steal the reward before the transaction is included in a block?

[ohadcn]

I just read the explanation and something is not making sense for me. privkey = secret_derivation(data) pubkey = key_derive(privkey) shared_key = hash(pubkey) address = pubkey_to_addr(pubkey) published_file = aes_encrypt(data, shared_key )

when the publisher claims the payment, he publish a transaction claiming the funds in address, hence he publish the pubkey.

what prevents an attacker from taking the pubkey from the transaction before it is included in a block (transaction takes usually ~10 minutes to be included in a block, during this time the transaction is publicly visible but can be replaced by another transaction) and calculate: shared_key = hash(pubkey) data = aes_decrypt(published_file , shared_key ) privkey = secret_derivation(data) now the attacker takes the privkey and publish another transaction which spend the the same coins to the attacker address - probably with a bit more fees than the publisher gave, so miners will prefer the attacker transaction - and hope the attacker transaction will be included in the block.

Why not to use just secure random private key?