Bitcoin has exploded in popularity and skyrocketed in value. Proponents of blockchain, the technology that makes cryptocurrency possible, now want to apply it to a wide range of other applications like identity management, verifiable records and digital assets such as stocks. Is the industry building new systems on a cryptographically weak foundation? What threats does blockchain face? (Source: RSA Conference USA)

1. SESSION ID:SESSION ID:
#RSAC
Konstantinos Karagiannis
Hacking Blockchain
PDAC-T10F
Chief Technology Officer, Security Consulting
BT Americas
@konstanthacker

2. #RSAC
Another sea change upon us

3. #RSAC
It all started Halloween 2008…
3

4. #RSAC
Bitcoin
4
Satoshi’s altruistic goals
met
Strong investment—5
million dollar pizza
Widespread “positioning”
of cryptocurrency
Literally and figuratively
created the blockchain
movement

5. #RSAC
Blockchain transaction and verification
5
Parties exchange data
Transaction verified or queued

6. #RSAC
Blockchain structure and validation
6
Each block identified by hash
Blocks must be validated to be added to chain

7. #RSAC
Blockchain mining and chain
7
Miners “solve puzzle” (proof of work)
Miners rewarded, block added to majority chain

8. #RSAC
Blockchain defense
8
Trying to submit an altered block would change hash
function of that block and all following blocks—nodes
would detect and reject block.

9. #RSAC
Some proposed blockchain applications
9
Digital assets
Identity (black box)
Verifiable data
Smart contracts

10. #RSAC
Attacks past and present

11. #RSAC
Quick caveat
11
Not allowed to discuss
vulnerabilities found during ethical
hacks of BT-client financial
applications
Publicized examples follow to
highlight types of attacks possible
May use occasional “guesses” to fill
in blanks based on experience
If I’m wrong, I know the attacks still
work!

12. #RSAC
1 RETURN – responsible disclosure
12
First security vuln identified July, 2010
by ArtForz
Allows spending of other user’s bitcoins
via Sig OP_1 OP_RETURN
Satoshi kept 1 RETURN quiet as he
rolled out a patch
ArtForz proved Satoshi’s belief early
users would want to maintain value in
Bitcoin

13. #RSAC
Attacks against blockchain infrastructure
13
Mt. Gox first major bitcoin disaster
June 2011: $8 million stolen (admin pw)
Feb 2014: $460 million stolen (transaction
malleability)
No version control software in Mt.
Gox—bug fixes often delayed, untested
code pushed straight to production
Gatecoin hacked May 2016 via a server
disruption and reboot (bypassing
multisig cold wallets)—more modest
250 BTC and 185,000 ETH.

14. #RSAC
Attacks against code
14
DAO smart contract flaw
known of since May 2016
June 17, hacker used
recursive flaw to make
splits inside splits, moving
Ether repeatedly without
checking “balance”
Hard fork resulted

15. #RSAC
Attacks against blockchain sites
15
2013, payments processor Inputs.io site
compromised—for $1 million (social
engineering)
Steemit blockchain-based blogging
platform web site authentication
targeted July (no 2FA)—$85,000 funds
stolen by transactions (hard fork after)
Reports of Coinbase hacking incidents
appear on the net regularly. Insured
against mass breach, not individual
credential attacks

16. #RSAC
Attacks against hot wallets
16
Dec 7, hacker compromises VC Bo
Shen’s phone, gaining access to
$300,000 in Augur and Ether from
wallet
Ransomware obvious issue, but
malware that steals credentials like
Mokes.A can lead to transactions
Android phones more susceptible
than ever due to poor updating in all
but newest devices

17. #RSAC
Attacks against cold wallets
17
Bitfinex tried to remove risk
of “security exposures” by
adding an extra layer via
BitGo
BitGo as part of multisig it
seems could do whatever it
wished
Cold wallets turned hot Aug
2016
Over $70 million swiped
Losses of 36% across all users
unlike FDIC

18. #RSAC
Attacks against nodes
18
Major node attack thwarted Aug
2010—Bitcoin block 74638 flaw could
generate 184 Billion transactions!
Sept 18, Geth nodes (Ethereum) ran
out of memory and crashed on block
2283416 (Ethereum classic
sabotage?)
Aug, Krypton and Shift hit by proof of
concept 51% attack—overpowered
by rented NiceHash hashpower
Scanning for nodes to target (e.g. TCP
port 8333) possible

19. #RSAC
Traditional risks to new applications
19
Digital assets
Ownership
Identity
Black box interactions at risk
Verifiable data
Malicious transactions
Smart contracts
Code flaws, repudiation

20. #RSAC
Coming attacks against
blockchain’s biggest flaw

21. #RSAC
Remember Satoshi’s words?
21
August 2015: NSA publicly warned against using ECC, the type
of encryption in blockchain

22. #RSAC
Elliptic curve cryptography
22
Public key system, like RSA, El Gamal,
Rabin
Based on algebraic structure of elliptic
curves over finite fields
Public key for encryption or sig validation
Private key for decryption or sig
generation

23. #RSAC
ECC Bitcoin example
23
Bitcoin wallet addresses made of: Public key,
private key, and address
Public key derived from private key by elliptic
curve multiplication
Address derived by:
applying SHA256 hash function to public key
applying RIPEMD-160 hash function
adding checksum for error correction
“Used” bitcoin or other entities have public
keys exposed on blockchain

24. #RSAC
Quantum threat looming
24
Quantum computers can crack ECC
Machines exploit quantum
“weirdness” of superposition to
allow existence of qubits
Qubits can be a percentage of both
zero and one at the same time
Qubits and special algorithms allow
quantum computers to do things
classical computers can’t do in
thousands of years

25. #RSAC
World’s easiest explanation of superposition
25
Expected particle behavior or “pooling”

26. #RSAC
World’s easiest explanation of superposition
26
Wave pattern without observation of which
slit a particle goes through

27. #RSAC
World’s easiest explanation of superposition
27
Even one particle going through at a time
creates wave pattern

28. #RSAC
World’s easiest explanation of superposition
28
Use a detector on either slit, and pooling
appears: particle-wave duality

29. #RSAC
Maintaining superposition
29
Observing either slit destroyed the
superposition
Quantum computers need to maintain
superposition among many qubits to
perform calculations
University of Maryland and others have
found new ways to chain together qubits

30. #RSAC
With enough stable qubits…
30
A quantum computer can run Shor’s
algorithm (1994) and quickly crack any
public key encryption by finding
factors of large numbers
Likely answers interfere constructively,
unlikely ones destructively
Simple quantum computers run it with
two photonic qubits, showing 21=3*7
Within 3 years QCs may have
hundreds of qubits

31. #RSAC
Bitcoin example within 3 years
31
Bitcoin transaction includes a signature
and a public key to verify owner
That publicly available information is all a
quantum computer needs to get private
key and “become” another user
This type of attack can be done passively
(offline) by downloading any type of
blockchain
No reuse?

32. #RSAC
Lamport signatures—a stopgap?
32
Public key consists of 320 hashes rather than an
elliptic curve point
Address is SHA256+RIPEMD-160 hash of public key
Transaction includes public key and signature—
verifiers check if:
public key matches address
signature matches message and public key
Even with Grover’s algorithm, it takes 2^80 steps to
construct a fraudulent transaction or 2^80 * 80
steps to crack all hashes (trillions of trillions)

33. #RSAC
Post-quantum crypto
33
Code based
Hash based
Lattice based
Multivariate quadratic equations
One time pad
liboqs, open source C library
(https://openquantumsafe.org/
have fork for SSL as well)

34. #RSAC
Apply these warnings!
34
As soon as possible, take a new look at any blockchain applications
you’re developing or using in your company
Be sure any of these applications actually need to be blockchain
based, considering:
security
permanence of data (being able to make changes can be a good thing)
whether current technology may be superior (not everything should be bc)
Is your blockchain app an overlay to a proven blockchain and protocol,
or is it potentially too untested for critical applications?

35. #RSAC
Apply these warnings!
35
Within the next three months prioritize testing the security of
blockchain applications by their criticality to your business
Perform ethical hacking engagements against the implementation of
your platform—remember all the basic flaws that undo even sound
crypto
Make sure your ethical hackers have actually worked with blockchain
protocols before—this isn’t the time for a vendor to learn on your
dime

36. #RSAC
Apply these warnings!
36
Looking ahead, six months and on, what
can you do to ensure the future of
blockchain security
It’s too late to develop applications that
are not post-quantum safe
Consider investing your dev resources to
give something back to blockchain
NIST has made call to arms to develop
post quantum crypto solutions for PK—
working on this could improve bc going
forward (http://www.nist.gov/​pqcrypto)

37. #RSAC
Questions? Please join me for a “focus
on” session (FON4-T11) today in
Moscone West 2024 from 3:45 to 4:15
@konstanthacker