Author: Tim Ruffing 2018-02-15 21:57:41
Published on: 2018-02-15T21:57:41+00:00
In an email exchange between Natanael and Tim, they discuss a potential attack on Bitcoin's commitment scheme. In situation A, where commitments never expire and there is no limit on the number of commitments for the same UTXO, an attacker can block an honest user's transaction from confirming and make their own commitment and transaction. However, if the attacker inserts their own malicious commitment and decommitment, the miners will see two commitments but only one valid decommitment, which may have been sent by the attacker but still needs to be chal. The decommitment is unique to the UTXO and does not depend on the commitment, so the attacker cannot send a different decommitment. Ultimately, the honest commitment wins and the attacker is unsuccessful.
Updated on: 2023-06-13T00:29:06.171399+00:00