Bitcoin Forum
December 18, 2017, 07:12:02 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
Author Topic: Cheap way to attack blockchain  (Read 27915 times)
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 09:09:17 AM
 #41

But there will be competitors who just wait for the right timing...
Yes. There are many ways to get money from your purse.
Bitcoin is not the first... And unfortunately not the last  Grin
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 09:14:03 AM
 #42

Yes. There are many ways to get money from your purse.

For just one second, you gave me some hope. But then, I opened my purse and there still was no money in it someone could get  Wink
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 09:20:02 AM
 #43

For just one second, you gave me some hope.
But then, I opened my purse and there still was no money in it someone could get  Wink
Do you have any amount in any crypto? How and when you got it? Did you buy it paying fiat money?
Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 09:42:24 AM
 #44

Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

You mean... you really mean we all are part of one big digital church?  Cool
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 10:07:00 AM
 #45

You mean... you really mean we all are part of one big digital church?  Cool
1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 11:43:55 AM
 #46

You mean... you really mean we all are part of one big digital church?  Cool
1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

Well, I think Uncle Scrooge is a duck, too....
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 01:31:43 PM
 #47

It is not possible to stole btc without a knowledge of private key.

My precious coins were protected by the script:
Code:
       OP_1,
        <pubKey>
        OP_DUP,
        OP_2DUP,
        OP_3DUP,
        OP_3DUP,
        OP_3DUP,
        OP_2DUP,
        OP_15,
        OP_CHECKMULTISIG,
        OP_NOT
To spend you need to find a signature that does not match the pubKey.  To be extra sure the script checks 15 times Smiley
OK, it is really really easy to find such a signature.  A 9 byte signature will do: 300602015202015301
The aim is to attack the 1.28GB bytes-hashed limit for XT.  This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

Quote
How can you prove that you did not send the funds to my address to blacken my name?

OK, consider it compensation for the coinwallet spam. Smiley
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 01:40:08 PM
 #48

The aim is to attack the 1.28GB bytes hashed limit for XT.  
This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.
Do you want to switch stealing-bot off just for testing?
You see - I play this game with my cards open to everyone
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 01:43:09 PM
 #49

Nobody will pay for it. Because this is bitcoin.

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it Smiley
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 01:48:10 PM
 #50

Do you want to switch stealing-bot off just for testing?

Part of the test was to see if it would be stolen.  The answer was "yes".  That's OK, there was only 410bits ($0.10) in total.
Next test will protect each input with at least one real sig, so cannot be stolen.  It is not quite as efficient though.

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 01:51:57 PM
 #51

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it Smiley
I told a lot of times that bitcoin network consumes ~$1mln daily only for electricity to process 100k transactions.
So the cost for processing and securing one transaction is several dollars!
This kind of processing system can not survive in long term.
Because it is inefficient and can not be scaled.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 02:01:46 PM
 #52

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

unsafe.
If I know <R,S> (parts of signature) Z (digest) and K (random) I can get your private key.
k = ( digest + r . privkey ) / s
k . s = digest + r . privkey
k . s - digest = r . privkey
(k . s - digest) / r = privkey

Code:
const MyKey32 MyKey32::getPrivateKey ( const MyKey32& r, const MyKey32& s, const MyKey32& k, const MyKey32& z, const MyKey20& addr )
{
  static MyKey20 addr1;
  static MyKey20 addr2;
  MyKey32 priv = mul ( sub ( mul ( s, k ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  priv = mul ( sub ( mul ( s, sub ( order, k ) ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  xassert ( false );
}
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 02:06:08 PM
 #53

I think I get it -- it's because K is known.
Nancarrow
Hero Member
*****
Offline Offline

Activity: 494


View Profile
October 02, 2015, 12:28:16 PM
 #54

I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.


So it now appears that my implicit defence of amaclin's character may have been premature.

No matter. Amaclin is still exposing shaky parts of the protocol, and doing so (so far) in an honest and transparent fashion, so regardless of the motivation, thanks!

If I've said anything amusing and/or informative and you're feeling generous:
1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
Zombier0
Sr. Member
****
Offline Offline

Activity: 435


View Profile
October 08, 2015, 08:14:46 PM
 #55

The day bitcoin starts blacklisting will be the end of it

amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
October 08, 2015, 08:24:39 PM
 #56

The day bitcoin starts blacklisting will be the end of it
Not so sure.
The main thesis is "Nobody cares".
What would you do if most of major pools blacklist an address and publish a note that address belongs to a killer?
You will do nothing. You even will not ask a proof for this statement.
tommorisonwebdesign
Sr. Member
****
Offline Offline

Activity: 448



View Profile
October 08, 2015, 10:07:52 PM
 #57

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking. Then, you could write a script to steal somebody's private keys. Otherwise There may not be a lot of exploits in the network. People try and get nowhere.

Signatures? How about learning a skill... I don't care either way. Everybody has to make a living somehow.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
October 09, 2015, 04:04:26 AM
 #58

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking.
Why can not you do it whether you are not the OP?
shorena
Legendary
*
Offline Offline

Activity: 1400


ALL escrow is signed! https://keybase.io/verify


View Profile WWW
October 09, 2015, 11:44:52 AM
 #59

The day bitcoin starts blacklisting will be the end of it

So its dead[1] already?

[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
October 09, 2015, 12:00:38 PM
 #60

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.

Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!