CPSC 5910�BLOCKCHAIN SECURITY�Winter 2022��Session 03
Dr. Christian Seifert
Twitter: @cseifert
Telegram: christian_forta
Discord: � Christian | Forta#0582
OutlinE
Page 2
STUDENT PRESENTATION
Page 3
Cryptographic Techniques
Page 4
Cryptography (Crypto)
Digital Signatures
Hashing Functions
Protects communications and data
Sign messages and verify signatures
Create unique fingerprints for data
Slide Credit: “Michael Lewellen, Blockchain Education Course, Tarski Technologies, LLC”
Symmetric Cryptography
Page 5
+ Fast
- How to exchange the key?
Symmetric Cryptography
Use one key to protect messages
Slide Credit: “Michael Lewellen, Blockchain Education Course, Tarski Technologies, LLC”
Secret 🔑
Secret 🔑
Bob
Alice
Message�Hi Alice! ….
Message�Hi Alice! ….
Ciphertext�xfjwer!kdf
Send encrypted message
ASYMETRIC CRYPTOGRAPHY
Page 6
Slide Credit: “Michael Lewellen, Blockchain Education Course, Tarski Technologies, LLC”
+ Secure as no secret is exchanged
- Slower
Asymmetric Cryptography
Use a public and private key pair
Using Digital Signatures
Page 7
Slide Credit: “Michael Lewellen, Blockchain Education Course, Tarski Technologies, LLC”
Original Transaction | |
FROM | Bob’s Public Key |
TO | Alice’s Public Key |
AMOUNT | $10 |
SIGNATURE | Bob’s Signature 🔐 |
Bob
Eve (Attacker)
Attacker Transaction | |
FROM | Bob |
TO | Alice Eve |
AMOUNT | $10 |
SIGNATURE | Eve’s Fake Signature 🔓 |
Eve’s attack fails when she can’t generate a valid digital signature
Bob includes a digital signature using his private key
Private 🔑
SSL Encryption
Page 8
Browser
Web Server
Certificate Authority
1. Request Certificate (Public Key of Web Server)
2. Respond with Certificate (Public Key of Web Server)
3. Validate Certificate
4. Certificate is Valid
5. Encrypt Browser Public Key with Certificate
6. Respond with signed symmetric secret encrypted with Browser Public Key
7. Encrypt Request with symmetric secret
8. Decrypt Request with symmetric secret and send encrypted resopnse
ETHEREUM WALLET
The term “Wallet” is misnomer. Wallet implies that it holds your assets similar to how your wallet in your pocket contains your dollar bills. This is not the case for blockchains.
Wallets contain your private key that allows to sign transactions submitted to the blockchain.
A wallet private key gets generated randomly (using random number generator of your device + human input) upon wallet creation. 2^256 bits ~ # of atoms in the universe. Noone can guess your private key. � E.g. f8f8a2f43c8376ccb0871305060d7b27b0554d2cc72bccf41b2705608452f315 (hex representation)
Can you think of a weakness during the generation of the random key?
The private key gets stored locally on your machine. What is a risk with this approach? How could you mitigate?
The public key K is generated from the private key and generator point G on the elliptic curve. This allows to generate multiple public keys controlled by one private key.� E.g. K = 6e145ccef1033dea239875dd00dfb4fee6e3348b84985c92f103444683bae07b...
The Ethereum public address is derived from the Keccak-256 hash:� E.g. Keccak256(K)= 2a5b0005732269001d3f1ef827552ae1114027bd3ecf1f086ba0f9
The keys are generated offline. Nothing is recorded on-chain of you creating a key.
Page 9
Let’s create a wallet!
BREAKING SYMMETRIC ENCRYPTION
Caesar’s Cipher
A->F
B->G
C->H
D->I
…
MY NAME IS CHRISTIAN -> RD SFRJ NX HMWNXYNFS
Page 10
CAESAR CIPHER TEXT
Rsjkirtk. R glivcp gvvi-kf-gvvi mvijzfe fw vcvtkifezt trjy nflcu rccfn feczev
grpdvekj kf sv jvek uzivtkcp wifd fev grikp kf refkyvi nzkyflk xfzex kyiflxy r
wzeretzrc zejkzklkzfe. Uzxzkrc jzxerklivj gifmzuv grik fw kyv jfclkzfe, slk kyv drze
svevwzkj riv cfjk zw r kiljkvu kyziu grikp zj jkzcc ivhlzivu kf givmvek uflscv-jgveuzex.
Nv gifgfjv r jfclkzfe kf kyv uflscv-jgveuzex gifscvd ljzex r gvvi-kf-gvvi evknfib.
Kyv evknfib kzdvjkrdgj kirejrtkzfej sp yrjyzex kyvd zekf re fexfzex tyrze fw
yrjy-srjvu giffw-fw-nfib, wfidzex r ivtfiu kyrk treefk sv tyrexvu nzkyflk ivufzex
kyv giffw-fw-nfib. Kyv cfexvjk tyrze efk fecp jvimvj rj giffw fw kyv jvhlvetv fw
vmvekj nzkevjjvu, slk giffw kyrk zk trdv wifd kyv crixvjk gffc fw TGL gfnvi. Rj
cfex rj r drafizkp fw TGL gfnvi zj tfekifccvu sp efuvj kyrk riv efk tffgvirkzex kf
rkkrtb kyv evknfib, kyvp'cc xvevirkv kyv cfexvjk tyrze reu flkgrtv rkkrtbvij. Kyv
evknfib zkjvcw ivhlzivj dzezdrc jkiltkliv. Dvjjrxvj riv sifrutrjk fe r svjk vwwfik
srjzj, reu efuvj tre cvrmv reu ivafze kyv evknfib rk nzcc, rttvgkzex kyv cfexvjk
giffw-fw-nfib tyrze rj giffw fw nyrk yrggvevu nyzcv kyvp nviv xfev
Page 11
https://cryptii.com/pipes/caesar-cipher
FREQUENCY ANALYSIS
English Language Frequencies
Caesar’s Test Frequencies
Page 12
https://www3.nd.edu/~busiforc/handouts/cryptography/letterfrequencies.html
https://www.dcode.fr/frequency-analysis
E->V – shift of 17
CAESAR CIPHER TEXT
Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone
Page 13
Bitcoin White Paper Abstract
BREAKING SYMMETRIC ENCRYPTION
Page 14
ENIGMA MACHINE
Page 15
The Enigma machine is a cipher device developed and used in the early- to mid-20th century to protect commercial, diplomatic, and military communication. It was employed extensively by Nazi Germany during World War II, in all branches of the German military.
Around December 1932 Marian Rejewski, a Polish mathematician and cryptologist at the Polish Cipher Bureau, used the theory of permutations, and flaws in the German military-message encipherment procedures, to break message keys of the plugboard Enigma machine.
Page 16
HASHING
Where are hash functions used?
What could you do if you were to create hash collisions?
What could you do if you could reverse a hash to the original value?
Page 17
WHAT IS THIS HASH?
5f4dcc3b5aa765d61d8327deb882cf99
What does this hash represent?
How could you prevent R(x’) -> x?
Page 18
Rainbow Tables
Page 19
http://project-rainbowcrack.com/table.htm
Precomputed tables of hash values, which facilitate a lookup from hash to value
https://analogist.net/post/a-non-technical-history-of-password-storage/
MORE SECURE HASHING USING SALTs
Assume you have access to a compromised database of salted passwords. How could you break it?
Page 20
Using Hashing Functions
Page 21
Slide Credit: “Michael Lewellen, Blockchain Education Course, Tarski Technologies, LLC”
Signed Transaction | |
FROM | Bob’s Public Key |
TO | Alice’s Public Key |
AMOUNT | $10 |
SIGNATURE | Bob’s Signature 🔐 |
Transaction with Hash ID | |
FROM | Bob’s Public Key |
TO | Alice’s Public Key |
AMOUNT | $10 |
SIGNATURE | Bob’s Signature 🔐 |
HASH | 8743b52063cd84097a65d1633f5c74f5 |
Hash Function
Lookup the TX hash
in the ledger
Node A
Node B
Node C
Node D
Node E
USING HASHING FUNCTION
Page 22
BLOCK1
HASH XYZ�TX1�TX2
BLOCK1
HASH ABC
PHASH XYZ�TX3�TX4
BLOCK1
HASH DDD
PHASH ABC�TX5�TX6
TRANSACTIONS
Demo: Creating and signing transactions using your wallet
Page 23