Pages:
Author

Topic: Cheap way to attack blockchain - page 5. (Read 28257 times)

hero member
Activity: 492
Merit: 503
October 02, 2015, 07:28:16 AM
#54
I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.


So it now appears that my implicit defence of amaclin's character may have been premature.

No matter. Amaclin is still exposing shaky parts of the protocol, and doing so (so far) in an honest and transparent fashion, so regardless of the motivation, thanks!
member
Activity: 60
Merit: 10
September 28, 2015, 09:06:08 AM
#53
I think I get it -- it's because K is known.
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 09:01:46 AM
#52
BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

unsafe.
If I know (parts of signature) Z (digest) and K (random) I can get your private key.
k = ( digest + r . privkey ) / s
k . s = digest + r . privkey
k . s - digest = r . privkey
(k . s - digest) / r = privkey

Code:
const MyKey32 MyKey32::getPrivateKey ( const MyKey32& r, const MyKey32& s, const MyKey32& k, const MyKey32& z, const MyKey20& addr )
{
  static MyKey20 addr1;
  static MyKey20 addr2;
  MyKey32 priv = mul ( sub ( mul ( s, k ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  priv = mul ( sub ( mul ( s, sub ( order, k ) ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  xassert ( false );
}
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 08:51:57 AM
#51
Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it Smiley
I told a lot of times that bitcoin network consumes ~$1mln daily only for electricity to process 100k transactions.
So the cost for processing and securing one transaction is several dollars!
This kind of processing system can not survive in long term.
Because it is inefficient and can not be scaled.
member
Activity: 60
Merit: 10
September 28, 2015, 08:48:10 AM
#50
Do you want to switch stealing-bot off just for testing?

Part of the test was to see if it would be stolen.  The answer was "yes".  That's OK, there was only 410bits ($0.10) in total.
Next test will protect each input with at least one real sig, so cannot be stolen.  It is not quite as efficient though.

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?
member
Activity: 60
Merit: 10
September 28, 2015, 08:43:09 AM
#49
Nobody will pay for it. Because this is bitcoin.

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it Smiley
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 08:40:08 AM
#48
The aim is to attack the 1.28GB bytes hashed limit for XT.  
This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.
Do you want to switch stealing-bot off just for testing?
You see - I play this game with my cards open to everyone
member
Activity: 60
Merit: 10
September 28, 2015, 08:31:43 AM
#47
It is not possible to stole btc without a knowledge of private key.

My precious coins were protected by the script:
Code:
        OP_1,
        
        OP_DUP,
        OP_2DUP,
        OP_3DUP,
        OP_3DUP,
        OP_3DUP,
        OP_2DUP,
        OP_15,
        OP_CHECKMULTISIG,
        OP_NOT
To spend you need to find a signature that does not match the pubKey.  To be extra sure the script checks 15 times Smiley
OK, it is really really easy to find such a signature.  A 9 byte signature will do: 300602015202015301
The aim is to attack the 1.28GB bytes-hashed limit for XT.  This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

Quote
How can you prove that you did not send the funds to my address to blacken my name?

OK, consider it compensation for the coinwallet spam. Smiley
legendary
Activity: 2338
Merit: 1124
September 28, 2015, 06:43:55 AM
#46
You mean... you really mean we all are part of one big digital church?  Cool
1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

Well, I think Uncle Scrooge is a duck, too....
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 05:07:00 AM
#45
You mean... you really mean we all are part of one big digital church?  Cool
1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.
legendary
Activity: 2338
Merit: 1124
September 28, 2015, 04:42:24 AM
#44
Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

You mean... you really mean we all are part of one big digital church?  Cool
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 04:20:02 AM
#43
For just one second, you gave me some hope.
But then, I opened my purse and there still was no money in it someone could get  Wink
Do you have any amount in any crypto? How and when you got it? Did you buy it paying fiat money?
Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.
legendary
Activity: 2338
Merit: 1124
September 28, 2015, 04:14:03 AM
#42
Yes. There are many ways to get money from your purse.

For just one second, you gave me some hope. But then, I opened my purse and there still was no money in it someone could get  Wink
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 04:09:17 AM
#41
But there will be competitors who just wait for the right timing...
Yes. There are many ways to get money from your purse.
Bitcoin is not the first... And unfortunately not the last  Grin
legendary
Activity: 2338
Merit: 1124
September 28, 2015, 04:05:48 AM
#40
I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

But there will be competitors who just wait for the right timing...
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 04:03:08 AM
#39
I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.
sr. member
Activity: 308
Merit: 250
September 28, 2015, 03:47:31 AM
#38
You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.



I wish more people understood this concept.  This type of testing is exactly what bitcoin needs to become stronger.  You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 01:25:46 AM
#37
My name Boris.  I pay 10k USD and 100 barrels oil you do this.  
I want you take down evil tool of Western intelligence!  We have deal?
Yes. PM me for details.  Grin
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 12:24:45 AM
#36
I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.
legendary
Activity: 1260
Merit: 1019
September 28, 2015, 12:11:14 AM
#35
Damn, looks like Amaclin's bot stole my BTC.  My tx even had a signature and everything Angry
Edit: I have a new version that uses at least one real sig Smiley  I can create an IsStandard tx that hashes >250MB, or in other words, only 5 tx to "fill" a XT 8MB block.  Lucky I'm out of bits to play with.

This is a provocation.
This vile and filthy lie.
How can you prove that you did not send the funds to my address to blacken my name?  Grin

Note: these btc were not stolen. It is not possible to stole btc without a knowledge of private key.
Pages:
Jump to: