building and breaking block chains
play

Building and Breaking Block Chains Merlin Corey Pandoblox Engineer - PowerPoint PPT Presentation

Oct 17, 2022 •6 likes •456 views

Building and Breaking Block Chains Merlin Corey Pandoblox Engineer Shellcon 2018 Who is that Merlin guy? Cryptography nerd Null Space Labs keyholder LayerOne Hardware Hacking Village Defcon Tamper Evident Village DC949

  1. Building and Breaking Block Chains Merlin Corey Pandoblox Engineer Shellcon 2018

  2. Who is that Merlin guy? ● Cryptography nerd ● Null Space Labs keyholder ● LayerOne Hardware Hacking Village ● Defcon Tamper Evident Village ● DC949 Alumni ● Startup Wizard at Pandoblox

  3. Assumptions ● Cryptographic fundamentals ● Vague ideas of what a cryptocurrency is ● Passing familiarity with Python or another language

  4. Cryptographic Fundamentals ● Hashing is most important concept ● One-way function ● Ideally – Large space – Randomized value – No collisions

  5. Vague ideas of Cryptocurrency ● Magical internet currency ● The future of everything ● Really slow database ● Pyramid scheme?

  6. Basic programming ● TrackA = Room(‘pufferfish’) ● Merlin = Speaker() ● For each Attendee in TrackA.attendees() – Attendee.ListenTo(Merlin) ● Print(‘Now you know Python’)

  7. Building Basic Blockchain: Prior Art ● https://github.com/dvf/blockchain ● https://github.com/zack-bitcoin/basiccoin

  8. Building Basic Blockchain: Challenge ● How hard could it be?

  9. Building Basic Blockchain: Challenge ● How hard could it be? – Pretty hard, honestly

  10. Building Basic Blockchain: Challenge ● How hard could it be? – Pretty hard, honestly – But we’ll keep it as simple as possible

  11. Building Basic Blockchain: High level Components ● Transaction ● Block ● Blockchain ● Node ● Network

  12. Building Basic Blockchain: High level Components ● Transaction – Inputs – Outputs – Coinbase

  13. Building Basic Blockchain: High level Components ● Block – Transactions ● Merkle Root – Proof – Parent block

  14. Building Basic Blockchain: High level Components ● Blockchain – Blocks connected by parent blocks – Block #0 ● Block #1 (Child of #0) – Block #2 (Child of #1) ● Block #3 (Child of #2) ● Block #4 (Child of #3) ● Block #5 (Child of #4) ● … ● Block #N (Child of #N-1)

  15. Building Basic Blockchain: High level Components ● Node – Miner – Wallet

  16. Building Basic Blockchain: High level Components ● Network – Nodes – Blocks – Protocol

  17. Build Basic Block Chain: Transaction Input

  18. Build Basic Block Chain: Transaction Output

  19. Build Basic Block Chain: Transaction

  20. Build Basic Block Chain: Special Transactions

  21. Building Basic Blockchain: Hashing ● Exploring hashing with live code

  22. Build Basic Blockchain: Hashing

  23. Build Basic Blockchain: Merkle Tree T op Hash Hash 0 hash( ) + Hash 1 Hash Hash 0 1 Hash 0-0 Hash 1-0 hash( ) hash( ) + + Hash 0-1 Hash 1-1 Hash Hash Hash Hash 0-0 0-1 1-0 1-1 hash(L1) hash(L2) hash(L3) hash(L4) Data L1 L2 L3 L4 Blocks

  24. Build Basic Block Chain: Merkle Root

  25. Building Basic Blockchain: Block Helpers

  26. Building Basic Blockchain: Genesis Block

  27. Building Basic Blockchain: Blockchain ● Exploring blockchain with live code

  28. Building Basic Blockchain: Virtual Machine ● Transaction outputs are scripts

  29. Building Basic Blockchain: Virtual Machine ● Transaction outputs are scripts ● Breathe a sigh of relief

  30. Building Basic Blockchain: Virtual Machine ● Transaction outputs are scripts ● Breathe a sigh of relief – We won’t be implementing all that today! ● Listen to Merlin ramble on about it, anyway

  31. Breaking Basic Blockchain ● What is controllable ● How is a 51% attack executed?

  32. Breaking Production Blockchains: Smart Contracts ● There are many attacks against smart contracts

  33. Breaking Production Blockchains: Smart Contracts ● There are many attacks against smart contracts – Underflow and Overflow are the most basic

  34. Breaking Production Blockchains: Smart Contracts ● Understanding the DAO hack

  35. Breaking Production Blockchains: Smart Contracts ● Understanding the DAO hack – Recursive function calls are dangerous

  36. Breaking Production Blockchains: Smart Contracts ● Understanding the DAO hack – Recursive function calls are dangerous – Especially when you do work on either side of them

  37. Breaking Production Blockchains: Smart Contracts ● Understanding the DAO hack

  38. Breaking Production Blockchains: Smart Contracts ● ERC20 Short Address Attack – Generate address with trailing zero – Send to address without trailing zero

  39. Protecting Production Blockchains: Nodes and Wallets ● Private keys – Passphrases – Cold storage ● RTFM your configuration ● Firewalls ● Monitoring and Alerting

  40. Protecting Production Blockchains: Network ● Economic feasibility of 51% attacks ● Like any other software: patches

  41. Protecting Production Blockchains: Network ● Economic feasibility of 51% attacks ● Like any other software: patches – Bitcoin DoS [patch] ● Bitcoin Infinite Inflation? ● Notice of Vulnerability ● CVE-2018-17144

  42. Protecting Production Blockchains: Smart Contracts in Solidity ● Avoid reentrancy issues ● Be careful of overflows and underflows ● Use a library – Like SafeMath ● Check lengths of addresss and other data ● Use EthFiddle and test

  43. Protecting Production Blockchains: Smart Contracts in Solidity ● Avoid reentrancy issues ● Be careful of overflows and underflows ● Use a library – Like SafeMath ● Check lengths of addresss and other data ● Use EthFiddle and test – Test

  44. Protecting Production Blockchains: Smart Contracts in Solidity ● Avoid reentrancy issues ● Be careful of overflows and underflows ● Use a library – Like SafeMath ● Check lengths of addresss and other data ● Use EthFiddle and test – Test ● Test!

  45. Questions and Contact ● Any questions? – If you’re still awake, that is ● Want to talk to Merlin? – Come check out NSL 4.0 starting late October! – Hang out on EFNet in #NSL – Hand him a drink at any conference!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introducing EF Block TM Introduction to EF Block Building Materials Overview of EF

Introducing EF Block TM Introduction to EF Block Building Materials Overview of EF

Introducing EF Block TM Introduction to EF Block Building Materials Overview of EF Block and the competition The EF Block System Proprietary (Patent Pending) Plant, Product and Processes of the EF Block system Homes

792 views • 34 slides
Track sponsored by Breaking the Chains of Price/Convenience with Experience Steve Lovell, Head

Track sponsored by Breaking the Chains of Price/Convenience with Experience Steve Lovell, Head

Track sponsored by Breaking the Chains of Price/Convenience with Experience Steve Lovell, Head of Retail Dev Laura Long, SVP , Adore Me Brand Edelman Laura Davis-Taylor, Co-Founder, John Greening, Associate Professor HighStreet Collective

270 views • 11 slides
The Matrix Geometric/Analytic Methods for Structured Markov Chains Markov chains whose transition

The Matrix Geometric/Analytic Methods for Structured Markov Chains Markov chains whose transition

William J. Stewart Department of Computer Science N.C. State University The Matrix Geometric/Analytic Methods for Structured Markov Chains Markov chains whose transition matrices have a special block structure. Example: B 00 B 01 0

1.89k views • 177 slides
Canadas Parliament Buildings Centre Block - circa 1900 Centre Block - Today Sir John A.

Canadas Parliament Buildings Centre Block - circa 1900 Centre Block - Today Sir John A.

Canadas Parliament Buildings Centre Block - circa 1900 Centre Block - Today Sir John A. Macdonald Building Sir John A. Macdonald Building Wellington Building Government Conference Centre Visitor Welcome Centre West Block Interim House of

643 views • 28 slides
Containerization as the Building Block for Datacenter

Containerization as the Building Block for Datacenter

Containerization as the Building Block for Datacenter Applications GOTO Amsterdam June 19, 2015 Benjamin Hindman @benh an emerging trend

1.82k views • 171 slides
Learning Goals [CT Building Block] Define spam, phishing schemes, and cookies and give

Learning Goals [CT Building Block] Define spam, phishing schemes, and cookies and give

Learning Goals [CT Building Block] Define spam, phishing schemes, and cookies and give examples of each [CT Building Block] Tell whether a communication technology (Internet, radio, LAN, etc.) is synchronous or asynchronous [CT

639 views • 39 slides
Breaking The FF3 Format- Preserving Encryption Standard Over Small Domains F. Betl Durak

Breaking The FF3 Format- Preserving Encryption Standard Over Small Domains F. Betl Durak

Breaking The FF3 Format- Preserving Encryption Standard Over Small Domains F. Betl Durak Serge Vaudenay 1 Block Ciphers {0,1} 128 0x149E00A50F0F00D6 K AES {0,1} 128 0xA4F22C1B78HE90A9 2 Block Ciphers {0,1} 128

1.32k views • 91 slides
FinChain Financial Markets Re-engineered By Steve Fernandez FinChain Topology Satellite Chains

FinChain Financial Markets Re-engineered By Steve Fernandez FinChain Topology Satellite Chains

FinChain Financial Markets Re-engineered By Steve Fernandez FinChain Topology Satellite Chains Block Chain Master Replication Nodes Block Chain Database Regulator Smart Autonomous Contracts Replication Primary dB dB [secondary]

306 views • 12 slides
Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security

Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security

IP Security Cunsheng Ding HKUST, Kong Kong, China C. Ding - COMP4631 - L21 1 Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database

694 views • 33 slides
Needs-driven capacity building for sustainable fisheries trade and value chains 2 nd Ocean Forum

Needs-driven capacity building for sustainable fisheries trade and value chains 2 nd Ocean Forum

Needs-driven capacity building for sustainable fisheries trade and value chains 2 nd Ocean Forum on Trade related aspects of SDG14, 17 July 2018, Daniel Kachelriess, Marine Species Officer CITES is a multilateral agreement Operates through

536 views • 15 slides
Industrial Robots Industrial Robots Kinematic chains Kinematic chains Kinematic chains Kinematic

Industrial Robots Industrial Robots Kinematic chains Kinematic chains Kinematic chains Kinematic

Industrial Robots Industrial Robots Kinematic chains Kinematic chains Kinematic chains Kinematic chains Basilio Bona 1 ROBOTICA 03CFIOR Readings & prerequisites Chapter 2 (prerequisites) Reference systems Vectors Matrices

948 views • 49 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
YouthBuild: Breaking the Cycle of Poverty First building rehabbed by YouthBuild, in East Harlem

YouthBuild: Breaking the Cycle of Poverty First building rehabbed by YouthBuild, in East Harlem

YouthBuild: Breaking the Cycle of Poverty First building rehabbed by YouthBuild, in East Harlem YouthBuild is A Model of Social Innovation Going to Scale 92,000 young people have built 19,000 units of affordable housing in 273 of

906 views • 11 slides
Building Biomass Supply Chains Key Elements in Performing Transportation Due Diligence Advanced

Building Biomass Supply Chains Key Elements in Performing Transportation Due Diligence Advanced

Building Biomass Supply Chains Key Elements in Performing Transportation Due Diligence Advanced Biofuels Symposium July 23 2015 1 Current demand and market outlook Global wood pellet consumption grew from 1.7M tons to 25.1M tons per year

483 views • 16 slides
Best Practices From Across The Country Morning Session 2014 NCWBA Summit Breaking Barriers

Best Practices From Across The Country Morning Session 2014 NCWBA Summit Breaking Barriers

Breaking Barriers & Building Bridges Best Practices From Across The Country Morning Session 2014 NCWBA Summit Breaking Barriers & Building Bridges Programs/Practices to Break Barriers or Build Bridges Division for Bar Services of

491 views • 20 slides
Breaking Ground and Barriers: COMMUNITY LEADERSHIP CENTER Building a Legacy of Excellence Gloria

Breaking Ground and Barriers: COMMUNITY LEADERSHIP CENTER Building a Legacy of Excellence Gloria

Breaking Ground and Barriers: COMMUNITY LEADERSHIP CENTER Building a Legacy of Excellence Gloria Bonilla-Santiago Ph.D., Board of Governors Distinguished Service Professor of the Graduate Department of Public Policy and Administration at

622 views • 35 slides
Beyond bags of Features Spatial Pyramid Matching for Recognizing Natural Scene Categories Camille

Beyond bags of Features Spatial Pyramid Matching for Recognizing Natural Scene Categories Camille

Beyond bags of Features Spatial Pyramid Matching for Recognizing Natural Scene Categories Camille Schreck, Romain Vavassori Ensimag December 14, 2012 Schreck, Vavassori (Ensimag) Beyond bags of Features December 14, 2012 1 / 32 State of art

567 views • 32 slides
Ava: From Data to Insights Through Conversation Rogers Jeffrey Leo John, Navneet Potti, and

Ava: From Data to Insights Through Conversation Rogers Jeffrey Leo John, Navneet Potti, and

Ava: From Data to Insights Through Conversation Rogers Jeffrey Leo John, Navneet Potti, and Jignesh M. Patel University of Wisconsin Madison Rogers Navneet 01/10/2017 University of WisconsinMadison 1 Motivation Why do my customers

230 views • 12 slides
The Truth About MLMs What is Multi-Level Marketing? - Get-Rich-Quick scheme - marketing

The Truth About MLMs What is Multi-Level Marketing? - Get-Rich-Quick scheme - marketing

The Truth About MLMs What is Multi-Level Marketing? - Get-Rich-Quick scheme - marketing strategy for the sale of products or services - from a non-salaried workforce selling the company's products/services - earnings of the participants are

334 views • 14 slides
Global Scene Representations Tilke Judd Papers Oliva and Torralba [2001] Fei Fei and

Global Scene Representations Tilke Judd Papers Oliva and Torralba [2001] Fei Fei and

Global Scene Representations Tilke Judd Papers Oliva and Torralba [2001] Fei Fei and Perona [2005] Labzebnik, Schmid and Ponce [2006] Commonalities Goal: Recognize natural scene categories Extract features on images and learn

494 views • 48 slides
LAMMPS Dr. Richard Berger High-Performance Computing Group College of Science and Technology

LAMMPS Dr. Richard Berger High-Performance Computing Group College of Science and Technology

Latin American Introductory School on Parallel Programming and Parallel Architecture for High-Performance Computing LAMMPS Dr. Richard Berger High-Performance Computing Group College of Science and Technology Temple University Philadelphia,

799 views • 49 slides
AMeshlessHierarchical RepresentaKonforLightTransport JaakkoLehKnen 1,2

AMeshlessHierarchical RepresentaKonforLightTransport JaakkoLehKnen 1,2

AMeshlessHierarchical RepresentaKonforLightTransport JaakkoLehKnen 1,2 MaMhiasZwicker 3 EmmanuelTurquin 4,5 JanneKontkanen 6 FrdoDurand 1 FranoisSillion 5,4 TimoAila 7 1 MITCSAIL 2

1.23k views • 95 slides
3D Viewing & Clipping Where do geometries come from? Where do geometries come from? Pin-hole

3D Viewing & Clipping Where do geometries come from? Where do geometries come from? Pin-hole

3D Viewing & Clipping Where do geometries come from? Where do geometries come from? Pin-hole camera Pin-hole camera Perspective projection Perspective projection Viewing transformation Viewing transformation Clipping lines &

386 views • 20 slides
Impact, Risks, and Mitigating Controls for Trafficking and Money Laundering in Art and Antiquities

Impact, Risks, and Mitigating Controls for Trafficking and Money Laundering in Art and Antiquities

Impact, Risks, and Mitigating Controls for Trafficking and Money Laundering in Art and Antiquities Tess Davis, Executive Director, the Antiquities Coalition @CombatLooting #CultureUnderThreat antiquitiescoalition.org Cultural Racketeering:

645 views • 15 slides

More recommend