Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <arthur.gervais@inf.ethz.ch>) id 1Us9Yy-0006Kg-7c
	for bitcoin-development@lists.sourceforge.net;
	Thu, 27 Jun 2013 10:36:28 +0000
X-ACL-Warn: 
Received: from edge10.ethz.ch ([82.130.75.186])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES128-SHA:128)
	(Exim 4.76) id 1Us9Yt-0004Pp-S8
	for bitcoin-development@lists.sourceforge.net;
	Thu, 27 Jun 2013 10:36:28 +0000
Received: from CAS12.d.ethz.ch (172.31.38.212) by edge10.ethz.ch
	(82.130.75.186) with Microsoft SMTP Server (TLS) id 14.2.298.4;
	Thu, 27 Jun 2013 12:23:31 +0200
Received: from [10.0.1.2] (192.33.93.28) by mail.ethz.ch (172.31.38.212) with
	Microsoft SMTP Server (TLS) id 14.2.298.4;
	Thu, 27 Jun 2013 12:23:34 +0200
Message-ID: <51CC12A6.3090100@inf.ethz.ch>
Date: Thu, 27 Jun 2013 12:23:34 +0200
From: Arthur Gervais <arthur.gervais@inf.ethz.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
	rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: <bitcoin-development@lists.sourceforge.net>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [192.33.93.28]
X-Spam-Score: -1.3 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
X-Headers-End: 1Us9Yt-0004Pp-S8
Cc: Ghassan Karame <ghassan@karame.org>, Hubert Ritzdorf <rihubert@inf.ethz.ch>
Subject: [Bitcoin-development] Double-Spending Fast Payments in Bitcoin due
	to Client versions 0.8.1
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 10:36:28 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Bitcoin developers,

We would like to report a vulnerability which might lead, under some
assumptions, to a double-spending attack in a fast payment scenario.
The vulnerability has been introduced due to signature encoding
incompatibilities between versions 0.8.2 (or 0.8.3) and earlier
Bitcoin versions.

Please find at the following link a detailed description of this
vulnerability:
ftp://ftp.inf.ethz.ch/pub/publications/tech-reports/7xx/789.pdf

We contacted and informed Gavin earlier about this problem.

With best regards,
Arthur Gervais
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRzBKLAAoJEI2AYXeasI8/eNYH/2b45o8JPjuiOXeE0MgiYO4g
HgGorNBvH3hLlSZkGh/7GxeGWi3tiEq8DKAgqFd8p+1Ay4YVHK86jJMBxAc8lzpx
TqS6Szrhlx7slamMGhjeem4BJ2RmfVqSRQjidYxwdee8bMQRVH5DiBzndpZwCeHa
AvlP8ojTUFozOJs5PvjEqE+sDKDe5nDC96uiZyMROK8neoiLZpJzV3+ScTUjLCeB
zg34wttX80WKpkXJFvq88FTIvO5E42NGP3APnt2J/HZcey4Mi9UIhLt+/TJ7Z07l
HuxFlzyXdCgRkJWvU13yn8bUP0cbeoox6Cwn7rDAIisVLn4KB9XPThPjfJbKEkg=
=Y6bs
-----END PGP SIGNATURE-----