BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE

Similar documents
BIP39 MNEMONIC WORDS

How to Create Your Cryptocurrency Wallet and Add PumaPay Tokens

Regulating the Blockchain. An in-depth look at the most pressing legal issues facing these technologies.

Superwallet User Manual

Wallet Technology. Information Presentation

Wallet Cryptography 101. Steve Swing Substratum

Sampling Process in garment industry

Monochrome OLED Breakouts

Key Entry Information: Entries close Wednesday 10 August 2018 Entry Fee $35 inc GST

Table of Contents. 7/23/2018 Kohl's Department Stores 2

Circuit Playground Express Laser Tag

Adafruit MCP9808 Precision I2C Temperature Sensor Guide

Adafruit Si5351 Clock Generator Breakout

Adafruit TPL5110 Power Timer Breakout

The KWallet Handbook. George Staikos Lauri Watts Developer: George Staikos

Adafruit I2C FRAM Breakout

Computer Organization and Architecture, Pt. 1

Adafruit AM2320 Sensor

Home Security Begins at the Front Door

Adafruit Si7021 Temperature + Humidity Sensor

LICENSE AGREEMENT FOR MANAGEMENT 3.0 FACILITATORS

i2c/spi LCD Backpack Created by lady ada Last updated on :11:04 PM UTC

GPS Dog Collar. Created by Becky Stern. Last updated on :30:40 PM UTC

Adafruit Capacitive Touch Sensor Breakouts

HERMES. Quarterly information report as at the end of June 2016

Tips for proposers. Cécile Huet, PhD Deputy Head of Unit A1 Robotics & AI European Commission. Robotics Brokerage event 5 Dec Cécile Huet 1

imtokenwallet Manual If you have any question, please contact us via our telegram (

Celebrating the first annual SA Women in Energy Award

Open Call for Claims. $100,000 Cash Reserve Must Be Dispersed By Law. One or more claimant ID number(s) enclosed. Destroy at once if not responding.

OBIS Scientific Remote

amsterdam s leading businesses RITUALS MOOOI PHILIPS LIGHTING KLM & SCHIPHOL CURRENCE ENZA ZADEN VUMC FAIRPHONE FEADSHIP DUS ARCHITECTS

Adafruit DRV2605 Haptic Controller Breakout

the supple mind and its connection with life Mark Bedau Reed College

MCP Bit DAC Tutorial

The First Crypto-Currency For Printing. WHITE PAPER - LITE VERSION

Impacts of Multi-Fiber Arrangement Removal on Textile & Cotton Trade

Circuit Playground Digital Input

THE SOUL, THE COLOR, THE MATTER

THIRD ANNUAL HAIR COLOR COMPETITION 20 ANNIVERSARY EDITION

DIY Circuit Playground Shields

Adafruit PowerBoost 500 Shield

Adafruit TPL5111 Reset Enable Timer Breakout

Flora Wearable GPS. Created by Becky Stern. Last updated on :32:36 PM UTC

The Easter Parade in Early Iowa

Adafruit ATWINC1500 WiFi Breakout

Media Arts Fee Schedule. June 2018 Review

Adafruit Color Sensors

Bike Wheel POV Display

SOSCON Unity ML-Agents

What is econometrics? INTRODUCTION. Scope of Econometrics. Components of Econometrics

Naughty or Nice Machine

NeoPixie Dust Bag with Circuit Playground Express

Adafruit GPIO Expander Bonnet for Raspberry Pi Created by Kattni Rembor. Last updated on :12:47 PM UTC

December Rusk County Treasure Hunters Association * Henderson, Texas Member of Texas Association of Metal Detector Clubs (TAMDC)

RUNWAY PARTICIPATION FORM

Adafruit GPS Hat in Windows IoT Core

Home Security Begins at the Front Door

2017 Art Awards. Key Entry Information: Entries close Wednesday 9 August 2017 Entry Fee $35 inc GST. Artist Awards:

Adobe InDesign. Figure 1 Apply fill and stroke color to text by using the Swatches panel

Real beauty begins with safety shaving!

PROTECTIVE CLOTHING SELECTION EXPERIENCE MILLSTONE U-3 SPRING 2004 OUTAGE. K. Hajnal Dominion Nuclear Connecticut Rope Ferry Road, Waterford, CT 06385

Instruct on make-up application

Adafruit eink Display Breakouts

Adafruit WINC1500 WiFi Shield for Arduino

BARE + BEAUTY Save an EXTRA 15% -OR- 25% off purchases $75+ Save an EXTRA 15% off - OR - a n EXTRA 25% off $75+

The Higg Index 1.0 Index Overview Training

Opening: RED DOT ART FAIR Miami Dec. 5 9, 2018

Adafruit MMA8451 Accelerometer Breakout

Where and when. General Information. 1 P a g e

Category definition for the Awards period of February 2016 March 2017.

Adafruit MMA8451 Accelerometer Breakout

HERMES. Quarterly information report as at the end of December 2016

Smartchic. ios mobile app case study. Shanelle Roberts June 2016

UBT201M. Make-up applications T/615/0653. UBT201M_v1

little treasures 2019

Trellis 3D Printed Enclosure

Adafruit LIS3DH Triple-Axis Accelerometer Breakout

Sword & Wand Prop Effects with Circuit Playground

Collin's Lab: Solar. Created by Collin Cunningham. Last updated on :15:11 AM EDT

Introduction to StayClassy and Salesforce. Presented By:

Women s HOLIDAY CATALOG 2018 JEWELRY COLLECTION

Video Doorbell Pro 1

AEROPOSTALE Shine On, Scratch Off Visit an Aeropostale store for a chance to win a great prize!

HARRYS VS DOLLAR SHAVE CLUB FILE

YOUNG TALENTS Curated by

MCP Bit DAC Tutorial

Example-Based Hairstyle Advisor

BROOKS BROTHERS FACTORY STORE Going on now Men's Shirts

2463KIPLING Get Ready for Back to School! 20% Off when you buy a backpack and 2 accessories

XXIInd INTERNATIONAL BIENNIAL OF ARTISTIC CERAMICS CONTEMPORARY CREATION AND CERAMIC Vallauris July November 2012

ALASKA GROSS STATE PRODUCT

CRYPTOCURRENCY FOR THE FASHION COMMUNITY

Management Information Systems

Adafruit MMA8451 Accelerometer Breakout

Class of Esperanza Aztecs. Important Graduation Information Enclosed. Any Questions contact:

Please submit a quotation as per attached.

Frequently Asked Questions

Surgeon Peter Costantino is fighting cancer one patient at a time.

Heat Camera Comparing Versions 1, 2 and 4. Joshua Gutwill. April 2004

TABLE OF CONTENTS START AN EXCITING CAREER! CAREER POSSIBILITIES MAKEUP ARTISTRY TRAINING FOUNDATIONAL TRAINING SPECIALTY TRAINING ADVANCED TRAINING

Transcription:

BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik Security Researcher Twi$er: @DanielChechik Ben Hayak Security Researcher Twi$er: @BenHayak

What is Bitcoin Agenda Bitcoin Transac:ons Transac:on Malleability Vulnerability What Happened in MT.Gox Live Demo

WHAT IS BITCOIN?

Currently ~ $600

What is Bitcoin? Bitcoin is a payment system introduced as open- source sohware in 2009 by a developer known as Satoshi Nakamoto P2P network Trust is a result of data transparency Decentraliza:on No ins:tu:on is controlling your money/ coins. Anonymous Virtual currency.

What is a Block? Container of Transac:ons Chained to all other valid blocks and shared among all peers

The network data history Block Chain PreviousBlockHash Block Transac:ons Block Transac:ons Block Transac:ons PreviousBlockHash PreviousBlockHash

What is a Block? Bitcoin Blocks structure Field DescripJon Size Magic No Value Always 0xD9B4BEF9 4 bytes Blocksize Number of bytes following up to end of block 4 bytes Blockheader Consists of 6 items 80bytes Transac:on counter Posi:ve integer VI = VarInt 1-9 bytes Transac:ons The (non empty) list of <Transac:on counter>- many transac:ons transac:ons

What is a Block? Bitcoin Blocks structure Field DescripJon Size Magic No Value Always 0xD9B4BEF9 4 bytes Blocksize Number of bytes following up to end of block 4 bytes Blockheader Consists of 6 items 80bytes Transac:on counter Posi:ve integer VI = VarInt 1-9 bytes Transac:ons The (non empty) list of <Transac:on counter>- many transac:ons transac:ons

What is a Block? Bitcoin Blocks structure Field DescripJon Size Magic No Value Always 0xD9B4BEF9 4 bytes Blocksize Number of bytes following up to end of block 4 bytes Blockheader Consists of 6 items 80bytes Transac:on counter Posi:ve integer VI = VarInt 1-9 bytes Transac:ons The (non empty) list of <Transac:on counter>- many transac:ons transac:ons

Block Header Structure Field Purpose Updated when... Size (Bytes) Version Block version number You upgrade the sohware and it specifies a new version 4 hashprevblock 256- bit hash of the previous A new block comes in 32 hashmerkleroot Time 256- bit hash based on all of the transac:ons in the block Current :mestamp as seconds since 1970-01- 01T00:00 UTC A transac:on is accepted 32 Every few seconds 4 Bits Current target in compact format The difficulty is adjusted Nonce 32- bit number (starts at 0) A hash is tried increments) 4 4

What Is Mining?

What is Mining? Collect all Pending Transac:ons to memory Build a theore:c Block with the transac:ons Tx Tx Tx Memory Use compu:ng power to Solve your Blockhash Broadcast the block to the network Block Network

LET S SIMULATE MINING RIGHT NOW!

0x02000

AddiJonal Mining Goals Keep a steady network Record all coin data

What is Bitcoin - Summary Block container of transac:ons Block chain - record of all coin data from the beginning Block Solving a process used to keep the network steady and to generate blocks.

TRANSACTIONS

TransacJons 100 BTC Alice à Bob Broadcasted to network Confirmed (Block Solved) Collected by miners

TransacJons 100 MYC Alice à Bob Bob s Wallet

TransacJons 100 MYC Alice à Bob Broadcasted to network

TransacJons 100 MYC Alice à Bob Broadcasted to network Collected by miners

TransacJons 100 MYC Alice à Bob Broadcasted to network Confirmed (Block Solved) Collected by miners

TransacJons Jeff to Daniel Daniel to Ben

TransacJons Transac:ons are built from two main components Inputs Source of coins (Ref to Txout in block chain) Outputs Redeemer s Bitcoin address Amount

TransacJons Prove you have the coins (by including a reference) Include a Public Key of the recipient Sign the transac:on

TRANSACTION MALLEABILITY

P2P Lo[ery MessageID (sha256) Length From: Lo$ery Prize: You won a Car! Length To: Ben

P2P Lo[ery MessageID (sha256) Length From: Lo$ery Prize: You won a Car! Vaca:on Length To: Ben

P2P Lo[ery MessageID (sha256) Length From: Lo$ery Prize: You won a Car! Length To: Ben Signature (DER)

Standard TransacJon TxId (sha256*2) Length (1 Byte) ScriptSig Source of coins sender Amount Length ScriptPubkey

PushData Opcode TxId (sha256*2) PUSHDATA2 Length (2Bytes) ScriptSig Amount Length ScriptPubkey

Standard TransacJon TxId (sha256*2) 0x32 ScriptSig 40BTC 0x19 ScriptPubkey

Mutated TransacJon TxId (sha256*2) 0x4D 0x32 0x32 0x00 PUSHDATA2 ScriptSig 40BTC 0x19 ScriptPubkey 0x32 == 0x0032

Standard Vs Mutated TxId (sha256*2) TxId (sha256*2) Length (1 Byte) PUSHDATA2 Length 0x00 ScriptSig ScriptSig Amount Length Amount Length ScriptPubkey ScriptPubkey TxId = c6cfe6e4f129a34671d10c1bbe158eff05197d38872 7e331951b0ec2637c194e Mutated TxId = dc34efd49ed738bf4500db367292164166989cb1577302 6e9e185b78292bbc89

TransacJon Malleability Two different transac:ons Same amount of coins Same des:na:on and source Mutated wins and gets in a Block RACE!

Rejected TransacJons Invalid transac:on data Already spent out- point Iden:cal transac:ons Invalid signature

WHAT HAPPENED IN MT.GOX?

MT.Gox Announcement

30BTC - > A[acker s Wallet P2P Bitcoin Mt.Gox B330. 5088 A$acker s Wallet A$acker

30BTC - > A[acker s Wallet B330. 5088 P2P Bitcoin 0x30 ScriptSig Mt.Gox B330. 5088 30BTC 0x19 ScriptPubkey A$acker s Wallet A$acker

30BTC - > A[acker s Wallet P2P Bitcoin Mt.Gox B330. 5088 A$acker s Wallet B330. 5088 0x30 ScriptSig 30BTC 0x19 ScriptPubkey A$acker

30BTC - > A[acker s Wallet P2P Bitcoin Mt.Gox B330. 5088 A$acker s Wallet B330. 5088 C3a8.03f8 0x30 Mutated ScriptSig TransacJon 30BTC 0x19 Valid Signature ScriptPubkey A$acker

Mt.Gox 30BTC - > A[acker s Wallet B330. 5088 P2P Bitcoin 0x30 C3a8.03f8 Mutated TransacJon Valid Signature A$acker s Wallet A$acker

30BTC - > A[acker s Wallet P2P Bitcoin 30BTC - > A[acker s Wallet Mt.Gox B330. 5088 C3a8.03f8 A$acker s Wallet W A$acker

Unconfirmed Tx 30BTC - > A[acker s Wallet B330.5088 P2P Bitcoin 0x30 ScriptSig 30BTC - > A[acker s Wallet Mt.Gox B330. 5088 30BTC 0x19 ScriptPubkey C3a8.03f8 A$acker s Wallet W A$acker

30BTC - > A[acker s Wallet P2P Bitcoin 30BTC - > A[acker s Wallet Mt.Gox B330. 5088 Unconfirmed C3a8.03f8 A$acker s Wallet W Transac:on (B330. 5088) Failed?!? A$acker

30BTC - > A[acker s Wallet P2P Bitcoin 30BTC - > A[acker s Wallet Mt.Gox B330. 5088 Unconfirmed C3a8.03f8 A$acker s Wallet W Transac:on (B330. 5088) Failed?!? Generate Another TransacJon! A$acker

30BTC - > A[acker s Wallet P2P Bitcoin 30BTC - > A[acker s Wallet Mt.Gox B330. 5088 Unconfirmed C3a8.03f8 A$acker s Wallet W Transac:on (B330. 5088) Failed?!? Generate Another TransacJon! A$acker

30BTC - > A[acker s Wallet P2P Bitcoin 30BTC - > A[acker s Wallet Mt.Gox B330. 5088 Unconfirmed C3a8.03f8 A$acker s Wallet W Transac:on (B330. 5088) Failed?!? Generate Another TransacJon! A$acker

DEMO

MALLEABILITY FIX

TransacJon Malleability Fix

TransacJon Malleability Fix

Thank You! Daniel Chechik Daniel.chechik@gmail.com Ben Hayak - Ben.hayak@gmail.com BTC: 12qPtFhw9UPL8HvfSsSjvqxeFXp4hRiWym

References Github - h$ps://github.com/sipa/bitcoin/commit/87fe71e1fc810ee120a10063fdd26c3245686d54 Spiderlabs h$p://www.spiderlabs.com Bitcoin official document - h$ps://bitcoin.org/bitcoin.pdf Bitcoin Wiki - h$ps://en.bitcoin.it/wiki Bitcoin Transac:on Malleability Wiki - h$ps://en.bitcoin.it/wiki/transac:on_malleability Ken Shirriff - h$p://www.righto.com/2014/02/bitcoin- transac:on- malleability.html

2024 © fashiondocbox.com Privacy Policy | Terms of Service | Feedback