet (other inputs refere to valid Txs of course). And this transaction hangs in mempool already three days and i cannot use other inputs! As a result of this - i as user cannot use other bitcoins already some days. I tried to archive account in Mycelium, wait 1-2 days and activate account again - and this "zombie" B Tx restored again and holds other outputs of other Tx from spending because the B has them (i see it happens because the Mycelium company has own bitcoin blockchain explorer which remembers this B Tx long time).I think it problem is not only of the Mycelium wallet software.While malleability will be in current protocol and the BIP62 doesn't work yet - any atacker will be able to make many shit to other users with wallet software - in this case there will be only one way to use bitcoin: to make one transaction in wallet -> wait until confirmation -> doing next transaction... It is stupid and very not comfortable way of bitcoin using.What do you think about this?P.S. I am as an advanced user exported xpriv key in Electrum and after this made new transaction and did double-spend of other inputs which were blocked by B Tx... But should what do not-advanced user? He will think that bitcoin sucks and he lost a money...

Zyklon87



Offline



Activity: 78

Merit: 10







MemberActivity: 78Merit: 10 Re: New transaction malleability attack wave? Another stresstest? October 12, 2015, 10:59:58 AM #215 Quote from: Perlover on October 12, 2015, 10:34:34 AM Quote from: tl121 on October 11, 2015, 07:48:48 PM Quote from: BitNow on October 11, 2015, 07:17:48 PM Can somebody explains in a simple sentence (subject + verb + object) what's the problem with this attack, besides that can be a possible duplicate for your transaction that never gets accepted by the Blockchain and gets deleted by the Blockchain after 1 week (estimated time)?



There are two problems:



1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.



2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.



There are two problems:1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.

I will tell more



I have Mycelium 2.5.2. It allows to spend from unconfirmed transactions (without this feature a user could not make a next transaction until a next block in blockchechain will be generated but user should have a right to spend a change al least for example from a previous payment without waiting)

But this attack has a biggest problem as you could think - now i cannot spend my money from HD account already 3 days because this attack affected my Mycelium wallet. How it happens:



I did Tx - A. After soon i did other Tx - B. The B uses inputs from Tx A. Both transactions were unconfirmed. But attacker rebroadcasted a changed new transaction - A'. And this transaction was confirmed! After refreshing in the Mycelium wallet the last one forgot about A and replaced it by A' Tx. But after i had the A', the B transaction which used inputs from my other Txs and from the A! But the A already doesn't exist because it was double-spended for blockchain! And the Tx B looks like normal transaction (not double-spend!) because it has input from A transaction (other hash) - there is original TxID and its Tx was forgotten. Miners and full nodes think that they have the B transaction but didn't get a the A yet (other inputs refere to valid Txs of course). And this transaction hangs in mempool already three days and i cannot use other inputs! As a result of this - i as user cannot use other bitcoins already some days. I tried to archive account in Mycelium, wait 1-2 days and activate account again - and this "zombie" B Tx restored again (i see it happens because the Mycelium company has own bitcoin blockchain explorer which remembers this B Tx long time).



I think it problem is not only of the Mycelium wallet software.



While malleability will be in current protocol and the BIP62 doesn't work yet - any atacker will be able to make many shit to other user with wallet software - in this case there only one way to use bitcoin: to make one transaction in wallet -> wait until confirmation -> doing next transaction... It is stupid and very not comfortable way of bitcoin using.



What do you think about this?



P.S. I am as an advanced user exported xpriv key in Electrum and after this made new transaction and did double-spend of other inputs which were blocked by B Tx... But should what do not-advanced user? He will think that bitcoin sucks and he lost a money...

I will tell moreI have Mycelium 2.5.2. It allows to spend from unconfirmed transactions (without this feature a user could not make a next transaction until a next block in blockchechain will be generated but user should have a right to spend a change al least for example from a previous payment without waiting)But this attack has a biggest problem as you could think - now i cannot spend my money from HD account already 3 days because this attack affected my Mycelium wallet. How it happens:I did Tx - A. After soon i did other Tx - B. The B uses inputs from Tx A. Both transactions were unconfirmed. But attacker rebroadcasted a changed new transaction - A'. And this transaction was confirmed! After refreshing in the Mycelium wallet the last one forgot about A and replaced it by A' Tx. But after i had the A', the B transaction which used inputs from my other Txs and from the A! But the A already doesn't exist because it was double-spended for blockchain! And the Tx B looks like normal transaction (not double-spend!) because it has input from A transaction (other hash) - there is original TxID and its Tx was forgotten. Miners and full nodes think that they have the B transaction but didn't get a the A yet (other inputs refere to valid Txs of course). And this transaction hangs in mempool already three days and i cannot use other inputs! As a result of this - i as user cannot use other bitcoins already some days. I tried to archive account in Mycelium, wait 1-2 days and activate account again - and this "zombie" B Tx restored again (i see it happens because the Mycelium company has own bitcoin blockchain explorer which remembers this B Tx long time).I think it problem is not only of the Mycelium wallet software.While malleability will be in current protocol and the BIP62 doesn't work yet - any atacker will be able to make many shit to other user with wallet software - in this case there only one way to use bitcoin: to make one transaction in wallet -> wait until confirmation -> doing next transaction... It is stupid and very not comfortable way of bitcoin using.What do you think about this?P.S. I am as an advanced user exported xpriv key in Electrum and after this made new transaction and did double-spend of other inputs which were blocked by B Tx... But should what do not-advanced user? He will think that bitcoin sucks and he lost a money...

I updated Mycelium to v2.5.3 and I couldn't make 3-4tx in a row without being confirmed last tx, then try to send others, here what error I get when I try to send 2nd tx without being confirmed first one



As far as I know you could make tx from Mycelium without being confirmed or make tx like as much as you want before first, second .. tx without being confirmed, but I think these changes are from v.2.5.3 and I think it's better for begginers to wait until this attack is over or BIP62 or whatever is implemented to fix this issue/attack.

I updated Mycelium to v2.5.3 and I couldn't make 3-4tx in a row without being confirmed last tx, then try to send others, here what error I get when I try to send 2nd tx without being confirmed first one http://imgur.com/I7HDhQf which is bullshit as my wallet was synced !As far as I know you could make tx from Mycelium without being confirmed or make tx like as much as you want before first, second .. tx without being confirmed, but I think these changes are from v.2.5.3 and I think it's better for begginers to wait until this attack is over or BIP62 or whatever is implemented to fix this issue/attack.