5

The Bitcoin protocol does not require the payee to sign for a payment; only the payer signs (the payer signs a hash of the payee and payer's public keys). In other words, a payee signature is not required for a transaction to be added to the Ledger.

So wouldn't the following kind of smear attack be possible?

(If you're a Democrat, insert "Koch Brothers" for the Attacker; if you're a Republican, insert George Soros; etc.)

  1. Victim runs for public office.
  2. Attacker easily figures out Victim's public key(s) from the Bitcoin Ledger and other sources.
  3. Attacker makes lots of big, expensive Bitcoin payments to Victim's public key(s) from mysterious payer public keys that are not (easily) traceable to the Attacker.
  4. Attacker tips off Fox News/MSNBC/etc that Victim has been receiving enormous, shady Bitcoin payments, and all they have to do to verify this is look in the Ledger.
  5. Victim's candidacy becomes engulfed in Fear, Uncertainty, and Doubt, and Victim's polls plummet.
  6. Victim withdraws candidacy for public office long before the election.

Q1: Am I missing something, or does Bitcoin make this possible?

Q2: If it is possible, couldn't it be fixed by only accepting payments in the Ledger that are signed by both the payer and the payee?

TMIA.

rbondi
  • 51
  • 2
  • Related: http://bitcoin.stackexchange.com/questions/20362/how-can-i-tell-whether-transactions-were-not-made-via-bitpay-coinbase – Nate Eldredge Jan 28 '14 at 12:02

1 Answers1

7

The victim could send any "shady" or unauthorized donation back to the originating address, and the refund would be just as public as the initial donation. The process could also be automated with a custom wallet software, so that, for example, all donations above a certain amount which are not explicitly approved are automatically refunded after x days.

sp00n
  • 71
  • 2
  • I really like the 'auto-refund' concept. You could also 'black-list' payment addresses and auto-refund money received from these. – AndyM Feb 17 '14 at 19:21