Steem & BitShares Cryptographic Security Update

in steem •  8 years ago  (edited)

It just came to my attention that the community has been discussing "quirks" in our usage of canonical signatures. @faddat and others is ready to burn us at the stake for our incompetence. I want to clear things up because all accusations are coming from a point of ignorance of the history of the code, crypto, and signatures.

Signature Malleability

Bitcoin exchanges suffered great losses due to transaction malleability, the ability for someone to modify a transaction into another equally valid transaction without invalidating the signature. It turns out that anyone can take your signed transaction and create 4 different perfectly valid signatures without knowing your private key. If these signatures produce a different transaction ID then it makes it impossible to track / check for the inclusion of your transaction with single canonical identifier.

At one point in time this malleability issue allowed the replay of transactions up to 4 times because each transaction had a unique ID. We fixed this by requiring canonical signatures AND by identifying transactions by their digest which is independent of the transaction signatures.

Here is the relevant information from the Bitcoin WIki

The first form of malleability is in the signatures themselves. Each signature has exactly one DER-encoded ASN.1 octet representation, but OpenSSL does not enforce this, and as long as a signature isn't horribly malformed, it will be accepted.[1] In addition for every ECDSA signature (r,s), the signature (r, -s (mod N)) is a valid signature of the same message.[2]

As of block 363724[3], the BIP66 soft fork has made it mandatory for all new transactions in the block chain to strictly follow the DER-encoded ASN.1 standard. Further efforts are still under way to close other possible malleability within DER signatures.

Canonical Signatures

Given that every time you sign something anyone can create 4 variations on the signature, we simply require that all signatures be in 1 of the 4 forms and reject signatures that are valid but in the wrong form. This means we have a stricter signature requirement than is mathematically required by elliptic curves.

Implementation Options

We had two possible implementation approaches: convert the generated signature into canonical form or generate a new signature and check to see if it is in canonical form. 1 in 4 signatures are randomly canonical in the first place, so it doesn't take many attempts to find a canonical signature.

On the signature checking / validation side of things it is identical. Every signature that is "canonical" also passes under the looser terms.

Conclusion

The take away from this is that people need to be slow to throw stones and that @faddat is picking on a straw man. It shows that if the things he is working on isn't careful, then they will be vulnerable to signature malleability just like Bitcoin and BitShares once were.

Here is a useful info graphic generated to describe how Bitcoin and/or BitShares were once attacked due to lack of canonical signature enforcement.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

100% agree @knircky

yes as a sailor I know full well that for a ship to arrive where it wants to go, the captain needs to be at the helm ) Good to see @dan giving us detailed and clear information on things !!

Hi. I'm Paul. I've consulted on some of @faddat's projects. I don't follow Steem development closely, because I'm not on the technical side. I am not a cryptographer, cryptologist, or mathematician. My background is in US taxation and networking/systems.

I think we should acknowledge that there's history. I've witnessed Jake agonize over this code, trying valiantly (does anyone use that word anymore?) to make Steem work from other websites. It's been frustrating for him, and also for many others who've poured a lot of time and resources into what they expected to be a straightforward task. And when he's spoken about it openly (as I would too) there's been some icy reception.

Ultimately, we're talking about his tone here. If he had said essentially the exact same thing without mentioning how unsettling he found it, we wouldn't be having this discussion. And if he turned out to be wrong, so much the better. I think all of us are happier knowing the blockchain is uncompromised.

If he comes off as brusque -- yeah, he does that. He gets a pass from me, because I know his intentions are honest. I also get it if you don't see that.

Can we put this behind us? The world needs blockchain technology, and it needs it badly. Any Steemit hackers are invited to come have a coffee with us here in Siem Reap. Let's make magic happen.

We have many JS libraries that could be used off the shelf that already implement proper canonical signature signing.

You are no doubt right. My intention with this post was instead to the address the lack of trust between the two projects (and indeed, in the broader crypto community). I think we can do better than we're doing.

  ·  8 years ago (edited)

I think the way in which we could do better is to all stop making excuses for @faddat's unwarranted tantrums and mudslinging.

The code is there for him to review, and all the demands he was making could have been resolved by him taking 5 minutes to read it. (He even had three experienced devs helping him in the comments in the linked thread.)

Instead, he chose to (in order): assign blame, be passive aggressive, play the victim, and then speculate about malice—without basis. We are all now aware of how productive these behaviors turned out to be.

He shouldn't have to speculate very much more to figure out why he is unwelcome in our Slack.

We welcome constructive feedback, positive and negative. This wasn't that.

We are a very small team and reading and responding to this sort of toxic behavior has tangible effects on our productivity.

he chose to (in order): assign blame, be passive aggressive, play the victim, and then speculate about malice—without basis.

Not to mention the DAWN project which I believe he is involved in and their recent cointelegraph article, with the timing in mind you could very well class this as pure FUD.

I read the article @abit linked below. It couldn't be more vague.

sniffs

"Is that vapour in your ware?"

No vapor is found at github.com/dawn-project/glogchain

And we'd be honored to have you as a user, @l0k1.

  ·  8 years ago (edited)

We didn't want to use javascript, @dantheman. We wanted to use go so we could integrate it on the back end and achieve more than a superficial integration. Since you wrote graphene in C++ I'm sure you know what I'm talking about regarding javascript vs actual systems programming languages like C, C++, java, go, or rust. Ain't no beef in the land of javascript by comparison. If you want beef, you've got to go lower level, and we wanted to build beefy steem integrations.

Please, don't tell me you think your js libs make it all okay, because I know that you know they don't.

Now that @baabeetaa has the answers he needed, we will be integrating on the back end, because @baabeetaa is a badass.

Reposting @phibetaiota
PhiBetaIota.Steem is about open decision support.

Our Mission is about using holistic analytics, true cost economics, and if desired, open source everything engineering, to create open ethical intelligence (decision support) in support of strategic, operational, tactical, and technical decisions, courses of action, and investments. This platform is very important in our mission.

THANK YOU for crafting an excellent explanation to this situation.
There is open censorship on all other platforms. At the very least, there does not appear to be much censorship on SteemIt. I profoundly hope you are not "burned at the stake."
Cooperation is enhanced greatly in times of open standards.
"Get enough eyeballs on it, no bug is invisible."
"The truth at any cost lowers all other costs"

~The Management

Imgur

There's no censorship on steemit, especially not on its blockchain. Some in its front end but it's of the socially understandable type.

@cryptoctopus why did you upvote this spam comment?

@sneak: I don't recall voting on this comment, I have trails...I wonder if that's where the upvote for the comment comes from. In any case, I take it back.

That's why I left the comment... I think some people vote with various automated means and sometimes upvote stuff they don't mean to.

  ·  8 years ago Reveal Comment
  ·  8 years ago (edited)Reveal Comment
  ·  8 years ago (edited)

Look, another angry racist on Steemit. Sigh.

Be advised, snowflake: we have a tolerant and inclusive community and people like you are not welcome here.

PS: Good luck, I am behind 7 proxies.

  ·  8 years ago Reveal Comment
  ·  8 years ago (edited)Reveal Comment
  ·  8 years ago (edited)

Racist and misogynist, check.

Edit:

Here's the record of his tossing around racist slurs: https://steemd.com/tx/f0d62c3c942376b959c9d728a89bdbfdc4252d8c

Here's the second one with the sexist nonsense: https://steemd.com/tx/c35ca356c7e21181da1f85bbea0a2cd242b581df

I thing @faddat is asking questions and he is not getting any answers. That leaves him to speculate why.

Thanks for the poised and solid answer @dantheman! Even all this discussion allows me to learn more about our platform and its security levels.

All for one and one for all. Namaste :)

Thanks for fighting the good fight, Dan. I hope some day your dream of world domination will come true and we can have an active marketplace here to voluntarily spend our STEEM and SBD. Keep up the good work.

By looking at the title I thought we fixed something new. By reading the content I realized it's fixed long before. "Update"?
Anyway, thanks for writing this.

Same here. Maybe the "Info" word would fit better here. However, these were things that I hadn't known, so it was worth reading.
It was a #FlashbackFriday post. :)

HE'S ALIVE!!!!

How is Graphene 3.0 coming along? Can't wait to see what you think up next.

  ·  8 years ago (edited)

Shares go on sale Sunday

Bitcoin may end up passing $10,000

Nice to see you back here :) Mate can I ask you for one thing, PLEASE have it in your agenda to post once a week and take a day off your hard work, to curate some content, or better yet half an hour a day, at least engage with the community. Write a few lines here and there. There is a growing discontent and you guys are "missing" there used to be a lot more conversation and "moderation" on the platform. The witnesses and the whales were working together and things we re EPIC, last year :D So unless you big guys get back here not just pushing buttons thinking that produces change, but having your personalities interact peacefully, thus creating a good ecosystem so problems can be brought up solved and on to the next one. Set a good example and don't stop "promoting" it. The community needs you, there should be a active support team if you can't handle it. But since you are the heads, not showing up in your own show makes people throw potatoes around. Rotate those 30 minute shifts if you have to, POWER curate please :).
Find the best content, the most rotten ideas and help one become reality without neglecting the other and just downvoting it. It needs attention too. You've already built most of the functionality. Help people understand it better and help them help themselves.

And as I go about that we have a pride of cheetas :D Seriously hold people accountable. Stop saying make one account per person and then have 5 :D
I can see why there are problems. Sure it's not in your best interest to poke a hornet's nest, but guys please the platform is crashing and no math can help. The people are the BACKBONE the head is too heavy at this point.

Please get back to the community and give back to it. Your ideas is already alive and everybody did fall for it so to speak. If you neglect your children they will grow up to be stupid assholes and you won't be able to keep them under the rug. Vlog Blog get interviewed I don't care. Show you are there and you CARE>

And please update the UI, there are some insane apps compared to the main hub, implement those solutions. Stop thinking of ways to change the system, fix the flow of it. Curation is a great concept. Rewarding comments from that pool isn't sure for me everything should fall under the author rewards. But then voters won't be rewarded for their votes. And having people actively participate would be better than having ghost comments and ghost votes. Let people read, don't make them think voting is mining crypto. :D Activity is the driving force behind any platform, sadly we need yours, because you have the most power and therefore the most responsibility. Drop a line here and there a weekly advancement post, hod yourself accountable for what you are doing, show people you care. Sorry for the Whine :D next time I hope we can toast something better :)

I will be making my posts on the 0.17 hard fork because I'm not sure I like the ideas proposed there. Sure the blockchain improvements are a must and a better platform that' s light as a feather will be the envy off all sites. But incentivizing something artificially won't help. The best examples are @kus-knee because he implemented the throw a bone to comments program. But he does that ACTIVELY and it's the same as a upvote from you guys. @abit gives 7$ for a vote :D you are worth more probably, there comment disparity fixed :D i only 1% of whales vote on comments no wonder there is a 1% return. I've always voted on comments because I read them. And I want people to see that I care. Is it draining to my pool YES are my votes worth anything :D thanks to 10 bones and 5 krnels :D a 20sbd upvote from val not really :D so 2 months of hard work get rewarded with 30-40$ and I haven't been focused true. But I see problems and I want them fixed. I can always do my research and post my articles. Why would I if there are 10 people there willing to take their time to read something, with a ACTIVE user base of 2k people I can see why at least with 5K there will be a 5:1 ratio for the creators. The problem is that Creators care for Profits and not much on delivering a good piece that is well made polished and worth some tangible value. Why because they see others doing reposts, rehashes, not giving a fuck and still making more, so why bang your head up a wall for 2 months pushing concepts to people that have no imagination to understand them.

Sorry for the OFFTOPIC :D "wall" of spam :D at least it's contained here and only for you to see @dantheman

Cheers mate, :) hope there are better times ahead and we can SPRING back up again from all the bs, again don't neglect your children and make more nannies to keep them under the rug. Skeptic is spilling over Minds taking his hard earned spam and throwing it around.

Daily Report by @elyaque ~2800 active users. sure its the weekend but that's a drop from 6k where maybe 20k would be ideal for 2k authors trying their hardest to solve problems. Actively engaging the community that is genuinely interested. Wouldn't we rather see that wouldn't steem's price be 1$ again if that was to happen. Well you can make it, you guys hold the POWER in your hands.

call it what you will I would love to see a response.

I read and vote on stuff most days. I don't always write blog posts, but regularly reply with comments.

well there is a "war" going on at @krnel can you direct a bit we need a conductor. Are you up for cleaning some shit?

in short the price is dropping the hardfork isn't appealing to me personally. Spammers are discontent. There are users pushing and the situation needs to be addressed.

Thanks for the reply I guess you are busy.

But I think this can be solved now and it should at least get straightened out.
It would be good to not perpetuate the divides and continue with new solutions when the older problems are continuing to cause user discontent.

Things have went from bad to worse in 2 months, I'm not sure if it's a good idea to participate if you have made up your mind, letting it blow off might work.

Currently bernie smooth and ats-david are the devils :D

The guardians of the galaxy are a fraud and we are facing a "Collapse" LOL :D

https://steemit.com/guilds/@beanz/repost-and-reminder-the-rise-and-fall-of-digg-com-a-lesson-for-steemit

it might have been blown out of proportion sure. But it's a possibility for a resolution. Hopefully one were there aren't losers left and right and wars are a thing of the past :D

  ·  8 years ago (edited)

This IS off-topic. Let's move discussion to the post you linked.

By the way, it's not good to label people devils or what so.

Loading...

I love you man you will be missed, I don't know any of the team personally, but you always seemed like the quirky smart type, THANK YOU FOR making this platform a reality, thank you for creating something that others can band around, thank you for breathing in some hope and life into social media for me at least, I'm deeply saddened by you departure. You at least seemed like you gave a lot of attention to the important technical aspects of the platform, liked philosophy and spoke your opinion. I hope you didn't leave with bad feelings and are able to be ok enough with the team, maybe help them out, so you can tell us why you left, It can't only be the free license thing. There must be more :D I'm one to pry sorry, but I really want to know what works and how things happen on the back end(ie why groups of two fail sooner or later, what causes divides, bs like that)

I don't understand everything written here, but I'm glad the security has been intricately strengthened and improved. Thanks for the technical and informative update. Much appreciated.

It's an old update that happen on Bitshares before Steem even existed. Bitcoin was also vulnerable to this.

burn us at the steak

typo or intentional ? As a non native speaker, I don't get these subtleties ...

Good catch. Likely just habitual typing of the way it sounds. Sometimes us native speakers go too fast without noticing our errors, especially with words that sound the same but are spelled differently.

steemit: we feed the trolls.

I don't think you're that dumb.

I don't know why this path is easier than writing docs, but I guess it really is!

.....add 4 and 27.... and no docs. OK.

Would this affect my validation key? When I try to transfer steem I keep getting a notice that my key is invalid, but I've never changed it. I'm not really a computer guy so I don't understand.

No, this is just some docs on an old behavior.

I see. I wonder why I'm having a problem

@dantheman concerning the phone numbers mentioned in an earlier comment, here are (per your request) the first digits in a number someone recently tried to verify with:

It's a US number (+1)

415-3...... and so on.

Edit: I might as well add, the user (on steemit.chat) says his/her "phone service is with AT&T"

huh.

RE: What happened to @faddat

For about two years I just figured I was straight-up wrong.

Thanks to @inertia for pointing out that I wasn't. Next time I'll be really kind and diplomatic when making my point.