Author: vjudeu 2021-05-15 10:21:00
Published on: 2021-05-15T10:21:00+00:00
Alice owns a taproot address with private key "a" and public key "a*G". Bob wants to steal Alice's coins and he knows "a*G" by exploring the chain and looking for P2TR outputs. To take Alice's funds, Bob creates a taproot address "(b-a)*G" and sends some small amount to this address. Bob then creates a transaction with two inputs, taking coins from "a*G" and "(b-a)*G" addresses. He needs to produce a signature matching the sum of the public keys used in taproot, which is "(a+b-a)*G", reduced to "b*G". Bob uses his "b" private key to produce Schnorr signature. However, there may be protection from this attack. One solution could be to use a multisignature setup, where both Alice and Bob need to sign off on any transaction. Another solution could be to use a timelock, where Alice can wait for a certain period of time before allowing any transactions to occur. Additionally, Alice could use coin control features to ensure that her coins are not vulnerable to such attacks. It is important for users to be aware of these potential attacks and take proper precautions to protect their assets.
Updated on: 2023-05-21T02:30:04.683449+00:00