theory in practice
play

THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers - PowerPoint PPT Presentation

Apr 10, 2024 •265 likes •1k views

BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers Agenda What is Bitcoin Bitcoin Transactions Transaction Malleability Vulnerability What Happened in MT.Gox Live Demo WHAT IS

  1. BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers

  2. Agenda • What is Bitcoin • Bitcoin Transactions • Transaction Malleability Vulnerability • What Happened in MT.Gox • Live Demo

  3. WHAT IS BITCOIN?

  10. What is Bitcoin? • Bitcoin is a payment system introduced as an open-source software in 2009 by a developer known as Satoshi Nakamoto • P 2P network – Trust is a result of data transparency • Decentralization – No institution is controlling your money/coins. • Anonymous Virtual currency.

  11. What is a Block? • A container of Transactions • Can’t be changed or removed • Reference to the previous block

  12. Block Chain • The network data history PreviousBlockHash • Block • Block • Transactions • Transactions • Block • Transactions PreviousBlockHash PreviousBlockHash

  13. What is a Block? • All the peers share the Block-Chain • Transparency

  14. Wh What at is a a Bl Block ck? • S tructure Field Description Size Magic No Value Always 0xD9B4BEF9 4 bytes Number of bytes following up Blocksize 4 bytes to end of block Blockheader Consists of 6 items 80 bytes Transaction counter Positive integer VI = VarInt 1 - 9 bytes Transactions The (non empty) list of <Transaction counter>-many transactions transactions

  15. Bl Block ck Hea eader der Str truct cture ure Field Purpose Updated when... Size (Bytes) You upgrade the software and Version Block version number 4 it specifies a new version hashPre revB vBloc lock 256-bit hash of the previous A new block comes in 32 256-bit hash based on all of hashMerkleRoot the transactions in the block A transaction is accepted 32 Current timestamp as Time seconds since 1970-01- Every few seconds 4 01T00:00 UTC Current target in compact The difficulty is adjusted Bits 4 format Nonce e 32-bit number (starts at 0) A hash is tried 4

  16. Wh What at Is Is Min inin ing?

  17. What is Mining? Transaction Pending Transaction Pending Pending Transaction … … Memory Transaction

  18. What is Mining?

  19. What is Mining? $

  20. What is Mining?

  21. LET’S SIMULATE MINING RIGHT NOW!

  22. 0x02000

  23. Additional Mining Goals Keep a steady Record all coin network data

  24. Bitcoin – what we’ve learned so far … • Block – container of transactions • Block chain - record of all coin data from the beginning • Block “Solving” – a process used to keep the network steady and to generate blocks.

  25. TRANSACTIONS

  26. Transactions 100 BTC Broadcasted Alice  Bob to network Confirmed Collected by miners (Block Solved)

  27. Transactions 100 MYC Alice  Bob Bob’s Wallet

  28. Transactions 100 MYC Broadcasted Alice  Bob to network

  29. Transactions 100 MYC Broadcasted Alice  Bob to network Collected by miners

  30. Transactions 100 MYC Broadcasted Alice  Bob to network Confirmed Collected by miners (Block Solved)

  31. Transactions

  32. Transactions Transactions are built from two main components • Source of coins Inputs (Ref to Txout in block chain) • Redeemer’s Bitcoin address Outputs • Amount

  33. Transactions • Prove you have the coins (by including a reference) • Include the Bitcoin wallet address of the recipient • Sign the transaction

  34. TRANSACTION MALLEABILITY

  35. P2P Lottery MessageID (sha256) … Length Signature (DER) From: Lottery Prize: You won a Car! Life supply of Vegemite … Length To: “Rami”

  36. P2P Lottery MessageID (sha256) … Length Signature (DER) From: Lottery Prize: You won a Car! … Length ID CAR SUPPLIED To: “Rami” ✓ f5d8ee... 5e67 s… ✓

  37. P2P Lottery

  38. P2P Lottery

  39. Standard Transaction TxId (sha256*2) Source of Coins Input Signature ScriptSig ScriptSig Public Key Amount of Coins Output ScriptPubKey (Redeemer’s address)

  40. Standard Transaction TxId (sha256*2) Length Source of Coins 1 Input Signature byt ScriptSig e Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemer’s address)

  41. Standard Transaction TxId (sha256*2) Length Source of Coins 2 Input Signature byt ScriptSig e Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemer’s address)

  42. Standard Transaction opcode TxId (sha256*2) (1 byte) Source of Coins Input 2 Signature pushdata2 byte ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemer’s address)

  43. Standard Transaction TxId (sha256*2) Length Source of Coins Input 0x3 Signature 0 ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  44. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input 0x3 Signature 0x4D 0 ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  45. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input 0x3 Signature 0x4D 0x00 0 ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  46. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input Signature 0x4D 0x3000 ScriptSig Public Key Lit ittle e Endi dian: 0x003 0030 0 == == 0x0030 0030 Amount of Coins 0x3000 3000 0x30 30 Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  47. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input Signature 0x4D 0x3000 ScriptSig Public Key ✔ Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  48. Standard Vs Mutated TxId = Mutated TxId = c6cfe6e4f129a34671d10c1bbe158eff05197d388 dc34efd49ed738bf4500db367292164166989cb1577302 727e331951b0ec2637c194e 6e9e185b78292bbc89

  49. Transaction Malleability • Two different transactions • Same amount of coins • Same destination and source • Mutated wins and gets in a Block RACE!

  50. Rejected Transactions • Invalid transaction data • Already spent out-point • Identical transactions • Invalid signature

  51. WHAT HAPPENED IN MT.GOX?

  52. MT.Gox Announcement

  53. P2P Bitcoin 30BTC -> Attacker’s Wallet B330 ….… 5088 Mt.Gox Attacker’s Wallet Attacker

  54. B330 ….… 5088 P2P Bitcoin … 0x30 30BTC -> Attacker’s Wallet ScriptSig B330 ….… 5088 Mt.Gox Attacker’s Wallet … 30BTC 0x19 ScriptPubkey Attacker

  55. P2P Bitcoin 30BTC -> Attacker’s Wallet B330 ….… 5088 Mt.Gox Attacker’s Wallet B330 ….… 5088 … 0x30 ScriptSig … 0x19 30BTC Attacker ScriptPubkey

  56. P2P Bitcoin 30 30BTC -> > Attacker’s Wallet B330 330 ….… 5088 5088 Mt.Gox Attacker’s Wallet C3a8 ……. 03 03f8 8 B330 330 ….… 5088 5088 … … 0x30 0x30 Mut utated ed Transa nsacti ction on ScriptSig 30BT … 0x19 C Valid Signature Attacker ScriptPubkey

  57. C3a8 ……. 03f8 P2P Bitcoin … 0x30 30BTC -> Attacker’s Wallet Mutated Transaction B330 ….… 5088 Mt.Gox Attacker’s Wallet Valid Signature Attacker

  58. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Attacker’s Wallet W Attacker

  59. Unconfirmed Tx B330 ……. 5088 P2P Bitcoin … 0x30 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet ScriptSig C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox … 0x19 30BTC Attacker’s Wallet ScriptPubkey W Attacker

  60. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Attacker

  61. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Generate Another Transaction! Attacker

  62. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Generate Another Transaction! Attacker

  63. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Generate Another Transaction! Attacker

  64. DEMO

  65. BLOCKCHAIN OPINION

  66. PUSHDATA Mutated Transaction 1000 2000 3000 4000 5000 6000 0 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13 Jul-13 Aug-13 Sep-13 Oct-13 Nov-13 Dec-13 Jan-14 Feb-14 Mar-14 Apr-14 May-14 Jun-14 Jul-14 Aug-14 Transaction Malleable

  67. PUSHDATA Mutated Transaction 3569 3569 1900 1900 Malleable Transaction 79 79 11 11 22 22 0 0 2 2 0 Mt.Go .Gox announ uncem cemen ent

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit. Theory alone can bring forth and develop the spirit of inventions Louis Pasteur, 1822-1895 Practice : It is a capital mistake to theorize before

548 views • 42 slides
practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no internal normative content practice theory for understanding social change well demonstrated as enabling distinctive insight into change

536 views • 24 slides
University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

(Or Living Between a Rock and a Hard Place) Nigel Smart University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs Theory and Practice A key problem is someones theory is someone elses practice,

1.66k views • 68 slides
From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no difference between theory and practice, but We can time different methods, but how to compare timings? not in practice Different on different

450 views • 7 slides
The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International House, Rome April 17-18, 2010 Leo van Lier Monterey Institute of International Studies lvanlier@miis.edu 1 1 The ecology has spoken! 2 2 All

421 views • 29 slides
XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web in Web in Practice Practice Sihem Amer-Yahia Mariano Consens Yahoo! Research University of Toronto In collaboration with: Ricardo Baeza-Yates

1.06k views • 59 slides
One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in practice Disclaimer Experiences with Gigascope. A practitioners perspective. Will be using my own implementations, rather than

849 views • 46 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

579 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

162 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or {

560 views • 15 slides
How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch Sustainable Consumption Institute, University of Manchester Three contributions of contemporary practice theory A way of understanding the organisation

451 views • 15 slides
Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed Computing www.disco.ethz.ch Theory Meets Practice SenSys OSDI HotNets Multimedia Ubicomp PODC STOC Mobicom FOCS SIGCOMM ICALP SPAA SODA EC

950 views • 67 slides
How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA Brussels November 2013 Outline Introduction/Background Neo-classical theory Flaws in the theory Myths about growth Financial

729 views • 45 slides
Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Parallel Algorithms: Theory and Practice CS26 S260 Lecture cture 9* Yan n Gu Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism hard? Non-determinism!! Sc Schedu duli ling ng is

466 views • 11 slides
Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation is different We create a template for an activity, We put into practice We share experiences Technical aspect of sport = secondary Use

172 views • 13 slides
Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice Professor Carmen Dalli Kaupapa/Plan 1. Mantras and teachers practical knowledge 2. Identifying mantras: rules of practice principles of practice

568 views • 29 slides
Hacking and protecting Oracle Database Vault Esteban Martnez Fay Argeniss (www.argeniss.com)

Hacking and protecting Oracle Database Vault Esteban Martnez Fay Argeniss (www.argeniss.com)

Hacking and protecting Oracle Database Vault Esteban Martnez Fay Argeniss (www.argeniss.com) July 2010 Agenda Introduction to Oracle Database Vault What is Oracle Database Vault, What changes introduce, Oracle Database Vault

688 views • 49 slides
Decrypting All Users' Secrets and PFX Passwords Paula Januszkiewicz CQURE: CEO, Penetration

Decrypting All Users' Secrets and PFX Passwords Paula Januszkiewicz CQURE: CEO, Penetration

DPAPI and DPAPI-NG: Decrypting All Users' Secrets and PFX Passwords Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT Microsoft: Regional Director www.cqureacademy.com

615 views • 27 slides
Logging with ASP.NET Core Damien Bowden Microsoft MVP https://damienbod.com @damien_bod Why

Logging with ASP.NET Core Damien Bowden Microsoft MVP https://damienbod.com @damien_bod Why

Logging with ASP.NET Core Damien Bowden Microsoft MVP https://damienbod.com @damien_bod Why Logging? explain logging in ASP.NET Core &amp; .NET Core how to add third party loggers What Microsoft provides Abstraction layer for logging in

573 views • 17 slides
Introducing the CIE Membership Type Rates Mentor $75 per year Entrepreneur $125 per year;

Introducing the CIE Membership Type Rates Mentor $75 per year Entrepreneur $125 per year;

4/8/2020 1 Introducing the CIE Membership Type Rates Mentor $75 per year Entrepreneur $125 per year; 2 member per organization Tenants Co-working space $100/month Private Office $300/month pending availability 2 Mentor Skill

447 views • 29 slides
A logic modelling workflow for systems pharmacology Luis Tobalina 13/07/2018 www.saezlab.org

A logic modelling workflow for systems pharmacology Luis Tobalina 13/07/2018 www.saezlab.org

A logic modelling workflow for systems pharmacology Luis Tobalina 13/07/2018 www.saezlab.org Institute for Computational Biomedicine @sysbiomed Heidelberg University &amp; RWTH Aachen Outline Context Pipeline Network

785 views • 53 slides
HiLumi LHC FP7 High Luminosity Large Hadron Collider Design Study Presentation Recommendations

HiLumi LHC FP7 High Luminosity Large Hadron Collider Design Study Presentation Recommendations

CERN-ACC-SLIDES-2014-0069 HiLumi LHC FP7 High Luminosity Large Hadron Collider Design Study Presentation Recommendations (from Collective Effects Considerations) for the LHC 2015 Run M etral, E (CERN) 25 March 2014 The HiLumi LHC Design

359 views • 21 slides
Learning objectives Understand goals and implications of finite state abstraction Learn

Learning objectives Understand goals and implications of finite state abstraction Learn

Learning objectives Understand goals and implications of finite state abstraction Learn how to model program control flow with Finite Models graphs Learn how to model the software system structure with call graphs Learn how

229 views • 5 slides
The blockchain and its applications to energy, videosurveillance and e- commerce Pierluigi

The blockchain and its applications to energy, videosurveillance and e- commerce Pierluigi

The blockchain and its applications to energy, videosurveillance and e- commerce Pierluigi Gallo Pierluigi Gallo pierluigi.gallo@unipa.it 1 Outline Motivation Blockchain applications blockchain technical intro Hash functions

521 views • 37 slides

More recommend