Cheap way to attack blockchain - page 5.

Nancarrow

hero member

Activity: 492

Merit: 503

Quote from: amaclin on September 28, 2015, 04:03:08 AM

Quote from: letsplayagame on September 28, 2015, 03:47:31 AM

I wish more people understood this concept.
This type of testing is exactly what bitcoin needs to become stronger.
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.

What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.

So it now appears that my implicit defence of amaclin's character may have been premature.

No matter. Amaclin is still exposing shaky parts of the protocol, and doing so (so far) in an honest and transparent fashion, so regardless of the motivation, thanks!

basil00

member

Activity: 60

Merit: 10

I think I get it -- it's because K is known.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: basil00 on September 28, 2015, 08:48:10 AM

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

unsafe.
If I know (parts of signature) Z (digest) and K (random) I can get your private key.
k = ( digest + r . privkey ) / s
k . s = digest + r . privkey
k . s - digest = r . privkey
(k . s - digest) / r = privkey

Code:

const MyKey32 MyKey32::getPrivateKey ( const MyKey32& r, const MyKey32& s, const MyKey32& k, const MyKey32& z, const MyKey20& addr )
{
  static MyKey20 addr1;
  static MyKey20 addr2;
  MyKey32 priv = mul ( sub ( mul ( s, k ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  priv = mul ( sub ( mul ( s, sub ( order, k ) ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  xassert ( false );
}

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: basil00 on September 28, 2015, 08:43:09 AM

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer". I find it interesting, e.g. thinking of ways to attack it

I told a lot of times that bitcoin network consumes ~$1mln daily only for electricity to process 100k transactions.
So the cost for processing and securing one transaction is several dollars!
This kind of processing system can not survive in long term.
Because it is inefficient and can not be scaled.

basil00

member

Activity: 60

Merit: 10

Quote from: amaclin on September 28, 2015, 08:40:08 AM

Do you want to switch stealing-bot off just for testing?

Part of the test was to see if it would be stolen. The answer was "yes". That's OK, there was only 410bits ($0.10) in total.
Next test will protect each input with at least one real sig, so cannot be stolen. It is not quite as efficient though.

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

basil00

member

Activity: 60

Merit: 10

Quote from: amaclin on September 28, 2015, 04:03:08 AM

Nobody will pay for it. Because this is bitcoin.

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer". I find it interesting, e.g. thinking of ways to attack it

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: basil00 on September 28, 2015, 08:31:43 AM

The aim is to attack the 1.28GB bytes hashed limit for XT.
This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

Do you want to switch stealing-bot off just for testing?
You see - I play this game with my cards open to everyone

basil00

member

Activity: 60

Merit: 10

Quote from: amaclin on September 28, 2015, 12:11:14 AM

It is not possible to stole btc without a knowledge of private key.

My precious coins were protected by the script:

Code:

        OP_1,
        
        OP_DUP,
        OP_2DUP,
        OP_3DUP,
        OP_3DUP,
        OP_3DUP,
        OP_2DUP,
        OP_15,
        OP_CHECKMULTISIG,
        OP_NOT

To spend you need to find a signature that does not match the pubKey. To be extra sure the script checks 15 times

OK, it is really really easy to find such a signature. A 9 byte signature will do: 300602015202015301
The aim is to attack the 1.28GB bytes-hashed limit for XT. This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

Quote

How can you prove that you did not send the funds to my address to blacken my name?

OK, consider it compensation for the coinwallet spam.

RealMalatesta

legendary

Activity: 2338

Merit: 1124

Quote from: amaclin on September 28, 2015, 05:07:00 AM

Quote from: RealMalatesta on September 28, 2015, 04:42:24 AM

You mean... you really mean we all are part of one big digital church? Cool

1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

Well, I think Uncle Scrooge is a duck, too....

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: RealMalatesta on September 28, 2015, 04:42:24 AM

You mean... you really mean we all are part of one big digital church? Cool

1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

RealMalatesta

legendary

Activity: 2338

Merit: 1124

Quote from: amaclin on September 28, 2015, 04:20:02 AM

Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

You mean... you really mean we all are part of one big digital church? Cool

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: RealMalatesta on September 28, 2015, 04:14:03 AM

For just one second, you gave me some hope.
But then, I opened my purse and there still was no money in it someone could get Wink

Do you have any amount in any crypto? How and when you got it? Did you buy it paying fiat money?
Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

RealMalatesta

legendary

Activity: 2338

Merit: 1124

Quote from: amaclin on September 28, 2015, 04:09:17 AM

Yes. There are many ways to get money from your purse.

For just one second, you gave me some hope. But then, I opened my purse and there still was no money in it someone could get Wink

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: RealMalatesta on September 28, 2015, 04:05:48 AM

But there will be competitors who just wait for the right timing...

Yes. There are many ways to get money from your purse.
Bitcoin is not the first... And unfortunately not the last Grin

RealMalatesta

legendary

Activity: 2338

Merit: 1124

Quote from: amaclin on September 28, 2015, 12:24:45 AM

Quote from: edric on September 26, 2015, 01:40:18 AM

I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?

Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

But there will be competitors who just wait for the right timing...

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: letsplayagame on September 28, 2015, 03:47:31 AM

I wish more people understood this concept.
This type of testing is exactly what bitcoin needs to become stronger.
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.

What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.

letsplayagame

sr. member

Activity: 308

Merit: 250

Quote from: Nancarrow on September 23, 2015, 05:12:30 PM

Quote from: scriptman on September 20, 2015, 09:26:41 AM

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.

I wish more people understood this concept. This type of testing is exactly what bitcoin needs to become stronger. You have to think of different ways to attack bitcoin in order to develop better ways to defend it.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: edric on September 26, 2015, 01:37:39 AM

My name Boris. I pay 10k USD and 100 barrels oil you do this.
I want you take down evil tool of Western intelligence! We have deal?

Yes. PM me for details. Grin

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: edric on September 26, 2015, 01:40:18 AM

I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?

Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: basil00 on September 26, 2015, 12:37:58 AM

Damn, looks like Amaclin's bot stole my BTC. My tx even had a signature and everything Angry

Edit: I have a new version that uses at least one real sig

I can create an IsStandard tx that hashes >250MB, or in other words, only 5 tx to "fill" a XT 8MB block. Lucky I'm out of bits to play with.

This is a provocation.
This vile and filthy lie.
How can you prove that you did not send the funds to my address to blacken my name? Grin

Note: these btc were not stolen. It is not possible to stole btc without a knowledge of private key.

Topic: Cheap way to attack blockchain - page 5. (Read 28257 times)