Cheap way to attack blockchain

[amaclin]

But there will be competitors who just wait for the right timing...

Yes. There are many ways to get money from your purse.
Bitcoin is not the first... And unfortunately not the last 

[1713491101]

1713491101

[1713491101]

1713491101

[1713491101]

1713491101

[RealMalatesta]

Yes. There are many ways to get money from your purse.

For just one second, you gave me some hope. But then, I opened my purse and there still was no money in it someone could get 

[amaclin]

For just one second, you gave me some hope.
But then, I opened my purse and there still was no money in it someone could get  

Do you have any amount in any crypto? How and when you got it? Did you buy it paying fiat money?
Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

[RealMalatesta]

Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

You mean... you really mean we all are part of one big digital church? 

[amaclin]

You mean... you really mean we all are part of one big digital church? 

1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

[RealMalatesta]

You mean... you really mean we all are part of one big digital church? 

1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

Well, I think Uncle Scrooge is a duck, too....

[basil00]

It is not possible to stole btc without a knowledge of private key.

My precious coins were protected by the script:

Code:

       OP_1,
        <pubKey>
        OP_DUP,
        OP_2DUP,
        OP_3DUP,
        OP_3DUP,
        OP_3DUP,
        OP_2DUP,
        OP_15,
        OP_CHECKMULTISIG,
        OP_NOT

To spend you need to find a signature that does not match the pubKey.  To be extra sure the script checks 15 times
OK, it is really really easy to find such a signature.  A 9 byte signature will do: 300602015202015301
The aim is to attack the 1.28GB bytes-hashed limit for XT.  This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

How can you prove that you did not send the funds to my address to blacken my name?

OK, consider it compensation for the coinwallet spam.

[amaclin]

The aim is to attack the 1.28GB bytes hashed limit for XT.  
This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

Do you want to switch stealing-bot off just for testing?
You see - I play this game with my cards open to everyone

[basil00]

Nobody will pay for it. Because this is bitcoin.

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it

[basil00]

Do you want to switch stealing-bot off just for testing?

Part of the test was to see if it would be stolen.  The answer was "yes".  That's OK, there was only 410bits ($0.10) in total.
Next test will protect each input with at least one real sig, so cannot be stolen.  It is not quite as efficient though.

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

[amaclin]

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it

I told a lot of times that bitcoin network consumes ~$1mln daily only for electricity to process 100k transactions.
So the cost for processing and securing one transaction is several dollars!
This kind of processing system can not survive in long term.
Because it is inefficient and can not be scaled.

[amaclin]

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

unsafe.
If I know <R,S> (parts of signature) Z (digest) and K (random) I can get your private key.
k = ( digest + r . privkey ) / s
k . s = digest + r . privkey
k . s - digest = r . privkey
(k . s - digest) / r = privkey

Code:

const MyKey32 MyKey32::getPrivateKey ( const MyKey32& r, const MyKey32& s, const MyKey32& k, const MyKey32& z, const MyKey20& addr )
{
  static MyKey20 addr1;
  static MyKey20 addr2;
  MyKey32 priv = mul ( sub ( mul ( s, k ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  priv = mul ( sub ( mul ( s, sub ( order, k ) ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  xassert ( false );
}

[basil00]

I think I get it -- it's because K is known.

[Nancarrow]

I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.

What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.

So it now appears that my implicit defence of amaclin's character may have been premature.

No matter. Amaclin is still exposing shaky parts of the protocol, and doing so (so far) in an honest and transparent fashion, so regardless of the motivation, thanks!

[Zombier0]

The day bitcoin starts blacklisting will be the end of it

[amaclin]

The day bitcoin starts blacklisting will be the end of it

Not so sure.
The main thesis is "Nobody cares".
What would you do if most of major pools blacklist an address and publish a note that address belongs to a killer?
You will do nothing. You even will not ask a proof for this statement.

[tommorisonwebdesign]

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking. Then, you could write a script to steal somebody's private keys. Otherwise There may not be a lot of exploits in the network. People try and get nowhere.

[amaclin]

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking.

Why can not you do it whether you are not the OP?

[shorena]

The day bitcoin starts blacklisting will be the end of it

So its dead[1] already?

[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

[amaclin]

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.