ForexMinute.com – Transaction Malleability had recently become the foremost villain for cryptocurrencies, especially for Bitcoin whose frozen withdrawals led to the demise of Mt. Gox (although not proved yet). But as per the media have suggested, Transaction Malleability has been the lead cause due to which customers lost millions of dollars worth of Bitcoins.
As you can read the official wiki page, the transaction malleability is not a real problem in the Bitcoin protocol, but it is just a feature of decentralized systems where a transaction can have the same content (i.e. digital signature) but produce different hash. This has consequences that must be taken into account especially when you are writing software for the exchange system that have to do with the management of hundreds of transactions per minute.
How Transaction Malleability Takes Place?
An attacker modifies the digital signature of a transaction, and deforms it slightly without changing its meaning. Even changing a single bit in the signature would lead the generation of a completely different hash.
So it could happen that I send 1 BTC to someone, say my boss Jon, so I’m going to look at the state of the transaction on https://blockchain.info/tx/xxx, where ‘xxx’ is the hash of the transaction. This transaction, before entering the block chain, goes to many other people. One of them may marginally change my digital signature; the little that is enough to make it valid anyway. The small change causes a copy of the transaction, with a different hash, and is propagated in the network. Hopefully this copy enters the block chain before my transaction.
It must be said that this is not a problem for us mere mortals. All known Bitcoin client never actually used the hash to control our budget. Unfortunately Mt. Gox seems to suffer a lot with this problem, and it is hoped that their management software transactions can be adjusted.
To contact the writer of the article: Yashu Gola at email@example.com