Bitcoin Forum

going to need a little more than that from someone who's already raised questionable alarms before

You mean outright fraudulent alarms. You note even here he says "probably".

I call bullshit.  Real cryptanalysis is specific.

Even though I am a person who is willing to help in most cases, I have never expected such a "direct" response from the community.
And as the community seems not to honor my work, well - then I will just shut up about it at all.

I mean I could ask someone of you to post a text along with a signed signature from one of your wallets so I can generate dozens of other valid signatures for it, but I am not sure if this will change my mind at all.
I can demonstrate it if you want, but with this kind of response I will definitely not invest a single minute in explaining the complex mathematics behind it.

13SdzWe5JCASoyvXr4kAgGnB6n3PNPSSQe

This is my amazing note.

HMzLVDA8Nsf79Le1JHHqD7Uc0MXvCERLalWpJrqWe9KGDWhD38W41oDkeix92jP2RBCmMgkerkYkvZcu+Kmm8Zw=

But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.

Ok, I'm mathematically minded - what do you want me to do exactly - please post clear reproducible instructions and I'll give it a go...

Just sign a message with a btc address, and post message + signature + public key (the "address") - just as Automatic did.

Hello Everyone!

It was hard to miss the recent implications of the transaction malleability issue, in which context for example nearly all MtGox funds were lost. Now the simple idea was to take the negative value of a part of the signature which also resultet in a valid signature (at least in the bitcoin implementation which falsely accepts this non-standard type of signatures).

I have probably found a way to resign "already signed" messages with perfectly correct signatures. Filtering for these typical "transaction malleability signatures" will therefore be not enough. Now the problem might be huge and not just solved by filtering out these "changed and non-standard signatures".

If you like we can discuss these issues here.

So what's up? Do we have devcon 1 or is this just an alarm drill?

It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...

This means if his Asperger turns out misunderstood genius, sha256 is basically broken? Is there a way we can "easily" follow/confirm his claim?

WHAT KIND OF COMMUNITY IS THIS???

I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?

How can this be? Don't you guys think this is unfair?

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.

I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.

This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.

I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.

You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.

sig : Hzkosd/No+cUbW8WvUdJvgCIV0F4xkPVKk2anyMp7NPedJkcmg/VD8BrAgGGuaP52tlsCv/csnAcpmTNDc3YH6A=

message : This is my Transaction Malleability Reloaded message

address : 1JuRLLT7YrtPKWooSPsuqgFU2EHSCN6Hdq

Well if he posts a message that I can verify as signed my me - then yeah shit hits the fan. Probability is low though but you can't rule out a mule (isaac asimov :) )

[edit] and then we would need to know how he did it... yeah

[edit2] even if he did manage to post a message that I could verify as signed by me - it's more likely to be a a 'feature' in bitcoin qt 0.8.6 rather than a crack for sha256...

But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.

What you do not seem to understand at all, is that these claim i make are not bogus. Just because you cannot understand them, this doesn't mean they are not present.
I cannot judge to what degree this is a potential thread, whan I can say is that all I am saying is 100% right.

You seem to be a very arrogant person, who blames anyone who has contrary opinions to you. Not sure why you are this way, but this disencourages people to help auditing the bitcoin code at all (even if they are wrong sometimes).

If all bitcoin-qt developers are so ignorant and arrogant like you are, I am not surprised why the transaction malleability was ignored for such a long time causing users to lose over 800000 BTC. Maybe you just ignored it because you felt that all "code auditers" where just spreading FUD and should therefore just shut the fuck up. I mean this issue was known for a long time, did it?

I understand that you might have some problem accepting people thinking differently than you do, but don't you think that you have some kind of responsibility (to the users) to listen to everyone and (more importantly) be thankful to anyone trying to help, instead of seeing you as the king and looking down on everyone else?

What would SHA256 has anything to do with this? This is curve related (secp256k1)

He also claims to have found a flaw in Nxt and wanted money before he writes the code to exploit it.

https://bitcointalk.org/index.php?topic=345619.msg5663483#msg5663483

I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?

No, you got a bad trust rating because you continually cry wolf without any evidence to back up your claims. You said you could provide valid sigs for posted messages as an example of the flaw you found.  There are numerous signed messages posted in this thread.  Put up or shut up.

IDHNVL6lJx04wYMjBU5yJG5OcGUUiRpRWYyzgyrySufLDOFYaIIbnFtSCyz3q6mT9iqXOjWtqStXwUF 5PvjewBo=

1D4LM66YwaoqcfHF1366pqvxvxHxvq66EZ

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.

Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?

funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.

Sorry guys, I was in the NXT thread. There, people also laughed at me when I tried to talk about a potential issue a few weeks ago, now I collected a 100,000 NXT bounty for identifying the bug.

I will be back shortly, to finish up this demonstration here.

Well, whenever you sign a message/transaction/block you have to pick some random k value. If you ever pick k twice the same, people can recover your private key, so you are advised to pick it completely randomly. In this example k was picked to be 908.

Take the following python example program.

  def halve( self ):

Point Havling is trivial, it is just multiplying by the "multiplicative inverse to the modulo group order of G of 2".

Now we can create a modified message, which will lead in the same signature WITHOUT KNOWING THE PRIVATE KEY!
Although this signature is the same it will (in this example) not get verified correctly. But with some "formula bingo" you can create a different signature which WILL validate.

I need some time on this to fully get a "out of the box runnable" proof of concept. But it really disencourages people, when there are some guys who give you bad ratings. In fact I will only continue working on this, when the User who rated me bad for this topic, removes his rating.