Tx hijack to modify output

[toast]

I dug around in the code a bit, I'm guessing it's part of CScriptCheck:

https://github.com/bitcoin/bitcoin/blob/master/src/main.cpp#L1341

called from CheckInputs right below

[dacer]

toast, I read through the wiki and also peaked some code in the reference client implementation. It seems there is no tx integrity check at all, in other words, a miner seems able to modify tx's outputs. Merckle tree doesn't seem to prevent this from happening.

[toast]

I believe it's a separate field. Check out this page: https://en.bitcoin.it/wiki/Transactions

[dacer]

Thank you, toast, I didn't know each tx has its own signature. is it part of the tx hash?

[toast]

The signature on the transaction won't be valid. Very roughly speaking, a signature is like "decrypting" the plaintext message with the private key. Then anyone can check if the transaction is valid by "encrypting" the signature with the public key and checking that it matches the original message.

[dacer]

I probably should have asked the question somewhere else, but I feel people here may also want to help me understand this little tech-detail.

I was wondering the whole afternoon today whether it's possible for a peer to change transaction outputs (so all money goes to a middleman address) before relaying the modified version of the transaction to the network? I don't see any mechanism to guarantee the integrity of transactions. This seems to be a problem especially when a client connects just to a couple of peers.