Bitcoin Forum
May 24, 2019, 08:33:43 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 ... 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [64] 65 »
  Print  
Author Topic: Nxt source code flaw reports  (Read 113094 times)
farl4web
Legendary
*
Offline Offline

Activity: 1200
Merit: 1000


aka farl4bit aka farl


View Profile WWW
March 22, 2014, 06:49:40 PM
 #1261

Thanx a lot Evil-Knievel! Enjoy your 100K!

Follow the latest blockchain news: https://twitter.com/blockchainguide
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558730023
Hero Member
*
Offline Offline

Posts: 1558730023

View Profile Personal Message (Offline)

Ignore
1558730023
Reply with quote  #2

1558730023
Report to moderator
1558730023
Hero Member
*
Offline Offline

Posts: 1558730023

View Profile Personal Message (Offline)

Ignore
1558730023
Reply with quote  #2

1558730023
Report to moderator
1558730023
Hero Member
*
Offline Offline

Posts: 1558730023

View Profile Personal Message (Offline)

Ignore
1558730023
Reply with quote  #2

1558730023
Report to moderator
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1274
Merit: 1160



View Profile
March 22, 2014, 06:52:04 PM
Last edit: April 15, 2016, 01:08:30 PM by Evil-Knievel
 #1262

This message was too old and has been purged
BloodyRookie
Hero Member
*****
Offline Offline

Activity: 684
Merit: 500


View Profile
March 22, 2014, 06:56:49 PM
 #1263

Sure, the private key is just the number of times you incremented your Public Key by 9 (which has to be set to 9 itself in the beginning).

Check your comment in the core function of Curve25519.java.

Code:
/* P = kG   and  s = sign(P)/k  */

The public key is just a k * G ( G = 9 = basepoint). k is directly proportional to s which is the private key for signing.

P=kG means skalar multiplication on curve25519, not multiplying integers.

Nothing Else Matters
NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ
NXT: 11095639652683007953
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1274
Merit: 1160



View Profile
March 22, 2014, 06:58:36 PM
Last edit: April 15, 2016, 02:13:54 PM by Evil-Knievel
 #1264

This message was too old and has been purged
jkoil
Hero Member
*****
Offline Offline

Activity: 679
Merit: 501


View Profile
March 22, 2014, 07:27:46 PM
 #1265

I can only imagine this to be the flaw:

Code:
if (lastBlock.getHeight() < Constants.TRANSPARENT_FORGING_BLOCK) {
                byte[] generationSignature = Crypto.sign(lastBlock.getGenerationSignature(), secretPhrase);
                generationSignatureHash = digest.digest(generationSignature);
            } else {
                digest.update(lastBlock.getGenerationSignature());
                generationSignatureHash = digest.digest(publicKey);
            }

            BigInteger hit = new BigInteger(1, new byte[] {generationSignatureHash[7], generationSignatureHash[6], generationSignatureHash[5], generationSignatureHash[4], generationSignatureHash[3], generationSignatureHash[2], generationSignatureHash[1], generationSignatureHash[0]});

So forging before the Transparent Forging Block is really vulnerable to "Mining".
After the transparent forging block you take the generation signature and use the hash of it to look which user gets rewarded with the fees. Before the transparent forging block, the hash of a SIGNATURE of the GenerationSignature has to meet certain criteria. Due to the random "k" in the signing process, you get different values when resigning.

Here you can just start mining with a decent hardware, resigning the generation signature until one of their hashes meets the requirements to collect the fees.


Congrats Smiley
... also from saving my bloody time  Wink

NXT, NEM.   NCMXTP-5JWUF3-QYHADC-YWELC5-QPUWF3-EAVFQM-MU7R
instacalm
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
March 22, 2014, 07:42:12 PM
 #1266

Congratulations, Evil-Knievel!
LiQio
Legendary
*
Offline Offline

Activity: 1174
Merit: 1002



View Profile
March 22, 2014, 08:03:27 PM
 #1267

Congrats Evil-Knievel, fast and efficient  Smiley

PS: I really didn't like your first appearance on the main NXT thread, you came across as way too haughty.
Hope you change that, because I really like the NXT community and would like you to stick around

PPS: Should be empowering for your "Transaction Malleability Reloaded" - watching with interest
Meizirkki
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500



View Profile
March 22, 2014, 08:06:14 PM
 #1268

I have still doubts about the account mining issue ;-) I have made a small reference implementation (which I would never make public except give it to the devs) which is capable of doing 10 Megahashes (or Megaaccounts) per second on a simple CPU. At some point in the future, this might be an issue.

To be more precise, you can theoretically "mine" twice as fast as the BTC Mining Hardware (as you only need one round of sha256 and the Curve25519 stuff comes at no cost as it is just incerementing the pubkey by 9 = basepoint in each round). So on a FPGA you could try 1,6 billion accounts per second, and on a 7990 GPU around 4 billion accounts per second. Only a matter of time, until you find one public key, which SHA256 hash matches an existing account in the first 8 bytes.
Thank you. I've been told since the beginning that NXT is totally future proof and this is a feature, not a bug. Nxtcrypto.org should show a gigantic warning for every newbie that unless they do an outcoming transaction their accounts are subject to mining. As hardware gets faster each year it's just a matter of time before someone loses their coins.

Congrats for winning the bounty  Wink
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2086
Merit: 1007

Newbie


View Profile
March 22, 2014, 08:10:08 PM
 #1269

Well we can delete all these things if you prefer, and discuss in private  Wink
The problem is, that you do not need to use a secret phase, which is SHA256ed and mapped to a public key on the curve.
With a little tweaking of the GUI you can replace the login commands, so you can enter private keys directly when unlocking an account.

And 9, 18, 27, 36 ... are all fine public keys (of which 1,2,3,4 are the trivial private keys). And one hash of those eventually will match a present AccountID.

No, better discuss it in public.
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1274
Merit: 1160



View Profile
March 22, 2014, 08:17:44 PM
Last edit: April 15, 2016, 01:08:05 PM by Evil-Knievel
 #1270

This message was too old and has been purged
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1274
Merit: 1160



View Profile
March 22, 2014, 08:22:29 PM
Last edit: April 15, 2016, 02:31:56 PM by Evil-Knievel
 #1271

This message was too old and has been purged
intmain()
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 22, 2014, 09:03:23 PM
 #1272

wait i remember having a github account ... let me push it.

10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.
Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 22, 2014, 09:15:51 PM
 #1273

To be more precise, you can theoretically "mine" twice as fast as the BTC Mining Hardware (as you only need one round of sha256 and the Curve25519 stuff comes at no cost as it is just incerementing the pubkey by 9 = basepoint in each round). So on a FPGA you could try 1,6 billion accounts per second, and on a 7990 GPU around 4 billion accounts per second. Only a matter of time, until you find one public key, which SHA256 hash matches an existing account in the first 8 bytes.

Interesting approach! Can u get the private key out of this? Or sign a transaction?

PS: Ability to "mine" accounts not secured by a 256-bit key was made on purpose.

Not all accounts without outgoing transactions are lost nxt. This should be be made even more clear to users who login to their accounts but don't have outgoing transactions.

I deposited 100 nxt to crypsty account but there is no outgoing transactions in that account. I hope crypsty (and other exchanges) are aware this could be a problem

NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
March 22, 2014, 09:20:23 PM
 #1274

wait i remember having a github account ... let me push it.

10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.

10,000,000 accounts/s per PC would need about 317097 years to check all possible digits.
Faster PCs + a mass of miners would lower that number significantly, but then again i thought this was a feature and not a bug?

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2086
Merit: 1007

Newbie


View Profile
March 22, 2014, 09:23:35 PM
 #1275

Here is the Account Miner, and I hope to discuss it with you guys:

https://github.com/litecoin-extras/nxt-account-miner

Build it with simply running:
Code:
./make.sh

And run it with:
Code:
./bruteforcer

In the code specify:
Code:
unsigned long long global_iter = 33333333333LL;
which is the starting private key point P=global_iter * G

And specify the target AccountID:
Code:
unsigned long long target = 16386134630970163904LL;

Also play around with the number of parallely executed processes:
Code:
int ntimes = 2;

I am not sure if the code is all correct, so please review the code and let us make it better ;-)


Why do u need the target account? Mine all the accounts!
TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
March 22, 2014, 09:24:31 PM
 #1276

Here is the Account Miner, and I hope to discuss it with you guys:

https://github.com/litecoin-extras/nxt-account-miner

Build it with simply running:
Code:
./make.sh

And run it with:
Code:
./bruteforcer

In the code specify:
Code:
unsigned long long global_iter = 33333333333LL;
which is the starting private key point P=global_iter * G

And specify the target AccountID:
Code:
unsigned long long target = 16386134630970163904LL;

Also play around with the number of parallely executed processes:
Code:
int ntimes = 2;

I am not sure if the code is all correct, so please review the code and let us make it better ;-)


Why do u need the target account? Mine all the accounts!

Checking against a list of all HiberNXT accounts would significantly lower the rate of 10millionaccs/s

Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 22, 2014, 09:26:41 PM
 #1277

wait i remember having a github account ... let me push it.

10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.

10,000,000 accounts/s per PC would need about 317097 years to check all possible digits.
Faster PCs + a mass of miners would lower that number significantly, but then again i thought this was a feature and not a bug?

Even 4 billion accounts/per sec will take 146 years to recover all accounts with no outgoing transactions. However, if there are 1000 accounts with no public key that will mean 0.146 years to recover one account on average


NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1274
Merit: 1160



View Profile
March 22, 2014, 09:28:20 PM
Last edit: April 15, 2016, 01:07:53 PM by Evil-Knievel
 #1278

This message was too old and has been purged
Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 22, 2014, 09:30:38 PM
 #1279

Here is the Account Miner, and I hope to discuss it with you guys:

https://github.com/litecoin-extras/nxt-account-miner

Build it with simply running:
Code:
./make.sh

And run it with:
Code:
./bruteforcer

In the code specify:
Code:
unsigned long long global_iter = 33333333333LL;
which is the starting private key point P=global_iter * G

And specify the target AccountID:
Code:
unsigned long long target = 16386134630970163904LL;

Also play around with the number of parallely executed processes:
Code:
int ntimes = 2;

I am not sure if the code is all correct, so please review the code and let us make it better ;-)


Why do u need the target account? Mine all the accounts!

Checking against a list of all HiberNXT accounts would significantly lower the rate of 10millionaccs/s


Targeting just one account will be very slow though. 146 years to find it with 4 billion per second  rate. If you get very lucky (just after 10% of search), it will still take 14 years.


NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
March 22, 2014, 09:31:57 PM
 #1280

@Twin: This is just a quick-and-dirty implementation, If we had a good structure (maybe some B-trees with a lookup complexity of O(log) ) where all NXT accounts were stored, we could mine them all parallely.
Thats what the github Repository is for ... let us make this "first approach" better ;-)

I am not doubting that.

We could make a mining pool/mining list where we add account numbers, where we are XX% sure that they are DarkNXT (not accessible because of lost/forgotten passphrase)

Pages: « 1 ... 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [64] 65 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!