- MD5 Algorithm – Encryption - BitcoinWiki
- Cryptographic Hashing: A Complete Overview - Bitcoin News
- Hash Functions - NAKAMOTO
- Cryptographic essence of Bitcoin part # 1: What is a Hash ...
- Bitcoin Hash Functions: A Quick Cryptographic Hash Rundown

submitted by Floris-Jan to Cobo [link] [comments] https://preview.redd.it/5tef4jw4dyo31.png?width=679&format=png&auto=webp&s=fa9ebddb44e9097538a3ae81a8ed577b441ad690 As the value and visibility of cryptocurrencies continue to rise, the industry is gradually being exposed to increasingly sophisticated security issues. While institutional players typically have the resources and expertise to fortify their assets under multiple layers of defense, retail investors must take it upon themselves to learn about different types of attacks and determine how to mitigate these risks. To that end, we’ve compiled some of the most common yet devastating security risks below: **Traditional Web Infrastructure Attacks**
Even if a digital platform is generally well-constructed, the way it is tethered to the internet can still be exploited. Web hosts which expose network services to the Internet are relentlessly attacked, and multiple studies indicate that a publicly exposed host is typically discovered and attacked within minutes of being placed on the network. From there, malicious actors would be able to directly attack the exposed host and re-appropriate it for their ends. **Front-running Risks**
Front-running within the cryptocurrency space is particularly egregious, as there have been multiple cases where attackers use their funds to open a low position for a particular cryptocurrency while using funds stolen from a large exchange account to artificially inflate the currency price, pulling the compromised user up to the high position. As a result, the attacker’s positions are sold first, and the stolen user’s funds are then transferred to out of their account through the secondary market for a quick profit. These attacks were commonplace during the ICO craze due to the overwhelming public interest in the potential windfall ICOs insinuated, with little attention paid to the dangers imposed by such attacks. Furthermore, few cryptocurrency exchanges are willing to proactively announce these attacks due to the reputational damage it could incur. **Phishing Attacks**
In these cases, anonymous groups were able to identify key individuals with access credentials to multiple databases or servers, then implement a coordinated, high-precision phishing attack to acquire those credentials. As a result, the damage resulting from phishing attacks oftentimes extends beyond the initial victim, reverberating negatively throughout an entire system. **Collision Attacks**
Even without a full user password, more tech-savvy attackers are also able to exploit hash function collisions to bypass protocols such as MD5 and SHA-1, which are widely used to build authentication and integrity mechanisms in cryptographic protocols. **Temporary Network Hijacking**
To date, network hijacking malware has been found in everything from government servers in North America to an operational technology network controlling water utilities across Europe. While within the context of crypto, these attacks have only involved relatively benign crypto-mining malware, coupled with more disruptive cyberterrorism tactics which are capable of shutting down large-scale national targets. The effects of a temporary network hijacking could severely compromise the entire internet architecture upon which the bourgeoning crypto ecosystem relies on. As crypto assets take up an increasingly large portion of many investors’ portfolio, there is also an increasing need to understand the underlying principles of the blockchain and appreciate the importance of private keys. Every crypto investor needs to take digital asset protection very seriously, and at Cobo, our central motivation is to support secure and streamlined blockchain development and make it easier to own and utilize the crypto tokens of your choice. To this end, Cobo Wallet’s Hardware Security Module technology ensures that the vast majority of our user assets are stored in a fully offline, globally distributed system, and are further protected by multiple software layer protocols and a multi-signature mechanism which prevents funds from getting lost due to a single point of failure. Cybercrime will continue to evolve in tandem with the cryptocurrency sector and industry digitization, and many online exchanges and even hardware custodial solutions are not equipped to repel the full spectrum of approaches and tools malicious actors can implement. As you take steps to safeguard your digital assets, it is imperative that you thoroughly research your crypto custodianship options, avoid making purchases from third-party distributors, and ensure that your wallet’s security mechanisms are pressure-tested against the worst possible scenarios. |

https://preview.redd.it/pl9ytli1smd11.jpg?width=900&format=pjpg&auto=webp&s=afd90001218bb19c252f927ef2e292cb788c9a9d submitted by intervalue to u/intervalue [link] [comments] InterValue aims to provide a global value Internet infrastructure. In response to deal with various problems that existing in the present blockchain infrastructure, InterValue optimizes the protocol and mechanism of blockchain technology at all levels, which can achieve the support agreement of value transmission network. At present, the InterValue 2.0 testnet has been released, we designed and implemented a new HashNet consensus mechanism. Transaction speed within one single shard exceeds 280,000 TPS and 4 million TPS for the whole network. Security (anti-quantum attack characteristics) is undoubtedly the highlight of InterValue under the goal of establishing a low-level infrastructure for the whole field of ecology. What is the quantum attack?Quantum computing is a new way of building computers—using the quantum properties of particles to perform operations on data, it is probably the same way as traditional computers. In some cases, the amount of algorithmic acceleration is unusual. It is this characteristics that makes some difficult problems that exist in the electronic computer environment become easy to calculate in the quantum computer. This superior computing power of quantum computers has influenced the security of existing public key cryptography which based on computational complexity. This is the quantum attack. What does anti-quantum attack mean?Algorithms have always been the underlying core of blockchain technology. Most of the current algorithms are unable to withstand quantum attacks. It means that all the information of the user will be exposed to the quantum computer. If you have an anti-quantum attack algorithm, it means that the personal information is safe, at least with current technology, it cannot be cracked. Anti-quantum attack algorithms mean security. The impact of quantum attacks on digital currencies is devastating. Quantum attacks directly disrupt existing information security systems. Quantum attacks will expose the assets in the digital industry, including the benefits of mining; the keys to your wallet will be cracked and the wallet will no longer be secure. Totally, the existing security system will be disintegrated. Therefore, it is imperative to develop anti-quantum attack algorithms in advance. It is a necessary technical means to firmly protect the privacy of users. InterValue uses a new anti-quantum attack cryptographic algorithm at the anti-quantum attack level. By replacing the ECDSA signature algorithm with the NTRUsign signature algorithm that based on the integer lattice, and replacing the existing SHA series algorithm with the Keccak-512 hash algorithm, the speed, and threats of the rapid quantum computation decrease. Adopt NTRUsign digital signature algorithmCurrent ECDSA signature algorithmThe current blockchain mainly uses the ECDSA digital signature algorithm based on elliptic curve. The signature algorithm: First, the public-private key pair needs to be generated, the private key user keeps it, the public key can be distributed to other people; secondly, the private key pair can be used and a specific message is signed; finally, the party that owns the signature public key is able to verify the signature. ECDSA has the advantages of small system parameters, fast processing speed, small key size, strong anti-attack and low bandwidth requirements. However, the quantum computer can implement a very efficient SHOR attack algorithm by ECDSA signature algorithm, and the ECDSA signature algorithm cannot resist the quantum attack. Adopt new NTRUsign-251 signature algorithmAt present, the public key cryptosystem against quantum SHOR algorithm attacks mainly includes public key cryptography that based on lattice theory, code-based public key system represented by McEliece public key cryptosystem and multivariate polynomial represented by MQ public key cryptography. The security of McEliece public key cryptosystem is based on the error correction code problem, which is strong in security but low in computational efficiency. The MQ public key cryptosystem, that is, the multivariate quadratic polynomial public key cryptosystem, based on the intractability of the multivariate quadratic polynomial equations on the finite field, has obvious disadvantages in terms of security. In contrast, the public key encryption system based on lattice theory is simple, fast, and takes up less storage space. InterValue uses the signature algorithm based on the lattice theory NTRUSign-251. The specific implementation process of the algorithm is as follows: https://preview.redd.it/uzuqi589smd11.png?width=762&format=png&auto=webp&s=29670c99027fdcebadca64730ef2e3862f960192 It has been proved that the security of the NTRUSign-251 signature algorithm is ultimately equivalent to finding the shortest vector problem in a 502-dimensional integer lattice, but the SHOR attack algorithm for the shortest vector problem in the lattice is invalid, and there is no other fast solutions under the quantum computer. The best heuristic algorithm is also exponential, and the time complexity of attacking NTRUSign-251 signature algorithm is about 2168. Therefore, InterValue uses NTRUSign-251 algorithm that can resist SHOR algorithm attack under quantum computing. Adopt Keccak512 hash algorithmThe common anti-quantum hash algorithmThe most effective attack methods for hash algorithm under quantum computer is GROVER algorithm, which can reduce the attack complexity of Hash algorithm from O (2^n) to O (2^n/2). Therefore, the current bit adopts the Hash algorithm PIREMD160 whose output length is only 160 bits, under this circumstance, quantum attacks algorithm used in the currency system is not safe. An effective way of resisting quantum attacks is to reduce the threat of the GROVER algorithm by increasing the output length of the Hash algorithm. It is generally believed that the Hash algorithm can effectively resist quantum attacks as long as the output length of the hash algorithm is not less than 256 bits. In addition to the threat of quantum attacks, a series of hash functions that are widely used in practice, such as MD4, MD5, SHA-1, and HAVAL, are attacked by traditional methods such as differential analysis, modulo difference, and message modification methods. Therefore, blockchains’ Hash algorithm also needs to consider the resistance of traditional attacks. Winning the hash algorithm Keccak512Early blockchain projects such as Bitcoin, Litecoin, and Ethereum used SHA series Hashing algorithms that exist design flaws (but not fatal). Recently, new blockchain projects have been adopted by the National Institute of Standards and Technology. The SHA-3 plan series algorithm is a new Hash algorithm. InterValue adopts the SHA-3 plan's winning algorithm Keccak512, which contains many latest design concepts and ideas of hash function and cryptographic algorithm. It is simple in design, which is convenient for hardware implementation. The algorithm was submitted by Guido Bertoni, Joan Daemen, Michael Peters, and Giles Van Assche in October 2008. The Keccak512 algorithm uses a standard sponge structure that maps input bits of arbitrary length into fixed-length output bits. The speed is fast, with an average speed of 12.5 cycles per byte under the Intel Core 2 processor. https://preview.redd.it/zwfzybeasmd11.jpg?width=724&format=pjpg&auto=webp&s=e0710e7fb1f80b7aa6517a296e2cadd6a51bd4c8 As shown in the figure, in the absorption phase of the sponge structure, each message packet is XORed with the r bits inside the state, and then encapsulated into 1600 bits of data together with the fixed c bits to perform the round function f processing, and then into the squeeze. In the extrusion phase, a hash of n-bit fixed output length can be generated by iterating 24 cycles. Each loop R has only the last step round constant, but the round constant is often ignored in collision attacks. The algorithm proved to have good differential properties, and until now third-party cryptanalysis did not show that Keccak512 has security weaknesses. The first type of original image attack complexity for the Keccak512 algorithm under quantum computer is 2^256, and the second type of original image attack complexity for the Keccak512 algorithm is 2^128, so InterValue combined with the Keccak512 algorithm can resist the GROVER algorithm attack under quantum computing. Written in the endQuantum computing has gone through 40 years from the theory to practice. From the emergence to the present, it has entered the stage of quantitative change to qualitative change in technology accumulation, business environment, and performance improvement. For the blockchain, the most deadly part is not investor's doubt, but the accelerated development of quantum computers. In the future, quantum computers are most likely to subvert the traditional technical route of classical computing and have a larger field of development. We are sympathetic to its destructive power to the existing blockchain, and we look forward to helping the entire blockchain industry to shape a new ecosystem. On the occasion of entering the new "quantum era, trusting society", the InterValue team believes that only by fully understanding the essence of quantum cryptography (quantum communication) and anti-quantum cryptography, can we calmly stand on a high level and arrange the outline. |

https://preview.redd.it/50gpnoe1wdl11.jpg?width=900&format=pjpg&auto=webp&s=c636ddc4a1c49658cba067084009e557a113b8a8 submitted by intervalue to InterValue [link] [comments] InterValue aims to provide a global value Internet infrastructure. In response to deal with various problems that existing in the present blockchain infrastructure, InterValue optimizes the protocol and mechanism of blockchain technology at all levels, which can achieve the support agreement of value transmission network. At present, the InterValue 2.0 testnet has been released, we designed and implemented a new HashNet consensus mechanism. Transaction speed within one single shard exceeds 280,000 TPS and 4 million TPS for the whole network. Security (anti-quantum attack characteristics) is undoubtedly the highlight of InterValue under the goal of establishing a low-level infrastructure for the whole field of ecology. What is the quantum attack?Quantum computing is a new way of building computers—using the quantum properties of particles to perform operations on data, it is probably the same way as traditional computers. In some cases, the amount of algorithmic acceleration is unusual. It is this characteristics that makes some difficult problems that exist in the electronic computer environment become easy to calculate in the quantum computer. This superior computing power of quantum computers has influenced the security of existing public key cryptography which based on computational complexity. This is the quantum attack. What does anti-quantum attack mean?Algorithms have always been the underlying core of blockchain technology. Most of the current algorithms are unable to withstand quantum attacks. It means that all the information of the user will be exposed to the quantum computer. If you have an anti-quantum attack algorithm, it means that the personal information is safe, at least with current technology, it cannot be cracked. Anti-quantum attack algorithms mean security. The impact of quantum attacks on digital currencies is devastating. Quantum attacks directly disrupt existing information security systems. Quantum attacks will expose the assets in the digital industry, including the benefits of mining; the keys to your wallet will be cracked and the wallet will no longer be secure. Totally, the existing security system will be disintegrated. Therefore, it is imperative to develop anti-quantum attack algorithms in advance. It is a necessary technical means to firmly protect the privacy of users. InterValue uses a new anti-quantum attack cryptographic algorithm at the anti-quantum attack level. By replacing the ECDSA signature algorithm with the NTRUsign signature algorithm that based on the integer lattice, and replacing the existing SHA series algorithm with the Keccak-512 hash algorithm, the speed, and threats of the rapid quantum computation decrease. Adopt NTRUsign digital signature algorithmCurrent ECDSA signature algorithmThe current blockchain mainly uses the ECDSA digital signature algorithm based on elliptic curve. The signature algorithm: First, the public-private key pair needs to be generated, the private key user keeps it, the public key can be distributed to other people; secondly, the private key pair can be used and a specific message is signed; finally, the party that owns the signature public key is able to verify the signature. ECDSA has the advantages of small system parameters, fast processing speed, small key size, strong anti-attack and low bandwidth requirements. However, the quantum computer can implement a very efficient SHOR attack algorithm by ECDSA signature algorithm, and the ECDSA signature algorithm cannot resist the quantum attack. Adopt new NTRUsign-251 signature algorithmAt present, the public key cryptosystem against quantum SHOR algorithm attacks mainly includes public key cryptography that based on lattice theory, code-based public key system represented by McEliece public key cryptosystem and multivariate polynomial represented by MQ public key cryptography. The security of McEliece public key cryptosystem is based on the error correction code problem, which is strong in security but low in computational efficiency. The MQ public key cryptosystem, that is, the multivariate quadratic polynomial public key cryptosystem, based on the intractability of the multivariate quadratic polynomial equations on the finite field, has obvious disadvantages in terms of security. In contrast, the public key encryption system based on lattice theory is simple, fast, and takes up less storage space. InterValue uses the signature algorithm based on the lattice theory NTRUSign-251. The specific implementation process of the algorithm is as follows: https://preview.redd.it/byyzx8k3wdl11.png?width=762&format=png&auto=webp&s=d454123cabbe730271b66362a55e17b861ad50b4 It has been proved that the security of the NTRUSign-251 signature algorithm is ultimately equivalent to finding the shortest vector problem in a 502-dimensional integer lattice, but the SHOR attack algorithm for the shortest vector problem in the lattice is invalid, and there is no other fast solutions under the quantum computer. The best heuristic algorithm is also exponential, and the time complexity of attacking NTRUSign-251 signature algorithm is about 2168. Therefore, InterValue uses NTRUSign-251 algorithm that can resist SHOR algorithm attack under quantum computing. Adopt Keccak512 hash algorithmThe common anti-quantum hash algorithmThe most effective attack methods for hash algorithm under quantum computer is GROVER algorithm, which can reduce the attack complexity of Hash algorithm from O (2^n) to O (2^n/2). Therefore, the current bit adopts the Hash algorithm PIREMD160 whose output length is only 160 bits, under this circumstance, quantum attacks algorithm used in the currency system is not safe. An effective way of resisting quantum attacks is to reduce the threat of the GROVER algorithm by increasing the output length of the Hash algorithm. It is generally believed that the Hash algorithm can effectively resist quantum attacks as long as the output length of the hash algorithm is not less than 256 bits. In addition to the threat of quantum attacks, a series of hash functions that are widely used in practice, such as MD4, MD5, SHA-1, and HAVAL, are attacked by traditional methods such as differential analysis, modulo difference, and message modification methods. Therefore, blockchains’ Hash algorithm also needs to consider the resistance of traditional attacks. Winning the hash algorithm Keccak512Early blockchain projects such as Bitcoin, Litecoin, and Ethereum used SHA series Hashing algorithms that exist design flaws (but not fatal). Recently, new blockchain projects have been adopted by the National Institute of Standards and Technology. The SHA-3 plan series algorithm is a new Hash algorithm. InterValue adopts the SHA-3 plan's winning algorithm Keccak512, which contains many latest design concepts and ideas of hash function and cryptographic algorithm. It is simple in design, which is convenient for hardware implementation. The algorithm was submitted by Guido Bertoni, Joan Daemen, Michael Peters, and Giles Van Assche in October 2008. The Keccak512 algorithm uses a standard sponge structure that maps input bits of arbitrary length into fixed-length output bits. The speed is fast, with an average speed of 12.5 cycles per byte under the Intel Core 2 processor. https://preview.redd.it/z0nnrjp4wdl11.jpg?width=724&format=pjpg&auto=webp&s=bef29aafeb1ef74b21bacb6db3f07987bf0a7ba5 As shown in the figure, in the absorption phase of the sponge structure, each message packet is XORed with the r bits inside the state, and then encapsulated into 1600 bits of data together with the fixed c bits to perform the round function f processing, and then into the squeeze. In the extrusion phase, a hash of n-bit fixed output length can be generated by iterating 24 cycles. Each loop R has only the last step round constant, but the round constant is often ignored in collision attacks. The algorithm proved to have good differential properties, and until now third-party cryptanalysis did not show that Keccak512 has security weaknesses. The first type of original image attack complexity for the Keccak512 algorithm under quantum computer is 2^256, and the second type of original image attack complexity for the Keccak512 algorithm is 2^128, so InterValue combined with the Keccak512 algorithm can resist the GROVER algorithm attack under quantum computing. Written in the endQuantum computing has gone through 40 years from the theory to practice. From the emergence to the present, it has entered the stage of quantitative change to qualitative change in technology accumulation, business environment, and performance improvement. For the blockchain, the most deadly part is not investor's doubt, but the accelerated development of quantum computers. In the future, quantum computers are most likely to subvert the traditional technical route of classical computing and have a larger field of development. We are sympathetic to its destructive power to the existing blockchain, and we look forward to helping the entire blockchain industry to shape a new ecosystem. On the occasion of entering the new "quantum era, trusting society", the InterValue team believes that only by fully understanding the essence of quantum cryptography (quantum communication) and anti-quantum cryptography, can we calmly stand on a high level and arrange the outline. |

'''

1 Basic knowledge of cryptography 1.1 Basic knowledge of elliptic curves 1.1.1Elliptic curve profile Let denote a finite domain, an elliptic curve defined in it, actually this curve represented as a set of points, defines an operation on elliptic curve, and two points on the elliptic curve, a + = for the two point addition operation. The intersection of the line and the curve represented by the point, and the point on the elliptic curve of the symmetry. At this point, when = when, the intersection of the tangent and the curve is represented as the point on the axis of the elliptic curve. Thus, the Abel group is formed on the finite field (+ +), and the addition unit element is. 1.1.2 Signature algorithm Defines an elliptic curve called [()) and its base point, which is the order. For the curve @ (), make a public key pair, in which the private key is the public key and can be made public. Step1: first, using Hash function to calculate the plaintext message, the Hash function algorithm used MD5 algorithm or SHA-1 algorithm can calculate the plaintext message value = (Step2); then in the interval [1, and the private key a random integer as the signature of a range of 1]; Step3: calculation a public key =;Step4: = = K, where K is the abscissa of the public key and, if = 0, returns to Step2; Step5: = = Q/ (+), which is the private key of the sender A, and if = 0, returns to Step2; Step6: the sender A transmits the message signature (to) to the receiver B. The receiver receives the message signature (B,), the specific verification process to sign the message as follows: Step1: firstly, message signature and verification, i.e. whether it is in the interval [1, N1] positive integer range, if the signature does not comply with the signature of the message, that message signature received (,) is not a valid legal signature; Step2: according to the signature public key of the sender A, the sender A and the receiver B have the same Hash function digest value, and the digest value of the signed message is calculated (=); Step3: calculates the parameter value = Q/; Step4: calculates the parameter value = = Step5: calculates the parameter value = = Step6: calculates the parameter value = +; Step7: if = 0, the receiver B may deny the signature. Otherwise, calculate '= K', where K is the parameter A horizontal coordinate; a signature. The digital signature based on ECC, partly because this scheme can avoid the order operation in the inverse operation, so it is better than the signature scheme based on discrete logarithm algorithm should be simple; on the other hand it is because the calculation of the plaintext message () (,) than the calculation simple, so its speed Schnorr digital signature scheme is faster than. Therefore, the digital signature scheme based on elliptic curve cryptography has good application advantages in resisting attack security strength, key length, computation speed, computation cost and bandwidth requirement. 1.2 Threshold key sharing technology 1.2.1 Shamir Threshold key sharing concept Threshold key sharing technology solves the key security management problem. The design of modern cryptography system is that depends on the security of cryptosystem in the cryptographic key leakage means the lost security system, so the key management plays an important role in the research and design of security in cryptography. Especially when multiple stakeholders manage an account, the key of the account is trusted, and it is very difficult to distribute it safely to multi-party participants. To solve this problem, the Israeli cryptographer Shamir proposed Shamir (,) the concept of threshold secret sharing: the key is divided into portions assigned to participants, each participant to grasp a key share, only collect more than key share, can the key recovery. 1.2.2 Linear secret sharing mechanism Linear secret sharing is the generalization of Shamir threshold key sharing. Its essence is that both the primary key space, the sub key space and the random input set are linear spaces, and the key reconstruction function is linear. The formal definition is as follows: let be a finite domain, PI is a key access structure sharing system, is the main key space. We say that Pi is a linear key sharing system, if the following conditions are met: 1) sub key is linear space, namely for, constant B, the sub key space B cd. Remember - B, e (,) as the components of B CD vector space is received, this component is dependent on the primary key and the random number 2) each authorization set may obtain the master key by means of a linear combination of sub keys, that is, for any one delegate The right to set in, constant {b, e:, B, less than 1 and less than or equal to b}, such that for any master key and random number, All = KD and l /jejcd B, e, B (E, II). 1.2.3 Shamir Polynomial interpolation threshold secret sharing scheme Shamir combines the characteristics of polynomials over finite fields and the theory of Lagrange's reconstructed polynomial, designs a threshold key management scheme based on Lagrange interpolation polynomial, and the scheme is as follows 1.3 Secure multi-party computation 1.3.1 The background of secure multiparty computation With the rapid development of Internet, more and more applications require cooperative computing among network users. But because of privacy protection and data security considerations, the user does not want to participate in collaborative computing and other users to calculate data sharing, this problem leads to collaborative computing cannot be performed, which leads to efficient use and share some of the scenarios can not be difficult to achieve the cyber source. Secure multi-party computation (secure multi-party computation) makes this problem easy to solve, and it provides a theoretical basis for solving the contradiction between data privacy protection and collaborative computing. Secure multi-party computation is the theoretical foundation of distributed cryptography, and also a basic problem of distributed computing. Secure multi-party computation means that in a non trusted multi-user network, two or more users can cooperate with each other to execute a computing task without leaking their private input information. In brief, secure multi-party computation refers to a set of people, such as /...... Q, computing functions together safely,...... , q = (/),...... (Q). Where the input of this function is held by the participant secretly, the secret input of B is B, and after the calculation, B gets the output B. Here is the safety requirements of cheating participants even in some cases, to ensure the correctness of the calculated results, which is calculated after the end of each honest participant B can get the correct output of B, but also requires each participant to ensure confidentiality of input, namely each participant B (B, b) in addition. Don't get any other information. Secure multi-party computation has been rich in theoretical results and powerful tools. Although its practical application is still in its infancy, it will eventually become an indispensable part of computer security. 1.3.2 Classification of secure multiparty computation protocols At present, secure multi-party computation protocols can be divided into four categories according to the different implementations: L secure multi-party computation protocol based on VSS sub protocol Most of the existing secure multi-party computation protocols adopt verifiable key sharing VSS (Verifiable Secret) (Sharing) the sub protocol is the basis of protocol construction, which is suitable for computing functions on any finite field. The finite field of arbitrary function can be expressed as the domain definition of addition and multiplication of the directed graph, so long as can secure computing addition and multiplication, we can calculate each addition and multiplication to calculate any function over finite fields. L secure multi-party computation protocol based on Mix-Match The secure multi-party computation protocol based on VSS sub protocol can compute arbitrary functions, but it can not efficiently calculate Boolean functions. Therefore, another secure multi-party protocol called Mix-Match is proposed. The basic idea of this protocol is that participants use secret sharing schemes to share the system's private key, and the system's public key is open. During the protocol, the participants randomly encrypt their own input public key y, then publish their own encryption results, and finally make all participants gain common output through Mix-Match. L secure multi-party computation protocol based on OT OT based secure multi-party computation protocol for computing arbitrary bit functions. It implements with "OT sub Protocol" and (and), or (or) "," (not) "three basic operations, then the arbitrary bit operation function is decomposed into a combination of three basic operations, finally by using iterative method to calculate the bit operation function. L secure multi-party computation based on homomorphic encryption Homomorphic encryption, secure multi-party computation can resist active attacks based on it is the idea of the selected atom is calculated, the calculation can be decomposed into a sequence of atomic computing allows arbitrary function and atomic calculation of input and output using homomorphic encryption, to get the final results in the encrypted state, only a specific set of participants will be able to the calculation results decrypted plaintext. 1.4 Introduction to ring signature In 2001, Rivest et al proposed a new signature technique, called Ring Signature, in the context of how to reveal the secret anonymously. Ring signature can be regarded as a kind of special group signature (Group Signature), because the establishment process need the trusted center and security group signature, often there are loopholes in the protection of anonymous (signer is traceable to the trusted center), group signature and ring signature in the foundation process in addition to the establishment of a trusted center and security. For the verifier, the signer is completely anonymous, so ring signature is more practical. Since the self ring signature was proposed, a large number of scholars have discovered its important value, such as elliptic curve, threshold and other ring signatures Volume design and development can be divided into four categories: 1. threshold ring signature 2. associated ring signature 3. revocable anonymous ring signature 4. deniable ring signature for block chain contract intelligent token transactions privacy, we use a linkable ring signature, in order to achieve privacy and prevent double problem. 2 A secure account generation scheme based on secure multi-party computation and threshold key sharing 2.1 Basic operations of secure multi-party computation The addition and multiplication, inverse element into three basic operations on the finite field, any computation can be decomposed into a sequence of the finite field addition and multiplication, inverse element, so long as to complete the three basic operations of multi-party computation, so the calculation process can be arbitrary finite domains through multi-party computation the basic operation to iterate the agreement. In this paper, we introduce a secure multi-party computation algorithm for finite fields based on secret sharing scheme based on Lagrange interpolation polynomial. 2.1.1 Addition In the secret sharing scheme based on Lagrange interpolation polynomial, the need to identify a polynomial, a shared secret is the constant term of this polynomial, and the secret share was value of this polynomial at a certain point. It is possible to set and share two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. In order to get the secret share of secret +, the participant B needs to construct a polynomial so that the constant of the polynomial is +, and B can be calculated. The construction process is as follows: B and B share a secret dreams and secrets, and the corresponding polynomial for W and X L = w + W / +. + W, oQ/oQ/ = {x + / +, +. X, oQ/oQ/ Might as well define = w + x = = w + x = B + B It was - 1 polynomial, and the constant term is +, for this polynomial in value * b = as + secret secret share Secure multi-party computation algorithm obtained by adding the above construction process: Addition of multi-party computation algorithms: secret, secret share, B, B output: Secret + secret share B 1)B = B + B 2.1.2 multiplication Set up two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. If the participants directly in the local computing B and B share a secret product, although the calculation after sharing secret is the constant term polynomials, but the degree of the polynomial is 2 (- 1), so the need to reduce the number of polynomial. The W and X share the secret share of the participant B, and the product of W and X is: Wx = w = x + / +. + (oQ/), (oQ/) Wx x = w, 1 = 1 + 1 = 2. Represented by matrices: - 1 When the upper coefficient matrix is written, it is obviously a nonsingular matrix, and the inverse matrix is denoted as Q/, which is a constant Number matrix. Remember (/, - - -, oQ/) is the first line of the matrix Q/, there are: /wx = 1 + - + - - oQ/wx, 2 - 1 Each participant randomly selected 2 - 1 - 1 - - - / polynomial, and, oQ/, to meet the requirements of B 0 = wx. Definition = "B, oQ/ Obviously: OQ/. 0 = b b 0 = /wx 1 + - - - 2 - 1 = oQ/wx +. B OQ/. = b b B Therefore, the secret is to share the secret and share the secret. A multi-party computation algorithm for multiplication 2.1.3 yuan inverse Set the secret of sharing, the corresponding polynomial is w, and the secret share of participant B is b = W. One yuan Inversion is refers to the participants by B B secret share calculation Q/ w (c) a secret share, but in the process of calculation Can not disclose, Q/ and secret share of the two. The calculation is as follows: Participant B selects the random number B, and selects the random polynomial B () to compute its secret share be = B () to the participant E. To accept all the secret share, e n = Q. Thus all participants share the same random number David - +q + = / s.. Using the multiplicative multi-party computation algorithm, the secret obtained by the secret share is calculated Share w, and sent to the other participants, so it can be recovered by using the Lagrange interpolation, we may assume that = . It is clear that the W - a Q/ C = n, i.e. Q/'s Secret share. 2.2 lock account generation scenarios The lock account generation scheme is an improvement on threshold key management scheme based on Lagrange interpolation polynomial. Its basic idea is that through the threshold secret sharing, all the authentication nodes generate a lock account in a centralized way, and each verification node has a share of the lock private key. This ensures that the lock account private key is distributed in the entire network in the form of the private key share, so it can be centralized management. 2.3 lock account signature scheme The lock account signature algorithm uses the ECDSA signature algorithm, because it is the current block chain project's mainstream signature algorithm, this choice can improve the system compatibility. In a locked account signature generation process, different from the original ECDSA signature algorithm, the private key and the random number to account is in the form of multi-party computation involved in ECDSA signature process; lock account signature verification process with the original ECDSA signature verification algorithm. Therefore, only the lock account signature generation process is described

'''

klcchain

Go1dfish undelete link

unreddit undelete link

Author: klcchain

submitted by removalbot to removalbot [link] [comments]
1 Basic knowledge of cryptography 1.1 Basic knowledge of elliptic curves 1.1.1Elliptic curve profile Let denote a finite domain, an elliptic curve defined in it, actually this curve represented as a set of points, defines an operation on elliptic curve, and two points on the elliptic curve, a + = for the two point addition operation. The intersection of the line and the curve represented by the point, and the point on the elliptic curve of the symmetry. At this point, when = when, the intersection of the tangent and the curve is represented as the point on the axis of the elliptic curve. Thus, the Abel group is formed on the finite field (+ +), and the addition unit element is. 1.1.2 Signature algorithm Defines an elliptic curve called [()) and its base point, which is the order. For the curve @ (), make a public key pair, in which the private key is the public key and can be made public. Step1: first, using Hash function to calculate the plaintext message, the Hash function algorithm used MD5 algorithm or SHA-1 algorithm can calculate the plaintext message value = (Step2); then in the interval [1, and the private key a random integer as the signature of a range of 1]; Step3: calculation a public key =;Step4: = = K, where K is the abscissa of the public key and, if = 0, returns to Step2; Step5: = = Q/ (+), which is the private key of the sender A, and if = 0, returns to Step2; Step6: the sender A transmits the message signature (to) to the receiver B. The receiver receives the message signature (B,), the specific verification process to sign the message as follows: Step1: firstly, message signature and verification, i.e. whether it is in the interval [1, N1] positive integer range, if the signature does not comply with the signature of the message, that message signature received (,) is not a valid legal signature; Step2: according to the signature public key of the sender A, the sender A and the receiver B have the same Hash function digest value, and the digest value of the signed message is calculated (=); Step3: calculates the parameter value = Q/; Step4: calculates the parameter value = = Step5: calculates the parameter value = = Step6: calculates the parameter value = +; Step7: if = 0, the receiver B may deny the signature. Otherwise, calculate '= K', where K is the parameter A horizontal coordinate; a signature. The digital signature based on ECC, partly because this scheme can avoid the order operation in the inverse operation, so it is better than the signature scheme based on discrete logarithm algorithm should be simple; on the other hand it is because the calculation of the plaintext message () (,) than the calculation simple, so its speed Schnorr digital signature scheme is faster than. Therefore, the digital signature scheme based on elliptic curve cryptography has good application advantages in resisting attack security strength, key length, computation speed, computation cost and bandwidth requirement. 1.2 Threshold key sharing technology 1.2.1 Shamir Threshold key sharing concept Threshold key sharing technology solves the key security management problem. The design of modern cryptography system is that depends on the security of cryptosystem in the cryptographic key leakage means the lost security system, so the key management plays an important role in the research and design of security in cryptography. Especially when multiple stakeholders manage an account, the key of the account is trusted, and it is very difficult to distribute it safely to multi-party participants. To solve this problem, the Israeli cryptographer Shamir proposed Shamir (,) the concept of threshold secret sharing: the key is divided into portions assigned to participants, each participant to grasp a key share, only collect more than key share, can the key recovery. 1.2.2 Linear secret sharing mechanism Linear secret sharing is the generalization of Shamir threshold key sharing. Its essence is that both the primary key space, the sub key space and the random input set are linear spaces, and the key reconstruction function is linear. The formal definition is as follows: let be a finite domain, PI is a key access structure sharing system, is the main key space. We say that Pi is a linear key sharing system, if the following conditions are met: 1) sub key is linear space, namely for, constant B, the sub key space B cd. Remember - B, e (,) as the components of B CD vector space is received, this component is dependent on the primary key and the random number 2) each authorization set may obtain the master key by means of a linear combination of sub keys, that is, for any one delegate The right to set in, constant {b, e:, B, less than 1 and less than or equal to b}, such that for any master key and random number, All = KD and l /jejcd B, e, B (E, II). 1.2.3 Shamir Polynomial interpolation threshold secret sharing scheme Shamir combines the characteristics of polynomials over finite fields and the theory of Lagrange's reconstructed polynomial, designs a threshold key management scheme based on Lagrange interpolation polynomial, and the scheme is as follows 1.3 Secure multi-party computation 1.3.1 The background of secure multiparty computation With the rapid development of Internet, more and more applications require cooperative computing among network users. But because of privacy protection and data security considerations, the user does not want to participate in collaborative computing and other users to calculate data sharing, this problem leads to collaborative computing cannot be performed, which leads to efficient use and share some of the scenarios can not be difficult to achieve the cyber source. Secure multi-party computation (secure multi-party computation) makes this problem easy to solve, and it provides a theoretical basis for solving the contradiction between data privacy protection and collaborative computing. Secure multi-party computation is the theoretical foundation of distributed cryptography, and also a basic problem of distributed computing. Secure multi-party computation means that in a non trusted multi-user network, two or more users can cooperate with each other to execute a computing task without leaking their private input information. In brief, secure multi-party computation refers to a set of people, such as /...... Q, computing functions together safely,...... , q = (/),...... (Q). Where the input of this function is held by the participant secretly, the secret input of B is B, and after the calculation, B gets the output B. Here is the safety requirements of cheating participants even in some cases, to ensure the correctness of the calculated results, which is calculated after the end of each honest participant B can get the correct output of B, but also requires each participant to ensure confidentiality of input, namely each participant B (B, b) in addition. Don't get any other information. Secure multi-party computation has been rich in theoretical results and powerful tools. Although its practical application is still in its infancy, it will eventually become an indispensable part of computer security. 1.3.2 Classification of secure multiparty computation protocols At present, secure multi-party computation protocols can be divided into four categories according to the different implementations: L secure multi-party computation protocol based on VSS sub protocol Most of the existing secure multi-party computation protocols adopt verifiable key sharing VSS (Verifiable Secret) (Sharing) the sub protocol is the basis of protocol construction, which is suitable for computing functions on any finite field. The finite field of arbitrary function can be expressed as the domain definition of addition and multiplication of the directed graph, so long as can secure computing addition and multiplication, we can calculate each addition and multiplication to calculate any function over finite fields. L secure multi-party computation protocol based on Mix-Match The secure multi-party computation protocol based on VSS sub protocol can compute arbitrary functions, but it can not efficiently calculate Boolean functions. Therefore, another secure multi-party protocol called Mix-Match is proposed. The basic idea of this protocol is that participants use secret sharing schemes to share the system's private key, and the system's public key is open. During the protocol, the participants randomly encrypt their own input public key y, then publish their own encryption results, and finally make all participants gain common output through Mix-Match. L secure multi-party computation protocol based on OT OT based secure multi-party computation protocol for computing arbitrary bit functions. It implements with "OT sub Protocol" and (and), or (or) "," (not) "three basic operations, then the arbitrary bit operation function is decomposed into a combination of three basic operations, finally by using iterative method to calculate the bit operation function. L secure multi-party computation based on homomorphic encryption Homomorphic encryption, secure multi-party computation can resist active attacks based on it is the idea of the selected atom is calculated, the calculation can be decomposed into a sequence of atomic computing allows arbitrary function and atomic calculation of input and output using homomorphic encryption, to get the final results in the encrypted state, only a specific set of participants will be able to the calculation results decrypted plaintext. 1.4 Introduction to ring signature In 2001, Rivest et al proposed a new signature technique, called Ring Signature, in the context of how to reveal the secret anonymously. Ring signature can be regarded as a kind of special group signature (Group Signature), because the establishment process need the trusted center and security group signature, often there are loopholes in the protection of anonymous (signer is traceable to the trusted center), group signature and ring signature in the foundation process in addition to the establishment of a trusted center and security. For the verifier, the signer is completely anonymous, so ring signature is more practical. Since the self ring signature was proposed, a large number of scholars have discovered its important value, such as elliptic curve, threshold and other ring signatures Volume design and development can be divided into four categories: 1. threshold ring signature 2. associated ring signature 3. revocable anonymous ring signature 4. deniable ring signature for block chain contract intelligent token transactions privacy, we use a linkable ring signature, in order to achieve privacy and prevent double problem. 2 A secure account generation scheme based on secure multi-party computation and threshold key sharing 2.1 Basic operations of secure multi-party computation The addition and multiplication, inverse element into three basic operations on the finite field, any computation can be decomposed into a sequence of the finite field addition and multiplication, inverse element, so long as to complete the three basic operations of multi-party computation, so the calculation process can be arbitrary finite domains through multi-party computation the basic operation to iterate the agreement. In this paper, we introduce a secure multi-party computation algorithm for finite fields based on secret sharing scheme based on Lagrange interpolation polynomial. 2.1.1 Addition In the secret sharing scheme based on Lagrange interpolation polynomial, the need to identify a polynomial, a shared secret is the constant term of this polynomial, and the secret share was value of this polynomial at a certain point. It is possible to set and share two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. In order to get the secret share of secret +, the participant B needs to construct a polynomial so that the constant of the polynomial is +, and B can be calculated. The construction process is as follows: B and B share a secret dreams and secrets, and the corresponding polynomial for W and X L = w + W / +. + W, oQ/oQ/ = {x + / +, +. X, oQ/oQ/ Might as well define = w + x = = w + x = B + B It was - 1 polynomial, and the constant term is +, for this polynomial in value * b = as + secret secret share Secure multi-party computation algorithm obtained by adding the above construction process: Addition of multi-party computation algorithms: secret, secret share, B, B output: Secret + secret share B 1)B = B + B 2.1.2 multiplication Set up two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. If the participants directly in the local computing B and B share a secret product, although the calculation after sharing secret is the constant term polynomials, but the degree of the polynomial is 2 (- 1), so the need to reduce the number of polynomial. The W and X share the secret share of the participant B, and the product of W and X is: Wx = w = x + / +. + (oQ/), (oQ/) Wx x = w, 1 = 1 + 1 = 2. Represented by matrices: - 1 When the upper coefficient matrix is written, it is obviously a nonsingular matrix, and the inverse matrix is denoted as Q/, which is a constant Number matrix. Remember (/, - - -, oQ/) is the first line of the matrix Q/, there are: /wx = 1 + - + - - oQ/wx, 2 - 1 Each participant randomly selected 2 - 1 - 1 - - - / polynomial, and, oQ/, to meet the requirements of B 0 = wx. Definition = "B, oQ/ Obviously: OQ/. 0 = b b 0 = /wx 1 + - - - 2 - 1 = oQ/wx +. B OQ/. = b b B Therefore, the secret is to share the secret and share the secret. A multi-party computation algorithm for multiplication 2.1.3 yuan inverse Set the secret of sharing, the corresponding polynomial is w, and the secret share of participant B is b = W. One yuan Inversion is refers to the participants by B B secret share calculation Q/ w (c) a secret share, but in the process of calculation Can not disclose, Q/ and secret share of the two. The calculation is as follows: Participant B selects the random number B, and selects the random polynomial B () to compute its secret share be = B () to the participant E. To accept all the secret share, e n = Q. Thus all participants share the same random number David - +q + = / s.. Using the multiplicative multi-party computation algorithm, the secret obtained by the secret share is calculated Share w, and sent to the other participants, so it can be recovered by using the Lagrange interpolation, we may assume that = . It is clear that the W - a Q/ C = n, i.e. Q/'s Secret share. 2.2 lock account generation scenarios The lock account generation scheme is an improvement on threshold key management scheme based on Lagrange interpolation polynomial. Its basic idea is that through the threshold secret sharing, all the authentication nodes generate a lock account in a centralized way, and each verification node has a share of the lock private key. This ensures that the lock account private key is distributed in the entire network in the form of the private key share, so it can be centralized management. 2.3 lock account signature scheme The lock account signature algorithm uses the ECDSA signature algorithm, because it is the current block chain project's mainstream signature algorithm, this choice can improve the system compatibility. In a locked account signature generation process, different from the original ECDSA signature algorithm, the private key and the random number to account is in the form of multi-party computation involved in ECDSA signature process; lock account signature verification process with the original ECDSA signature verification algorithm. Therefore, only the lock account signature generation process is described

'''

klcchain

Go1dfish undelete link

unreddit undelete link

Author: klcchain

The following post by klcchain is being replicated because the post has been silently removed.

The original post can be found(in censored form) at this link:

np.reddit.com/ Bitcoin/comments/74zyfl

The original post's content was as follows:

submitted by censorship_notifier to noncensored_bitcoin [link] [comments]
The original post can be found(in censored form) at this link:

np.reddit.com/ Bitcoin/comments/74zyfl

The original post's content was as follows:

1 Basic knowledge of cryptography 1.1 Basic knowledge of elliptic curves 1.1.1Elliptic curve profile Let denote a finite domain, an elliptic curve defined in it, actually this curve represented as a set of points, defines an operation on elliptic curve, and two points on the elliptic curve, a + = for the two point addition operation. The intersection of the line and the curve represented by the point, and the point on the elliptic curve of the symmetry. At this point, when = when, the intersection of the tangent and the curve is represented as the point on the axis of the elliptic curve. Thus, the Abel group is formed on the finite field (+ +), and the addition unit element is. 1.1.2 Signature algorithm Defines an elliptic curve called [()) and its base point, which is the order. For the curve @ (), make a public key pair, in which the private key is the public key and can be made public. Step1: first, using Hash function to calculate the plaintext message, the Hash function algorithm used MD5 algorithm or SHA-1 algorithm can calculate the plaintext message value = (Step2); then in the interval [1, and the private key a random integer as the signature of a range of 1]; Step3: calculation a public key =;Step4: = = K, where K is the abscissa of the public key and, if = 0, returns to Step2; Step5: = = Q/ (+), which is the private key of the sender A, and if = 0, returns to Step2; Step6: the sender A transmits the message signature (to) to the receiver B. The receiver receives the message signature (B,), the specific verification process to sign the message as follows: Step1: firstly, message signature and verification, i.e. whether it is in the interval [1, N1] positive integer range, if the signature does not comply with the signature of the message, that message signature received (,) is not a valid legal signature; Step2: according to the signature public key of the sender A, the sender A and the receiver B have the same Hash function digest value, and the digest value of the signed message is calculated (=); Step3: calculates the parameter value = Q/; Step4: calculates the parameter value = = Step5: calculates the parameter value = = Step6: calculates the parameter value = +; Step7: if = 0, the receiver B may deny the signature. Otherwise, calculate '= K', where K is the parameter A horizontal coordinate; a signature. The digital signature based on ECC, partly because this scheme can avoid the order operation in the inverse operation, so it is better than the signature scheme based on discrete logarithm algorithm should be simple; on the other hand it is because the calculation of the plaintext message () (,) than the calculation simple, so its speed Schnorr digital signature scheme is faster than. Therefore, the digital signature scheme based on elliptic curve cryptography has good application advantages in resisting attack security strength, key length, computation speed, computation cost and bandwidth requirement. 1.2 Threshold key sharing technology 1.2.1 Shamir Threshold key sharing concept Threshold key sharing technology solves the key security management problem. The design of modern cryptography system is that depends on the security of cryptosystem in the cryptographic key leakage means the lost security system, so the key management plays an important role in the research and design of security in cryptography. Especially when multiple stakeholders manage an account, the key of the account is trusted, and it is very difficult to distribute it safely to multi-party participants. To solve this problem, the Israeli cryptographer Shamir proposed Shamir (,) the concept of threshold secret sharing: the key is divided into portions assigned to participants, each participant to grasp a key share, only collect more than key share, can the key recovery. 1.2.2 Linear secret sharing mechanism Linear secret sharing is the generalization of Shamir threshold key sharing. Its essence is that both the primary key space, the sub key space and the random input set are linear spaces, and the key reconstruction function is linear. The formal definition is as follows: let be a finite domain, PI is a key access structure sharing system, is the main key space. We say that Pi is a linear key sharing system, if the following conditions are met: 1) sub key is linear space, namely for, constant B, the sub key space B cd. Remember - B, e (,) as the components of B CD vector space is received, this component is dependent on the primary key and the random number 2) each authorization set may obtain the master key by means of a linear combination of sub keys, that is, for any one delegate The right to set in, constant {b, e:, B, less than 1 and less than or equal to b}, such that for any master key and random number, All = KD and l /jejcd B, e, B (E, II). 1.2.3 Shamir Polynomial interpolation threshold secret sharing scheme Shamir combines the characteristics of polynomials over finite fields and the theory of Lagrange's reconstructed polynomial, designs a threshold key management scheme based on Lagrange interpolation polynomial, and the scheme is as follows 1.3 Secure multi-party computation 1.3.1 The background of secure multiparty computation With the rapid development of Internet, more and more applications require cooperative computing among network users. But because of privacy protection and data security considerations, the user does not want to participate in collaborative computing and other users to calculate data sharing, this problem leads to collaborative computing cannot be performed, which leads to efficient use and share some of the scenarios can not be difficult to achieve the cyber source. Secure multi-party computation (secure multi-party computation) makes this problem easy to solve, and it provides a theoretical basis for solving the contradiction between data privacy protection and collaborative computing. Secure multi-party computation is the theoretical foundation of distributed cryptography, and also a basic problem of distributed computing. Secure multi-party computation means that in a non trusted multi-user network, two or more users can cooperate with each other to execute a computing task without leaking their private input information. In brief, secure multi-party computation refers to a set of people, such as /...... Q, computing functions together safely,...... , q = (/),...... (Q). Where the input of this function is held by the participant secretly, the secret input of B is B, and after the calculation, B gets the output B. Here is the safety requirements of cheating participants even in some cases, to ensure the correctness of the calculated results, which is calculated after the end of each honest participant B can get the correct output of B, but also requires each participant to ensure confidentiality of input, namely each participant B (B, b) in addition. Don't get any other information. Secure multi-party computation has been rich in theoretical results and powerful tools. Although its practical application is still in its infancy, it will eventually become an indispensable part of computer security. 1.3.2 Classification of secure multiparty computation protocols At present, secure multi-party computation protocols can be divided into four categories according to the different implementations: L secure multi-party computation protocol based on VSS sub protocol Most of the existing secure multi-party computation protocols adopt verifiable key sharing VSS (Verifiable Secret) (Sharing) the sub protocol is the basis of protocol construction, which is suitable for computing functions on any finite field. The finite field of arbitrary function can be expressed as the domain definition of addition and multiplication of the directed graph, so long as can secure computing addition and multiplication, we can calculate each addition and multiplication to calculate any function over finite fields. L secure multi-party computation protocol based on Mix-Match The secure multi-party computation protocol based on VSS sub protocol can compute arbitrary functions, but it can not efficiently calculate Boolean functions. Therefore, another secure multi-party protocol called Mix-Match is proposed. The basic idea of this protocol is that participants use secret sharing schemes to share the system's private key, and the system's public key is open. During the protocol, the participants randomly encrypt their own input public key y, then publish their own encryption results, and finally make all participants gain common output through Mix-Match. L secure multi-party computation protocol based on OT OT based secure multi-party computation protocol for computing arbitrary bit functions. It implements with "OT sub Protocol" and (and), or (or) "," (not) "three basic operations, then the arbitrary bit operation function is decomposed into a combination of three basic operations, finally by using iterative method to calculate the bit operation function. L secure multi-party computation based on homomorphic encryption Homomorphic encryption, secure multi-party computation can resist active attacks based on it is the idea of the selected atom is calculated, the calculation can be decomposed into a sequence of atomic computing allows arbitrary function and atomic calculation of input and output using homomorphic encryption, to get the final results in the encrypted state, only a specific set of participants will be able to the calculation results decrypted plaintext. 1.4 Introduction to ring signature In 2001, Rivest et al proposed a new signature technique, called Ring Signature, in the context of how to reveal the secret anonymously. Ring si...

Please help me either flesh these out, or brainstorm other such ideas which might help Bitcoin in its wonderful ascent.

submitted by ThinkingOutLoudHear to Bitcoin [link] [comments]
- I see a common theme that "miners have to pay their electricity bills and other expenses in dollars; therefore they sell what they mine, creating downward pressure on the price"...
**would it be possible to convince an electricity/utilities provider to accept or settle in Bitcoin?**I know this industry is a quagmire of government-sanctioned monopolies, but I'm not sure what sort of autonomy they're afforded, or even where to begin when it comes to researching this topic. Does anyone here have real knowledge on the subject that they'd like to share? Is this even a possibility? - FDIC-type insurance seems impossible with Bitcoin... or is it? Is there any way that a company, coalition, or other entity could "insure" a particular value of customepartner assets, without having the nice little privilege of "the ability to expand the money supply to achieve this goal"? Proof-of-Reserves is a good start, but while the underlying asset is so volatile, it only guarantees so much. Is this a dead-end, or can anyone think of some sort of clever solution that might help here?
- While I don't think trolls can truly subvert Bitcoin, I do think their persistent negative energy deserves mitigation if at all possible.
**Would tagging consistently-negative contributors in this subreddit with flair that says something like "Devil's Advocate" be a bad idea for any reason?**This should be easy to do, and entails no nasty censorship or unprofessionalism. Anyone have any solid arguments for why this shouldn't be done? Or does anyone have any other ideas for dealing with excessive unconstructive criticism? - Brainwallets seem like they should be a huge selling point for Bitcoin - they allow functionality that is inconceivable with other non-cryptographic forms of money. But as implemented, brainwallets are one of the least-secure methods of private-key generation, and are particularly susceptible to brute-force attacks for this reason. In theory,
**shouldn't it be possible to beef up brainwallet security - perhaps with simple-to-use options of hashing the seed?**For instance, a brainwallet could be a composite seed, made up of 2 parts: 1) the passphrase itself, and 2) the hashing functions used to generate a private key out of that passphrase. As I understand it, most brainwallet implementations just use SHA-256 to scramble up the input... but if you instead have a specific formula that you run it through (e.g. MD5 SHA256 SHA-1 SHA256 MD5 SHA256 output) shouldn't that be a lot harder to brute force? An attacker would have to guess the passphrase*and*the exact formula to generate a matching key -- properly-implemented, I think something like this could make brainwallets a much-more-viable option for private-key-generation. Anyone who knows more regarding the technicals of this, do you have any input on the matter?

Questions | Answers |
---|---|

a more serious question, what is password cracking like? Bruteforcing hashes, looking through source code for vulnerabilities, doing advanced maths or something fourth? | First I'd try to figure out if the software was merely using access denial or encryption. With access denial, the data isn't encrypted, but the software won't show you the data without the password. For purposes of criminal forensics, you're not allowed to change the data in any way for it to be admissible in court, but getting access to the file before you have a password can often be helpful. To figure that out, I'd just look at the file in a hex editor; if I could read it, it wasn't encrypted. The next easy step is to scan the program for cryptographic constants; these are things like s-boxes or tables of rotation constants or such that tell me what crypto functions, if any, are being used. For example, if I see 637c777b anywhere, I know it's probably using AES. If I see 77073096, that's a CRC32. If I see 67452301, it's using MD5. After that I'd use a debugger and a program like IDA Pro to start at the point where you type the password and figure out what the program does with it. This is what often took the most time and was the most tedious. Early versions of MS Access, for instance, just XORed the password with a fixed constant; anyone could break those passwords immediately. The toughest one that I was able to break was the encryption on WinZip; it was much better than most stuff I ran into, but still weak enough that I could break it. That was the one I enjoyed the most, like an extra-challenging Sudoku or something. |

The hash function wasn't cryptographically strong, so I was able to run a lot of it backwards and get a enough constraints on the input to skip most possibilities. What is this process called if I wanted to learn about it in an academic setting? | Cryptanalysis. |

WinZip; it was much better than most stuff I ran into Is it any better than 7Zip? | My attack was on the old encryption method. WinZip has since upgraded to AES, like 7-Zip. The only way to attack an archive made by a recent version of either of these is with a dictionary attack, trying every password. |

What was the biggest password you ever cracked? | Nowadays, most software companies use strong crypto, so the difficulty of cracking the password increases exponentially with the length. Back in the late 90s, it was mostly "roll your own", so the strength depended a lot more on the software than the password chosen. |

That said, the password I was most pleased with was a 60-character randomly chosen password on a WinZip file using the ciphertext-only attack that later got published. | |

Was the content worth the effort? What was the content? | The content was irrelevant to me; the fact that I had broken the encryption so thoroughly on such an important file format was the exciting bit. When it was in beta, the FBI started sending us files with suspected child porn for us to open. Thankfully I never had to look at any of it---that was someone else's job---but it felt good to know that I was able to help with that. Once we integrated it into the toolkit, of course, the FBI would just use our software themselves. |

Now, though, I think that it's more important that people be taught what is right and have freedom---even if such drimes still exist---than to have a society in which every activity is so policed that crime is impossible. I think we should make it hard for the government to do such enormous, sweeping surveillance as we've discovered they've been doing. | |

If there's sufficient evidence to suspect someone of a crime, the government has plenty of resources to target that individual, and no software will prevent them getting the information they want. Splicious, if it is funded, will help in preventing surveilllance at national scales. | |

It's funny how no one seems to be responding to the thing you're actually talking about... it seems to me you're raising awareness about splicious. Can you say more about that? | EDIT: I need to make clear that it doesn't fully exist yet! We need money to continue to make it real. |

As I wrote above, it's a platform for encouraging the creation and curation of content. The idea is to reward both those who create content and those who share it. You may have seen that picture of handing out Facebook likes to 3rd world kids; merely "liking" something or upvoting it doesn't actually help somebody make a living. So all likes/upvotes have real money behind them in this system. The originator of content gets 90% of each upvote, while the remaining 10% is distributed down the chain of resharers to the donator. | |

We want artists and musicians to use it, but also scientists, authors, and journalists. We think the journalists will be particularly interested both because of the potential to get supported directly in the wake of digital media, but also because of the security features we intend to implement, like perfect forward secrecy. | |

We hope scientists will like it, because big academic publishers like Elsevier charge tens of millions of dollars for bundled access to their journals and have something like a 36% profit margin. The scientists write and review the articles and edit the journals for free; Elsevier turns around and charges them for the privilege. Splicious would allow people to set up electronic journals quickly, while contributions go directly to the authors and the editors. | |

Could you inbox me my password if you wanted or felt the need? | That would require getting Reddit's collection of password hashes. It would take some effort, but probably a lot more than would be worth my while. |

Well, it used to be easier. | Wow! Yeah, hopefully they learned something after that. :P. |

Could you be a very rich man if you used your powers for evil? | I could have in the 90s. I think the FBI are a lot better at dealing with crime on the internet now than they were then. |

Hi, I'm a math/CS undergraduate and find this stuff fascinating. However, I haven't a clue how to get started. Any reccomendations on how to get into password cracking and hacking? | As to your specific topics, the days of easy password cracking are largely over: any software worth spending money on will use strong crypto. The best one can usually do is a dictionary attack distributed over many computers. |

Awesome! What is your ed background? | When I got the job I was getting my undergrad degree in physics. I went on to get a MSc and have just finished my PhD. |

How much were you taught on the job vs what you had learned through self study? | All of the math I learned in school or from Schneier's Applied Cryptography. I taught myself the rudiments of programming as a kid and all my electives at university were computer science classes. I learned to read assembly code on the job. |

What would you say is the most lucrative area of infosec (both for black and white hats)? | If you want to make enormous amounts of money, you start a company and get bought out or have a successful IPO. That's very risky, though; if you want stable good money in infosec, go join Google's security team: I did and loved it! |

Are you employed now by Google? | No, I left last year to start working on splicious. I'd like to keep doing so, but we need funding! |

Whats this splicious you keep referring to? | It's a distributed secure communications and computation platform. It has features to encourage the creation and curation of new content, but is intended to be a general purpose secure distributed computation platform. |

The computation framework is based on pi calculus; I've written a paper with Greg Meredith and Sophia Drossopolou showing that we can use Caires' sspatial/behavioral types as a security policy language and let the compiler check that the implementation fits the policy. (TL; DR: We can prove that we don't have security flaws of various kinds.) | |

Are you Hackers or War Games fan? | I loved it when you nuked Las Vegas. Suitably biblical ending to the place, don't you think? |

Have you ever hacked people? | Not without their permission. |

That sounds a bit weird. Hahahaha. | It's not much weirder than tattooing: Link to io9.com |

Of course they still had to get the hashes somewhere, but there are some pretty powerful tools in the public domain these days, who knows what is behind the curtains in the federal side of the house...(proposed quantum computing password cracking for instance) | People simply don't have the ability to remember passwords that are strong enough to resist the password crackers. If your service has the option to use two-factor authentication, use it; when attackers steal gmail accounts, the first thing they do is turn it on, because it makes it virtually impossible for the owner to get it back. If your service doesn't have 2-factor auth, use a long passphrase. Here's some math: if you just use lowercase letters and have a 16-character password, there are around 10^{22} passwords to try. If you start using numbers, too, there are around 10^{24,} so a hundred times harder. But if instead you double the length of the password, there are around 10^{44,} which is a sextillion times harder. Quantum computation is certainly interesting to the NSA, but the technology isn't up to code cracking yet; scientists are just at the edge of beating the error bound necessary for quantum computations with more than a handful of qubits. Link to www.news.ucsb.edu |

How could a regular person like me learn the basics of this? | What did you mean by "this"? Reverse engineering, password cracking, or secure distributed communications? |

All of it and where should one start? I've done custom rainbow salt sables and attempted wpa2 attacks for fun and cracking hashes using Cain and Able. | For reverse engineering, woodmann.com is the place to be. Get a copy of OllyDBG and IDA Pro; there is an older version available for free. Here's a reasonable intro to some of the techniques: Link to yurichev.com |

Actual question how good is router security with passwords for example can you or have you hacked a router (guessing default passwords don't count)? | I haven't ever tried breaking router passwords; I have my own router, so I don't need to use anyone else's. |

Are you the guy that made this video: Link to www.youtube.com ? | Yep. In addition to the content creation and curation stuff, there's also a notion of controlling who gets access to personal information. In the video, I drew how Alice can prevent Bob from knowing her name or address while still proving that she's 21. |

But we need money to make it real. | |

Are you in fundraising mode? Are you doing crowd funding? Do you have a site? | Yes, we're doing crowd funding. The site is linked in the description. |

How is there such a huge disconnect between you and I? I send hours on the computer and can't do shit with it other than reddit and excel spreadsheets. How do you get into it? Is it a lot of reading? How does it work? | I think you become good at doing what you spend time on, and you tend to spend time on things that you like doing. I learned this stuff because it made me happy. I get a thrill out of this sort of thing, so I keep coming back. |

That said, with enough hard work, you can become good enough at something that it's no longer a drag: playing piano for the first few years sucks. Who wants to sit there plunking out "Mary had a little lamb"? But once you have the skill to actually read music and play it, then you're free to explore all your musical tastes. After you've played a lot of the music you love, you get a feeling for chord changes and what sounds good to you, so you can improvise your own music. | |

It's the same way with math and programming: there's some hard stuff at the start, but once you become good enough at it, you can start behaving like an artist and do your own thing. | |

The equivalent of learning "Mary had a little lamb" is introductory programming sites like KhanAcademy or codeacademy or code.org or a bazillion others. | |

What do you think of the new NSA, using the Patriot Act? | I think the Patriot Act traded an enormous amount of liberty for what turned out to be virtually no increase in security. |

Is that the same platform that this ex-Googler was talking about in this video Link to www.youtube.com. | Yes, that's Vlad Patryshev. He was one of the guys who made Orkut. He was actually really excited about splicious and said, "I've been waiting for this since FidoNet." |

Thanks. I'll look into all that. Lol, well that's a different story, a lucky one too. So you had no knowledge or experience with programming and they just hired you? What degree were you going to go after if you went to collee? Oh yeah, did you end up going to college after all or you just stuck with the job and learned from them? | I had plenty of programming experience, but no crypto experience. I couldn't decide for a while between computer science and physics. Eventually I compromised and got a degree in applied physics; basically, all my electives were CS. I finished my bachelor's degree, then lost the job when the dot com bubble burst, went to New Zealand and got a MSc in CS, then started a PhD but ran out of money, went to work for Google's security team and started working on the PhD part time. I worked there for six years, then quit to work on splicious. I just finished the thesis and will defend later this year. |

I might be late to the party, but what do you think of the XKCD password comic? This is the method I'm currently using with the help of Make Me A Passwords generator. | It's spot on. When given the option, use long phrases rather than gibberish. LastPass can manage your online passwords by generating very long gibberish but only require you to use something memorable. |

You actually suggest LastPass over KeePass(X)? | I was using LastPass as an example of the genre, like how the southern US refers to any carbonated soft drink as "coke". I haven't made an extensive study of the offerings. |

Are you Jesus? 'cause you look a lot like him. | I was babysitting with another guy for a group of moms once, and when one of the moms dropped off her young kid---maybe four or five years old---he got really big-eyed and nervous. I thought he was afraid of the beard and hair: sometimes people would cross to the other side of the street when they saw me coming. So I invited him in, showed him the toys, and we all played and had a good time. |

When his mom came to pick him up, he ran over and said, "Jesus is fun!" | |

Hey Mike, my understanding is that you've built a distributed platform and also adding on bitcoin support so that every post you make on splicious could potentially generate revenue. i would say that it's a new take on an alternate virtual economy and want to try as soon as they allow public use. are you planning to add some kind of reputation system to it? say, if i want to look for something a'la craig's list style rather than post my poetry? | We've been thinking about reputation systems, but don't have any firm plans. Part of the problem with reputation systems online is that people do "pump & dump", using their reputation to steal something. If anyone has ideas or references about fighting this, please PM me. |

Was most of your work just using parallelism brute forcing, or did you look for vulnerabilities in encryption standards. Also what is your opinion on the vulnerabilities of dual eliptic curve cryptography? | Nearly all of my work was cryptanalysis of the relatively weak cryptography that was prevalent in the late '90s. We started turning to parallelism when MS Word improved its crypto to the 40-bit stuff that was the limit for software you could export. |

The vulnerability in the PRNG for dual ECC was clearly inserted by the NSA and weakened everyone's crypto, even the US military and government's. I'm surprised that there's not more outcry from the other government organizations. | |

Last pass gotta remember that one. The o e thing I'm worried about though is my email is under yahoo and I've heard they are famous with being hacked because of crappy protection programs or leaks even is this true? | Looks like Yahoo has 2-factor auth available. If you turn it on, then even if crackers do figure out your password, they won't be able to log in with it because they don't have your phone. That's the single best thing you can do. |

Can you explain this like you would to someone who's never heard of hacking? | There's no password you can remember that would stand up to modern cracking software. If you use a long passphrase, you might stand a chance. 2-factor auth is the only way to stay safe. |

Can you tell me how to turn it on in a pm please. | I'll just put it here, since everyone ought to know this: Link to www.zonealarm.com |

What's your computelaptop specs? | I had a Macbook Pro, like most of Google security team, and got myself another when I left. It has all the benefits of unix with really nice hardware and good suport. |

What makes one password cracker different than another? Edit: Wonderful beard. | Generally it's how well they take advantage of the parallelism in the GPU. And thanks! |

Do you feel That bitcoin as a currency will make it even with all of the theft and ease at which people are being hacked and having coins stolen. | I have no particular attachment to bitcoin as a currency. Ben Laurie, for example, has some excellent points about how to keep bitcoin secure, you either have to trust the software authors or spend half of all computing power for the rest of eternity. If you're going to trust people, there are much more efficient ways to mint money. Link to www.links.org |

For our purposes, bitcoin provides a fairly simple micropayments service; any other distributed currency would probably work just as well. | |

We also don't store the wallets ourselves; we use blockchain.info. | |

I feel the success will be based on micro payments. IE reading a Wall Street journal article for a .05 or .10 fee and not having to buy the whole newspaper or article. Just my 2 cents.. | Exactly. A journalist would write an article and share it with WSJ. WSJ would reshare it, and readers could support the journalist by contributing a mBTC. WSJ would get a cut and the journalist would get the lion's share. |

So how hard would it to be to break a password of say"iFuCkInGHate2001!!" | If crackers get hold of the file with the password hashes, nearly all passwords will be cracked, even quite long ones like yours. A similar password (18 printable chars) that has been hashed once with SHA with no salt would take less than an hour to crack on a single PC. Adding salt makes it harder to build tables where you can just look up the password instantly, but no slower to just brute force. |

People REALLY need to use 2-factor auth to be secure. | |

So what can a person like me who doesn't know much on how to make a password more secure, except making it super long and complex to do to " feel safer" of not getting hacked. | First, choose reputable services like GMail, where they take security very seriously. A cracker who can't get to the database of password hashes is forced to attempt to log in repeatedly, which can be detected and throttled to a safe rate. |

Second, use 2-factor auth if it's available. | |

Third, use something like LastPass that generates a long random password for each site and stores it encrypted under a single password that you remember. You never type that password into anything online. | |

I bet your computer is awesome | It's a Macbook Pro. |

If you’ve spent even a little bit of time learning about Bitcoin and other cryptocurrencies, you’ve no doubt heard the term “cryptographic hash function.” You may have heard of various “cryptographic hash algorithms” like DSA, SHA-1, SHA 256, MD5, BLAKE, and RIPEMD. In case those terms flew over your head, just know that cryptographic hash functions relate to What is a Hash? Cryptographic hash functions are mathematical operations run on digital data. In Bitcoin, all the operations use SHA256 as the underlying cryptographic hash function.. SHA (Secure Hash Algorithm) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA). The MD5 algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. Cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert. Hash functions are used in almost every component of Bitcoin, so in this lesson we'll explore this cryptographic primitive in depth. What is a hash function? A hash function is a function that deterministically maps an arbitrarily large input space into a fixed output space. That's a pretty abstract description, so instead I like to imagine a hash function as a fingerprinting machine. It takes ...

[index] [17606] [28026] [23760] [23345] [5660] [15382] [32150] [42109] [239] [48192]

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. What is hashing? In this video we explain how hash functions work in an easy to digest way. Hashing is the process of converting an input of any length into ... In this video, I explain what cryptographic hash functions are. This is for programmers and non-programmers alike. Hash Functions are very important in compu... What cryptographic hash functions are and what properties are desired of them. More free lessons at: http://www.khanacademy.org/video?v=0WiTaBI82Mc Video by ... This video is unavailable. Watch Queue Queue. Watch Queue Queue