Signed by the key pair that was referenced in the output of the on-chain transaction? (Bob in my example, actually) Doesn't that mean it's easy to follow who is paying whom, you just can't see how much is going to reach recipient?
This troll is harmless. A duplicate spend proof should also be signed
by the same user (Alice, in your example) to be considered a double
spend.
2016-08-09 3:18 GMT+03:00 James MacWhyte <macwhyte@gmail.com>:
> One more thought about why verification by miners may be needed.
>
> Let's say Alice sends Bob a transaction, generating output C.
>
> A troll, named Timothy, broadcasts a transaction with a random hash,
> referencing C's output as its spend proof. The miners can't tell if it's
> valid or not, and so they include the transaction in a block. Now Bob's
> money is useless, because everyone can see the spend proof referenced and
> thinks it has already been spent, even though the transaction that claims it
> isn't valid.
>
> Did I miss something that protects against this?
>