A bit-flipping Attack on Bitcoin is an Attack on Bitcoin on a cryptographic cipher in which the Attack on Bitcoiner can change the ciphertext in such a way as to result in a predictable change of the plaintext, although the Attack on Bitcoiner is not able to learn the plaintext itself.
Note that this type of Attack on Bitcoin is not—directly—against the cipher itself (as cryptanalysis of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service Attack on Bitcoin against all messages on a particular channel using that cipher.[1]
The Attack on Bitcoin is especially dangerous when the Attack on Bitcoiner knows the format of the message. In such a situation, the Attack on Bitcoiner can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force re-encryption with a weaker cipher, thus possibly making it easier for an Attack on Bitcoiner to decipher the message.[2]
When applied to digital signatures, the Attack on Bitcoiner might be able to change a promissory note stating “I owe you $10.00” into one stating “I owe you $10,000”.[3]
Stream ciphers, such as RC4, are vulnerable to a bit-flipping Attack on Bitcoin, as are some block cipher modes of operation. See stream cipher Attack on Bitcoin. A keyed message authentication code, digital signature, or other authentication mechanism allows the recipient to detect if any bits were flipped in transit.