farl4web
Legendary
Offline
Activity: 1205
Merit: 1000
|
|
March 22, 2014, 06:49:40 PM |
|
Thanx a lot Evil-Knievel! Enjoy your 100K!
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
March 22, 2014, 06:52:04 PM Last edit: April 15, 2016, 01:08:30 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
BloodyRookie
|
|
March 22, 2014, 06:56:49 PM |
|
Sure, the private key is just the number of times you incremented your Public Key by 9 (which has to be set to 9 itself in the beginning). Check your comment in the core function of Curve25519.java. /* P = kG and s = sign(P)/k */ The public key is just a k * G ( G = 9 = basepoint). k is directly proportional to s which is the private key for signing. P=kG means skalar multiplication on curve25519, not multiplying integers.
|
Nothing Else Matters NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ NXT: 11095639652683007953
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
March 22, 2014, 06:58:36 PM Last edit: April 15, 2016, 02:13:54 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
jkoil
|
|
March 22, 2014, 07:27:46 PM |
|
I can only imagine this to be the flaw: if (lastBlock.getHeight() < Constants.TRANSPARENT_FORGING_BLOCK) { byte[] generationSignature = Crypto.sign(lastBlock.getGenerationSignature(), secretPhrase); generationSignatureHash = digest.digest(generationSignature); } else { digest.update(lastBlock.getGenerationSignature()); generationSignatureHash = digest.digest(publicKey); }
BigInteger hit = new BigInteger(1, new byte[] {generationSignatureHash[7], generationSignatureHash[6], generationSignatureHash[5], generationSignatureHash[4], generationSignatureHash[3], generationSignatureHash[2], generationSignatureHash[1], generationSignatureHash[0]});
So forging before the Transparent Forging Block is really vulnerable to "Mining". After the transparent forging block you take the generation signature and use the hash of it to look which user gets rewarded with the fees. Before the transparent forging block, the hash of a SIGNATURE of the GenerationSignature has to meet certain criteria. Due to the random "k" in the signing process, you get different values when resigning. Here you can just start mining with a decent hardware, resigning the generation signature until one of their hashes meets the requirements to collect the fees. Congrats ... also from saving my bloody time
|
|
|
|
instacalm
|
|
March 22, 2014, 07:42:12 PM |
|
Congratulations, Evil-Knievel!
|
|
|
|
LiQio
Legendary
Offline
Activity: 1181
Merit: 1002
|
|
March 22, 2014, 08:03:27 PM |
|
Congrats Evil-Knievel, fast and efficient PS: I really didn't like your first appearance on the main NXT thread, you came across as way too haughty. Hope you change that, because I really like the NXT community and would like you to stick around PPS: Should be empowering for your "Transaction Malleability Reloaded" - watching with interest
|
|
|
|
Meizirkki
|
|
March 22, 2014, 08:06:14 PM |
|
I have still doubts about the account mining issue ;-) I have made a small reference implementation (which I would never make public except give it to the devs) which is capable of doing 10 Megahashes (or Megaaccounts) per second on a simple CPU. At some point in the future, this might be an issue.
To be more precise, you can theoretically "mine" twice as fast as the BTC Mining Hardware (as you only need one round of sha256 and the Curve25519 stuff comes at no cost as it is just incerementing the pubkey by 9 = basepoint in each round). So on a FPGA you could try 1,6 billion accounts per second, and on a 7990 GPU around 4 billion accounts per second. Only a matter of time, until you find one public key, which SHA256 hash matches an existing account in the first 8 bytes.
Thank you. I've been told since the beginning that NXT is totally future proof and this is a feature, not a bug. Nxtcrypto.org should show a gigantic warning for every newbie that unless they do an outcoming transaction their accounts are subject to mining. As hardware gets faster each year it's just a matter of time before someone loses their coins. Congrats for winning the bounty
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 22, 2014, 08:10:08 PM |
|
Well we can delete all these things if you prefer, and discuss in private The problem is, that you do not need to use a secret phase, which is SHA256ed and mapped to a public key on the curve. With a little tweaking of the GUI you can replace the login commands, so you can enter private keys directly when unlocking an account. And 9, 18, 27, 36 ... are all fine public keys (of which 1,2,3,4 are the trivial private keys). And one hash of those eventually will match a present AccountID. No, better discuss it in public.
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
March 22, 2014, 08:17:44 PM Last edit: April 15, 2016, 01:08:05 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
March 22, 2014, 08:22:29 PM Last edit: April 15, 2016, 02:31:56 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
intmain()
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 22, 2014, 09:03:23 PM |
|
wait i remember having a github account ... let me push it.
10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop.
|
|
|
|
Eadeqa
|
|
March 22, 2014, 09:15:51 PM |
|
To be more precise, you can theoretically "mine" twice as fast as the BTC Mining Hardware (as you only need one round of sha256 and the Curve25519 stuff comes at no cost as it is just incerementing the pubkey by 9 = basepoint in each round). So on a FPGA you could try 1,6 billion accounts per second, and on a 7990 GPU around 4 billion accounts per second. Only a matter of time, until you find one public key, which SHA256 hash matches an existing account in the first 8 bytes.
Interesting approach! Can u get the private key out of this? Or sign a transaction? PS: Ability to "mine" accounts not secured by a 256-bit key was made on purpose. Not all accounts without outgoing transactions are lost nxt. This should be be made even more clear to users who login to their accounts but don't have outgoing transactions. I deposited 100 nxt to crypsty account but there is no outgoing transactions in that account. I hope crypsty (and other exchanges) are aware this could be a problem
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
March 22, 2014, 09:20:23 PM |
|
wait i remember having a github account ... let me push it.
10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop. 10,000,000 accounts/s per PC would need about 317097 years to check all possible digits. Faster PCs + a mass of miners would lower that number significantly, but then again i thought this was a feature and not a bug?
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 22, 2014, 09:23:35 PM |
|
Here is the Account Miner, and I hope to discuss it with you guys: https://github.com/litecoin-extras/nxt-account-minerBuild it with simply running:And run it with:In the code specify:unsigned long long global_iter = 33333333333LL; which is the starting private key point P=global_iter * G And specify the target AccountID:unsigned long long target = 16386134630970163904LL; Also play around with the number of parallely executed processes:I am not sure if the code is all correct, so please review the code and let us make it better ;-)Why do u need the target account? Mine all the accounts!
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
March 22, 2014, 09:24:31 PM |
|
Here is the Account Miner, and I hope to discuss it with you guys: https://github.com/litecoin-extras/nxt-account-minerBuild it with simply running:And run it with:In the code specify:unsigned long long global_iter = 33333333333LL; which is the starting private key point P=global_iter * G And specify the target AccountID:unsigned long long target = 16386134630970163904LL; Also play around with the number of parallely executed processes:I am not sure if the code is all correct, so please review the code and let us make it better ;-)Why do u need the target account? Mine all the accounts! Checking against a list of all HiberNXT accounts would significantly lower the rate of 10millionaccs/s
|
|
|
|
Eadeqa
|
|
March 22, 2014, 09:26:41 PM |
|
wait i remember having a github account ... let me push it.
10M account/s? That's pretty impressive, I only could push 6.4M on a 3.4GHz laptop. 10,000,000 accounts/s per PC would need about 317097 years to check all possible digits. Faster PCs + a mass of miners would lower that number significantly, but then again i thought this was a feature and not a bug? Even 4 billion accounts/per sec will take 146 years to recover all accounts with no outgoing transactions. However, if there are 1000 accounts with no public key that will mean 0.146 years to recover one account on average
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
March 22, 2014, 09:28:20 PM Last edit: April 15, 2016, 01:07:53 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
Eadeqa
|
|
March 22, 2014, 09:30:38 PM |
|
Here is the Account Miner, and I hope to discuss it with you guys: https://github.com/litecoin-extras/nxt-account-minerBuild it with simply running:And run it with:In the code specify:unsigned long long global_iter = 33333333333LL; which is the starting private key point P=global_iter * G And specify the target AccountID:unsigned long long target = 16386134630970163904LL; Also play around with the number of parallely executed processes:I am not sure if the code is all correct, so please review the code and let us make it better ;-)Why do u need the target account? Mine all the accounts! Checking against a list of all HiberNXT accounts would significantly lower the rate of 10millionaccs/s Targeting just one account will be very slow though. 146 years to find it with 4 billion per second rate. If you get very lucky (just after 10% of search), it will still take 14 years.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
March 22, 2014, 09:31:57 PM |
|
@Twin: This is just a quick-and-dirty implementation, If we had a good structure (maybe some B-trees with a lookup complexity of O(log) ) where all NXT accounts were stored, we could mine them all parallely. Thats what the github Repository is for ... let us make this "first approach" better ;-)
I am not doubting that. We could make a mining pool/mining list where we add account numbers, where we are XX% sure that they are DarkNXT (not accessible because of lost/forgotten passphrase)
|
|
|
|
|