1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <tamas@bitsofproof.com>) id 1YHquk-0000UK-ON
for bitcoin-development@lists.sourceforge.net;
Sun, 01 Feb 2015 09:33:58 +0000
X-ACL-Warn:
Received: from wp059.webpack.hosteurope.de ([80.237.132.66])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1YHqui-00084l-VL
for bitcoin-development@lists.sourceforge.net;
Sun, 01 Feb 2015 09:33:58 +0000
Received: from [37.143.74.116] (helo=[192.168.0.100]); authenticated
by wp059.webpack.hosteurope.de running ExIM with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16)
id 1YHquc-0005ai-Ao; Sun, 01 Feb 2015 10:33:50 +0100
From: Tamas Blummer <tamas@bitsofproof.com>
Content-Type: multipart/signed;
boundary="Apple-Mail=_32EFF217-B018-44CF-A0E9-1DC7C742830C";
protocol="application/pgp-signature"; micalg=pgp-sha512
Message-Id: <D89EBAA3-ED78-4D9C-B693-FBBF27501938@bitsofproof.com>
Date: Sun, 1 Feb 2015 10:33:48 +0100
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-bounce-key: webpack.hosteurope.de; tamas@bitsofproof.com; 1422783237;
7c51f473;
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [80.237.132.66 listed in list.dnswl.org]
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1YHqui-00084l-VL
Subject: [Bitcoin-development] var_int ambiguous serialization consequences
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 01 Feb 2015 09:33:58 -0000
--Apple-Mail=_32EFF217-B018-44CF-A0E9-1DC7C742830C
Content-Type: multipart/alternative;
boundary="Apple-Mail=_EC593710-1FB9-4AAB-92F0-A44D0068DF52"
--Apple-Mail=_EC593710-1FB9-4AAB-92F0-A44D0068DF52
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
I wonder of consequences if var_int is used in its longer than necessary =
forms (e.g encoding 1 as 0xfd0100 instead of 0x01)
This is already of interest if applying size limit to a block, since =
transaction count is var_int but is not part of the hashed header or the =
merkle tree.
It could also be used to create variants of the same transaction message =
by altered representation of txIn and txout counts, that would remain =
valid provided signatures validate with the shortest form, as that is =
created while re-serializing for signature hashing. An implementation =
that holds mempool by raw message hashes could be tricked to believe =
that a modified encoded version of the same transaction is a real double =
spend. One could also mine a valid block with transactions that have a =
different hash if regularly parsed and re-serialized. An SPV client =
could be confused by such a transaction as it was present in the merkle =
tree proof with a different hash than it gets for the tx with its own =
serialization or from the raw message.
Tamas Blummer
Bits of Proof
--Apple-Mail=_EC593710-1FB9-4AAB-92F0-A44D0068DF52
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>I =
wonder of consequences if var_int is used in its longer than necessary =
forms (e.g encoding 1 as 0xfd0100 instead of =
0x01)</div><div><br></div><div>This is already of interest if applying =
size limit to a block, since transaction count is var_int but is not =
part of the hashed header or the merkle =
tree.</div><div><br></div><div>It could also be used to create variants =
of the same transaction message by altered representation of txIn and =
txout counts, that would remain valid provided signatures validate with =
the shortest form, as that is created while re-serializing for signature =
hashing. An implementation that holds mempool by raw message hashes =
could be tricked to believe that a modified encoded version of the same =
transaction is a real double spend. One could also mine a valid block =
with transactions that have a different hash if regularly parsed and =
re-serialized. An SPV client could be confused by such a transaction as =
it was present in the merkle tree proof with a different hash than it =
gets for the tx with its own serialization or from the raw =
message.</div><br><div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">Tamas =
Blummer</div><div style=3D"color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;">Bits of Proof</div><div style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;"><br></div></div></body></html>=
--Apple-Mail=_EC593710-1FB9-4AAB-92F0-A44D0068DF52--
--Apple-Mail=_32EFF217-B018-44CF-A0E9-1DC7C742830C
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJUzfL8AAoJEPZykcUXcTkcwTAH/1ZnaqjpmLGGtEim0vLPb9D8
b9COVLIoEJ7VKiLIQ8+sSTZcuo6W0k9BCoZbWdZi/NN3Yag2QSzD1AD6bvLhHAuL
F600XHuHkFtpl2k2a2zNfYuGM7zn71eChTwiJwld6jEjqsILZi1O7ZMgOWRbEJzm
3HS9tRPmX9pW4CbQZNw38+kKtpDc2WraN66HWz89oW5vRn4EKV6QLbRT4ggDyrvW
mLBXn2TV/JQ0qQfB97Q8hmxl6FgOtNrpjAIqcNt+7Pe8A3wshi3SiJYhTTa25vaq
RZTZpQKhyOxJy9zF1baLZOPywbSj3CyMouNoohtcBhGBjHIBKtote0I8RWrtA6M=
=EoXH
-----END PGP SIGNATURE-----
--Apple-Mail=_32EFF217-B018-44CF-A0E9-1DC7C742830C--
|
