Transcript for #bitcoin-dev 2017/03/11

19:21 tarantulae Hi, does anyone have a pointer or some more info regarding the security of using only hash challenge alone for ScriptPubKey ?
19:22 tarantulae I read that it is not safe, but isn't the security of this guaranteed by a hash function without a known pre-image attack ?
19:34 arubi tarantulae, the moment you broadcast the redeem script for such a scriptpubkey, anyone can use the same preimage and re-create a transaction that pays to them instead
19:35 arubi without a signature, your preimage becomes replay-able
19:37 tarantulae arubi: it's a matter of timing then right ? there are no guarantees that even if you are the first to broadcast the redeem script, you'll not get it right ? I think I got it.
19:38 tarantulae some node may get your broadcast and then keep it hideen and broadcast another one for him with the same pre-image.
19:38 arubi transactions are only ordered by blocks
19:39 arubi what happens in between isn't important (ignoring how having free bitcoins 1 might also make re-orgs more profitable)
19:40 arubi so yes, you can't rely on being first. you have to sign what you relay because that's the only way to keep it from being messed with
19:40 tarantulae thanks, I got it !
19:40 arubi that's not to say you can't get away with using only hash functions to sign it, but I don't think there's anything implemented to support that yet :)
19:40 arubi welcome