theory in practice
play

THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers - PowerPoint PPT Presentation

Apr 10, 2024 •265 likes •1k views

BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers Agenda What is Bitcoin Bitcoin Transactions Transaction Malleability Vulnerability What Happened in MT.Gox Live Demo WHAT IS

  1. BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers

  2. Agenda • What is Bitcoin • Bitcoin Transactions • Transaction Malleability Vulnerability • What Happened in MT.Gox • Live Demo

  3. WHAT IS BITCOIN?

  10. What is Bitcoin? • Bitcoin is a payment system introduced as an open-source software in 2009 by a developer known as Satoshi Nakamoto • P 2P network – Trust is a result of data transparency • Decentralization – No institution is controlling your money/coins. • Anonymous Virtual currency.

  11. What is a Block? • A container of Transactions • Can’t be changed or removed • Reference to the previous block

  12. Block Chain • The network data history PreviousBlockHash • Block • Block • Transactions • Transactions • Block • Transactions PreviousBlockHash PreviousBlockHash

  13. What is a Block? • All the peers share the Block-Chain • Transparency

  14. Wh What at is a a Bl Block ck? • S tructure Field Description Size Magic No Value Always 0xD9B4BEF9 4 bytes Number of bytes following up Blocksize 4 bytes to end of block Blockheader Consists of 6 items 80 bytes Transaction counter Positive integer VI = VarInt 1 - 9 bytes Transactions The (non empty) list of <Transaction counter>-many transactions transactions

  15. Bl Block ck Hea eader der Str truct cture ure Field Purpose Updated when... Size (Bytes) You upgrade the software and Version Block version number 4 it specifies a new version hashPre revB vBloc lock 256-bit hash of the previous A new block comes in 32 256-bit hash based on all of hashMerkleRoot the transactions in the block A transaction is accepted 32 Current timestamp as Time seconds since 1970-01- Every few seconds 4 01T00:00 UTC Current target in compact The difficulty is adjusted Bits 4 format Nonce e 32-bit number (starts at 0) A hash is tried 4

  16. Wh What at Is Is Min inin ing?

  17. What is Mining? Transaction Pending Transaction Pending Pending Transaction … … Memory Transaction

  18. What is Mining?

  19. What is Mining? $

  20. What is Mining?

  21. LET’S SIMULATE MINING RIGHT NOW!

  22. 0x02000

  23. Additional Mining Goals Keep a steady Record all coin network data

  24. Bitcoin – what we’ve learned so far … • Block – container of transactions • Block chain - record of all coin data from the beginning • Block “Solving” – a process used to keep the network steady and to generate blocks.

  25. TRANSACTIONS

  26. Transactions 100 BTC Broadcasted Alice  Bob to network Confirmed Collected by miners (Block Solved)

  27. Transactions 100 MYC Alice  Bob Bob’s Wallet

  28. Transactions 100 MYC Broadcasted Alice  Bob to network

  29. Transactions 100 MYC Broadcasted Alice  Bob to network Collected by miners

  30. Transactions 100 MYC Broadcasted Alice  Bob to network Confirmed Collected by miners (Block Solved)

  31. Transactions

  32. Transactions Transactions are built from two main components • Source of coins Inputs (Ref to Txout in block chain) • Redeemer’s Bitcoin address Outputs • Amount

  33. Transactions • Prove you have the coins (by including a reference) • Include the Bitcoin wallet address of the recipient • Sign the transaction

  34. TRANSACTION MALLEABILITY

  35. P2P Lottery MessageID (sha256) … Length Signature (DER) From: Lottery Prize: You won a Car! Life supply of Vegemite … Length To: “Rami”

  36. P2P Lottery MessageID (sha256) … Length Signature (DER) From: Lottery Prize: You won a Car! … Length ID CAR SUPPLIED To: “Rami” ✓ f5d8ee... 5e67 s… ✓

  37. P2P Lottery

  38. P2P Lottery

  39. Standard Transaction TxId (sha256*2) Source of Coins Input Signature ScriptSig ScriptSig Public Key Amount of Coins Output ScriptPubKey (Redeemer’s address)

  40. Standard Transaction TxId (sha256*2) Length Source of Coins 1 Input Signature byt ScriptSig e Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemer’s address)

  41. Standard Transaction TxId (sha256*2) Length Source of Coins 2 Input Signature byt ScriptSig e Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemer’s address)

  42. Standard Transaction opcode TxId (sha256*2) (1 byte) Source of Coins Input 2 Signature pushdata2 byte ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemer’s address)

  43. Standard Transaction TxId (sha256*2) Length Source of Coins Input 0x3 Signature 0 ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  44. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input 0x3 Signature 0x4D 0 ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  45. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input 0x3 Signature 0x4D 0x00 0 ScriptSig Public Key Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  46. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input Signature 0x4D 0x3000 ScriptSig Public Key Lit ittle e Endi dian: 0x003 0030 0 == == 0x0030 0030 Amount of Coins 0x3000 3000 0x30 30 Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  47. Standard Transaction TxId (sha256*2) pushdata2 Source of Coins Input Signature 0x4D 0x3000 ScriptSig Public Key ✔ Amount of Coins Output Redeemer + Amount of Coins ScriptPubKey (Redeemers address)

  48. Standard Vs Mutated TxId = Mutated TxId = c6cfe6e4f129a34671d10c1bbe158eff05197d388 dc34efd49ed738bf4500db367292164166989cb1577302 727e331951b0ec2637c194e 6e9e185b78292bbc89

  49. Transaction Malleability • Two different transactions • Same amount of coins • Same destination and source • Mutated wins and gets in a Block RACE!

  50. Rejected Transactions • Invalid transaction data • Already spent out-point • Identical transactions • Invalid signature

  51. WHAT HAPPENED IN MT.GOX?

  52. MT.Gox Announcement

  53. P2P Bitcoin 30BTC -> Attacker’s Wallet B330 ….… 5088 Mt.Gox Attacker’s Wallet Attacker

  54. B330 ….… 5088 P2P Bitcoin … 0x30 30BTC -> Attacker’s Wallet ScriptSig B330 ….… 5088 Mt.Gox Attacker’s Wallet … 30BTC 0x19 ScriptPubkey Attacker

  55. P2P Bitcoin 30BTC -> Attacker’s Wallet B330 ….… 5088 Mt.Gox Attacker’s Wallet B330 ….… 5088 … 0x30 ScriptSig … 0x19 30BTC Attacker ScriptPubkey

  56. P2P Bitcoin 30 30BTC -> > Attacker’s Wallet B330 330 ….… 5088 5088 Mt.Gox Attacker’s Wallet C3a8 ……. 03 03f8 8 B330 330 ….… 5088 5088 … … 0x30 0x30 Mut utated ed Transa nsacti ction on ScriptSig 30BT … 0x19 C Valid Signature Attacker ScriptPubkey

  57. C3a8 ……. 03f8 P2P Bitcoin … 0x30 30BTC -> Attacker’s Wallet Mutated Transaction B330 ….… 5088 Mt.Gox Attacker’s Wallet Valid Signature Attacker

  58. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Attacker’s Wallet W Attacker

  59. Unconfirmed Tx B330 ……. 5088 P2P Bitcoin … 0x30 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet ScriptSig C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox … 0x19 30BTC Attacker’s Wallet ScriptPubkey W Attacker

  60. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Attacker

  61. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Generate Another Transaction! Attacker

  62. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Generate Another Transaction! Attacker

  63. P2P Bitcoin 30BTC -> Attacker’s Wallet 30BTC -> Attacker’s Wallet C3a8 ……. 03f8 B330 ….… 5088 Mt.Gox Unconfirmed Attacker’s Wallet Transaction (B330 ….… 5088) W Failed?!? Generate Another Transaction! Attacker

  64. DEMO

  65. BLOCKCHAIN OPINION

  66. PUSHDATA Mutated Transaction 1000 2000 3000 4000 5000 6000 0 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13 Jul-13 Aug-13 Sep-13 Oct-13 Nov-13 Dec-13 Jan-14 Feb-14 Mar-14 Apr-14 May-14 Jun-14 Jul-14 Aug-14 Transaction Malleable

  67. PUSHDATA Mutated Transaction 3569 3569 1900 1900 Malleable Transaction 79 79 11 11 22 22 0 0 2 2 0 Mt.Go .Gox announ uncem cemen ent

Recommend

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit. Theory alone can bring forth and develop the spirit of inventions Louis Pasteur, 1822-1895 Practice : It is a capital mistake to theorize before

548 views • 42 slides
practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no internal normative content practice theory for understanding social change well demonstrated as enabling distinctive insight into change

536 views • 24 slides
University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

(Or Living Between a Rock and a Hard Place) Nigel Smart University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs Theory and Practice A key problem is someones theory is someone elses practice,

1.66k views • 68 slides
From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no difference between theory and practice, but We can time different methods, but how to compare timings? not in practice Different on different

450 views • 7 slides
The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International House, Rome April 17-18, 2010 Leo van Lier Monterey Institute of International Studies lvanlier@miis.edu 1 1 The ecology has spoken! 2 2 All

421 views • 29 slides
XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web in Web in Practice Practice Sihem Amer-Yahia Mariano Consens Yahoo! Research University of Toronto In collaboration with: Ricardo Baeza-Yates

1.06k views • 59 slides
One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in practice Disclaimer Experiences with Gigascope. A practitioners perspective. Will be using my own implementations, rather than

849 views • 46 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

579 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

162 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or {

560 views • 15 slides
How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch Sustainable Consumption Institute, University of Manchester Three contributions of contemporary practice theory A way of understanding the organisation

451 views • 15 slides
Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed Computing www.disco.ethz.ch Theory Meets Practice SenSys OSDI HotNets Multimedia Ubicomp PODC STOC Mobicom FOCS SIGCOMM ICALP SPAA SODA EC

950 views • 67 slides
How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA Brussels November 2013 Outline Introduction/Background Neo-classical theory Flaws in the theory Myths about growth Financial

729 views • 45 slides
Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Parallel Algorithms: Theory and Practice CS26 S260 Lecture cture 9* Yan n Gu Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism hard? Non-determinism!! Sc Schedu duli ling ng is

466 views • 11 slides
Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation is different We create a template for an activity, We put into practice We share experiences Technical aspect of sport = secondary Use

172 views • 13 slides
Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice Professor Carmen Dalli Kaupapa/Plan 1. Mantras and teachers practical knowledge 2. Identifying mantras: rules of practice principles of practice

568 views • 29 slides
Theory and Practice Implicit Leadership Theory (ILT) Romance of Leadership (RoL) Implicit

Theory and Practice Implicit Leadership Theory (ILT) Romance of Leadership (RoL) Implicit

Critical leadership: Theory and Practice Implicit Leadership Theory (ILT) Romance of Leadership (RoL) Implicit Leadership Theories ILTs It is all in our heads `General ideas about what leaders are like and how they behave are called

887 views • 24 slides
New Developments In The Theory Of Clustering thats all very well in practice, but does it work

New Developments In The Theory Of Clustering thats all very well in practice, but does it work

New Developments In The Theory Of Clustering thats all very well in practice, but does it work in theory ? Sergei Vassilvitskii (Yahoo! Research) Suresh Venkatasubramanian (U. Utah) Sergei V . and Suresh V . Theory of Clustering Overview

2.3k views • 185 slides
Communities of Practice Contents Communities of Practice Why and How? Proposed

Communities of Practice Contents Communities of Practice Why and How? Proposed

COP1.1 Establishing Communities of Practice Contents Communities of Practice Why and How? Proposed Thematic Streams Next Steps Community of Practice What and Why? Theory - A community of practice is a group of practitioners

431 views • 6 slides
Applied Performance Theory @kavya719 kavya applying performance theory to practice

Applied Performance Theory @kavya719 kavya applying performance theory to practice

Applied Performance Theory @kavya719 kavya applying performance theory to practice performance Whats the additional load the system can support, without degrading response time ? Whatre the system utilization bottlenecks ?

952 views • 56 slides
From theory to practice in k-OPT heuristic for Travelling Salesman Problem Lukasz Kowalik

From theory to practice in k-OPT heuristic for Travelling Salesman Problem Lukasz Kowalik

From theory to practice in k-OPT heuristic for Travelling Salesman Problem Lukasz Kowalik la and Kamil (joint work with Marek Cygan, Arkadiusz Soca Zy la) Lukasz Kowalik From theory to practice in k-OPT heuristic for TSP

752 views • 53 slides
Reflective-based Practice Learning (RPL) A specific learning approach developed an implemented at

Reflective-based Practice Learning (RPL) A specific learning approach developed an implemented at

University College Northern Denmark Reflective-based Practice Learning (RPL) A specific learning approach developed an implemented at UCN Theory and Practice = Learning arenas? Theory Practice = Workplace/internship = Campus 29-11-2019 17

509 views • 12 slides
Theory in Practice: Modeling in Neuroimaging How to model big MRI datasets Outline of talk

Theory in Practice: Modeling in Neuroimaging How to model big MRI datasets Outline of talk

Theory in Practice: Modeling in Neuroimaging How to model big MRI datasets Outline of talk Theory recap: modelling approaches can be reduced to two types: predictive and descriptive Big data complicates our ability to apply

938 views • 91 slides
Exploratory testing in theory and practice Jan Jaap Cannegieter Principal consultant Squerist

Exploratory testing in theory and practice Jan Jaap Cannegieter Principal consultant Squerist

8-5-2019 Specialisten in vooruitgang Exploratory testing in theory and practice Jan Jaap Cannegieter Principal consultant Squerist Software testen Business Process Transformation Security testen 1 Exploratory testing in theory and practice

381 views • 18 slides

More recommend