Bitcoin Forum
May 24, 2019, 08:33:43 PM
 News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 Home Help Search Login Register More
 Pages: 1 ... 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [64] 65
 Author Topic: Nxt source code flaw reports  (Read 113094 times)
farl4web
Legendary

Offline

Activity: 1200
Merit: 1000

aka farl4bit aka farl

 March 22, 2014, 06:49:40 PM

Thanx a lot Evil-Knievel! Enjoy your 100K!

PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558730023
Hero Member

Offline

Posts: 1558730023

Ignore
 1558730023

1558730023
 Report to moderator
1558730023
Hero Member

Offline

Posts: 1558730023

Ignore
 1558730023

1558730023
 Report to moderator
1558730023
Hero Member

Offline

Posts: 1558730023

Ignore
 1558730023

1558730023
 Report to moderator
Evil-Knievel
Legendary

Offline

Activity: 1274
Merit: 1160

 March 22, 2014, 06:52:04 PMLast edit: April 15, 2016, 01:08:30 PM by Evil-Knievel

This message was too old and has been purged
BloodyRookie
Hero Member

Offline

Activity: 684
Merit: 500

 March 22, 2014, 06:56:49 PM

Sure, the private key is just the number of times you incremented your Public Key by 9 (which has to be set to 9 itself in the beginning).

Check your comment in the core function of Curve25519.java.

Code:
/* P = kG   and  s = sign(P)/k  */

The public key is just a k * G ( G = 9 = basepoint). k is directly proportional to s which is the private key for signing.

P=kG means skalar multiplication on curve25519, not multiplying integers.

Nothing Else Matters
NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ
NXT: 11095639652683007953
Evil-Knievel
Legendary

Offline

Activity: 1274
Merit: 1160

 March 22, 2014, 06:58:36 PMLast edit: April 15, 2016, 02:13:54 PM by Evil-Knievel

This message was too old and has been purged
jkoil
Hero Member

Offline

Activity: 679
Merit: 501

 March 22, 2014, 07:27:46 PM

I can only imagine this to be the flaw:

Code:
if (lastBlock.getHeight() < Constants.TRANSPARENT_FORGING_BLOCK) {
byte[] generationSignature = Crypto.sign(lastBlock.getGenerationSignature(), secretPhrase);
generationSignatureHash = digest.digest(generationSignature);
} else {
digest.update(lastBlock.getGenerationSignature());
generationSignatureHash = digest.digest(publicKey);
}

BigInteger hit = new BigInteger(1, new byte[] {generationSignatureHash[7], generationSignatureHash[6], generationSignatureHash[5], generationSignatureHash[4], generationSignatureHash[3], generationSignatureHash[2], generationSignatureHash[1], generationSignatureHash[0]});

So forging before the Transparent Forging Block is really vulnerable to "Mining".
After the transparent forging block you take the generation signature and use the hash of it to look which user gets rewarded with the fees. Before the transparent forging block, the hash of a SIGNATURE of the GenerationSignature has to meet certain criteria. Due to the random "k" in the signing process, you get different values when resigning.

Here you can just start mining with a decent hardware, resigning the generation signature until one of their hashes meets the requirements to collect the fees.

Congrats
... also from saving my bloody time

instacalm
Hero Member

Offline

Activity: 784
Merit: 500

 March 22, 2014, 07:42:12 PM

Congratulations, Evil-Knievel!
LiQio
Legendary

Offline

Activity: 1174
Merit: 1002

 March 22, 2014, 08:03:27 PM

Congrats Evil-Knievel, fast and efficient

PS: I really didn't like your first appearance on the main NXT thread, you came across as way too haughty.
Hope you change that, because I really like the NXT community and would like you to stick around

PPS: Should be empowering for your "Transaction Malleability Reloaded" - watching with interest
Meizirkki
Hero Member

Offline

Activity: 616
Merit: 500

 March 22, 2014, 08:06:14 PM

I have still doubts about the account mining issue ;-) I have made a small reference implementation (which I would never make public except give it to the devs) which is capable of doing 10 Megahashes (or Megaaccounts) per second on a simple CPU. At some point in the future, this might be an issue.

To be more precise, you can theoretically "mine" twice as fast as the BTC Mining Hardware (as you only need one round of sha256 and the Curve25519 stuff comes at no cost as it is just incerementing the pubkey by 9 = basepoint in each round). So on a FPGA you could try 1,6 billion accounts per second, and on a 7990 GPU around 4 billion accounts per second. Only a matter of time, until you find one public key, which SHA256 hash matches an existing account in the first 8 bytes.
Thank you. I've been told since the beginning that NXT is totally future proof and this is a feature, not a bug. Nxtcrypto.org should show a gigantic warning for every newbie that unless they do an outcoming transaction their accounts are subject to mining. As hardware gets faster each year it's just a matter of time before someone loses their coins.

Congrats for winning the bounty
Come-from-Beyond
Legendary

Offline

Activity: 2086
Merit: 1007

Newbie

 March 22, 2014, 08:10:08 PM

Well we can delete all these things if you prefer, and discuss in private
The problem is, that you do not need to use a secret phase, which is SHA256ed and mapped to a public key on the curve.
With a little tweaking of the GUI you can replace the login commands, so you can enter private keys directly when unlocking an account.

And 9, 18, 27, 36 ... are all fine public keys (of which 1,2,3,4 are the trivial private keys). And one hash of those eventually will match a present AccountID.

No, better discuss it in public.
Evil-Knievel
Legendary

Offline

Activity: 1274
Merit: 1160

 March 22, 2014, 08:17:44 PMLast edit: April 15, 2016, 01:08:05 PM by Evil-Knievel

This message was too old and has been purged
Evil-Knievel
Legendary

Offline

Activity: 1274
Merit: 1160

 March 22, 2014, 08:22:29 PMLast edit: April 15, 2016, 02:31:56 PM by Evil-Knievel

This message was too old and has been purged
intmain()
Newbie

Offline

Activity: 28
Merit: 0

 March 22, 2014, 09:03:23 PM

wait i remember having a github account ... let me push it.

10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.
Hero Member

Offline

Activity: 644
Merit: 500

 March 22, 2014, 09:15:51 PM

To be more precise, you can theoretically "mine" twice as fast as the BTC Mining Hardware (as you only need one round of sha256 and the Curve25519 stuff comes at no cost as it is just incerementing the pubkey by 9 = basepoint in each round). So on a FPGA you could try 1,6 billion accounts per second, and on a 7990 GPU around 4 billion accounts per second. Only a matter of time, until you find one public key, which SHA256 hash matches an existing account in the first 8 bytes.

Interesting approach! Can u get the private key out of this? Or sign a transaction?

PS: Ability to "mine" accounts not secured by a 256-bit key was made on purpose.

Not all accounts without outgoing transactions are lost nxt. This should be be made even more clear to users who login to their accounts but don't have outgoing transactions.

I deposited 100 nxt to crypsty account but there is no outgoing transactions in that account. I hope crypsty (and other exchanges) are aware this could be a problem

NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
TwinWinNerD
Legendary

Offline

Activity: 1680
Merit: 1001

CEO Bitpanda.com

 March 22, 2014, 09:20:23 PM

wait i remember having a github account ... let me push it.

10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.

10,000,000 accounts/s per PC would need about 317097 years to check all possible digits.
Faster PCs + a mass of miners would lower that number significantly, but then again i thought this was a feature and not a bug?

 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇  Fund.NET✚.Card .. .Buy.and.Sell.Bitcoin.with..NETELLER..........✔ 2FA Security ✔ Lowest Fees ✔ Instant processing .. ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ Bitpanda
Come-from-Beyond
Legendary

Offline

Activity: 2086
Merit: 1007

Newbie

 March 22, 2014, 09:23:35 PM

Here is the Account Miner, and I hope to discuss it with you guys:

https://github.com/litecoin-extras/nxt-account-miner

Build it with simply running:
Code:
./make.sh

And run it with:
Code:
./bruteforcer

In the code specify:
Code:
unsigned long long global_iter = 33333333333LL;
which is the starting private key point P=global_iter * G

And specify the target AccountID:
Code:
unsigned long long target = 16386134630970163904LL;

Also play around with the number of parallely executed processes:
Code:
int ntimes = 2;

I am not sure if the code is all correct, so please review the code and let us make it better ;-)

Why do u need the target account? Mine all the accounts!
TwinWinNerD
Legendary

Offline

Activity: 1680
Merit: 1001

CEO Bitpanda.com

 March 22, 2014, 09:24:31 PM

Here is the Account Miner, and I hope to discuss it with you guys:

https://github.com/litecoin-extras/nxt-account-miner

Build it with simply running:
Code:
./make.sh

And run it with:
Code:
./bruteforcer

In the code specify:
Code:
unsigned long long global_iter = 33333333333LL;
which is the starting private key point P=global_iter * G

And specify the target AccountID:
Code:
unsigned long long target = 16386134630970163904LL;

Also play around with the number of parallely executed processes:
Code:
int ntimes = 2;

I am not sure if the code is all correct, so please review the code and let us make it better ;-)

Why do u need the target account? Mine all the accounts!

Checking against a list of all HiberNXT accounts would significantly lower the rate of 10millionaccs/s

 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇  Fund.NET✚.Card .. .Buy.and.Sell.Bitcoin.with..NETELLER..........✔ 2FA Security ✔ Lowest Fees ✔ Instant processing .. ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ Bitpanda
Hero Member

Offline

Activity: 644
Merit: 500

 March 22, 2014, 09:26:41 PM

wait i remember having a github account ... let me push it.

10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.

10,000,000 accounts/s per PC would need about 317097 years to check all possible digits.
Faster PCs + a mass of miners would lower that number significantly, but then again i thought this was a feature and not a bug?

Even 4 billion accounts/per sec will take 146 years to recover all accounts with no outgoing transactions. However, if there are 1000 accounts with no public key that will mean 0.146 years to recover one account on average

NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
Evil-Knievel
Legendary

Offline

Activity: 1274
Merit: 1160

 March 22, 2014, 09:28:20 PMLast edit: April 15, 2016, 01:07:53 PM by Evil-Knievel

This message was too old and has been purged
Hero Member

Offline

Activity: 644
Merit: 500

 March 22, 2014, 09:30:38 PM

Here is the Account Miner, and I hope to discuss it with you guys:

https://github.com/litecoin-extras/nxt-account-miner

Build it with simply running:
Code:
./make.sh

And run it with:
Code:
./bruteforcer

In the code specify:
Code:
unsigned long long global_iter = 33333333333LL;
which is the starting private key point P=global_iter * G

And specify the target AccountID:
Code:
unsigned long long target = 16386134630970163904LL;

Also play around with the number of parallely executed processes:
Code:
int ntimes = 2;

I am not sure if the code is all correct, so please review the code and let us make it better ;-)

Why do u need the target account? Mine all the accounts!

Checking against a list of all HiberNXT accounts would significantly lower the rate of 10millionaccs/s

Targeting just one account will be very slow though. 146 years to find it with 4 billion per second  rate. If you get very lucky (just after 10% of search), it will still take 14 years.

NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
TwinWinNerD
Legendary

Offline

Activity: 1680
Merit: 1001

CEO Bitpanda.com

 March 22, 2014, 09:31:57 PM

@Twin: This is just a quick-and-dirty implementation, If we had a good structure (maybe some B-trees with a lookup complexity of O(log) ) where all NXT accounts were stored, we could mine them all parallely.
Thats what the github Repository is for ... let us make this "first approach" better ;-)

I am not doubting that.

We could make a mining pool/mining list where we add account numbers, where we are XX% sure that they are DarkNXT (not accessible because of lost/forgotten passphrase)

 ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇  Fund.NET✚.Card .. .Buy.and.Sell.Bitcoin.with..NETELLER..........✔ 2FA Security ✔ Lowest Fees ✔ Instant processing .. ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ Bitpanda
 Pages: 1 ... 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [64] 65
 « previous topic next topic »