Jump to content
pvap

Is Ripple vulnerable to a "collision" attack?

Recommended Posts

Hello everyone,

New here... but I've been lurking for a while now. :)

 

The other day I came accross this project: https://lbc.cryptoguru.org/about

Basically, it's a distributed effort whith the purpose of creating private keys and matching them against a pre-defined list of BTC addresses holding funds on them.

What amazes me is the fact that they've succeeded in doing so... 54 times already (check the trophies section)!

I'm not going to discuss the algorithm being used here, nor if it would be more rewarding to put the computational effort into mining instead. But for anyone that's interested, just check the above link, or these two more references:

 

So, my question is... is Ripple vulnerable to a similar attack?

 

Regards,

pvap

Share this post


Link to post
Share on other sites

If there ever was a more direct question that only @JoelKatz could answer, it would probably be none of our business.  Joel?  (if that is your real name..)

 

EDIT: I'm being facetious.  I know it's David.  Is my text that cold and hard?

Edited by galgitron

Share this post


Link to post
Share on other sites
10 minutes ago, pvap said:

So, my question is... is Ripple vulnerable to a similar attack

Probably yes, because behind the scenes uses similar method of generating public addresses.

I think this was already discussed somewhere (and nikb responded).

 

Share this post


Link to post
Share on other sites
Just now, T8493 said:

I think this was already discussed somewhere (and nikb responded).

You're correct,  very recently it was in a thread between Max Entropy and nikb... nikb decided to stop feeding the troll. 

Share this post


Link to post
Share on other sites
3 minutes ago, Apollo said:

I think this attack only works when secret keys are nonrandom. Ie, Keys are generated using flawed systems. 

I believe they're covering all the private keys in a 2^160 range.

Something running in their favor is the fact that a public address can be generated from more than 1 private key (theoretically). So, we don't need to hold the original private key that was used to generate the public key. We just need a matching one.

Share this post


Link to post
Share on other sites

I think this quote says it all. 

"The number looks impressive, but as is I have a 50% chance of hitting an address with funds on it after a mere 1691552820984841340513524111940 days (or 4634391290369428330174038662 years)."

Share this post


Link to post
Share on other sites
11 minutes ago, Apollo said:

I think this quote says it all. 

"The number looks impressive, but as is I have a 50% chance of hitting an address with funds on it after a mere 1691552820984841340513524111940 days (or 4634391290369428330174038662 years)."

Well, that statistic was from his sole computational effort only. The project than evolved to become distributed.

54 hits in 1,5 years is impressive!

Share this post


Link to post
Share on other sites

You'd be much better off doing research about the http://www.st.com/en/secure-mcus/st31h320.html or similar chips used by hardware wallets and check for flaws in their RNG than to look for collisions randomly. Then again, if you were actually skilled enough to do that, you'd usually have a job that pays enough so you don't have to steal from people...

This is an actual problem in IT security (attacks that require highly skilled and highly motivated attackers are usually discarded as lower risk), but in general one of the big outputs of what got revealed a while ago about such highly skilled and motivated attackers is that crypto actually works. Attacks are usually focussed around implementation weaknesses, side channels, bad assumptions... but not really about having some "secret sauce" where you can use a shortcut in an algorithm that only you know about.

Edited by Sukrim

Share this post


Link to post
Share on other sites
1 hour ago, nikb said:

The effort you refer to is to crack what are known as “brain wallets.” These are wallets derived from passphrases, or other information people memorize.

You can generate such a wallet on Ripple, but I’d advise you not to for the simple reason that your wallet is as secure as your passphrases and if it’s somethinf you memorize, it’s almost certainly not secure enough.

Ripple seeds are 128 bits long. That means that there are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys.

 

Hi @nikb, I'll contest your findings somewhat.  First, I don't believe the memorable passphrase is their approach at all (especially given the advent of salting, nonceing, etc.) or at least that effort would exhaust itself pretty quickly.  No, they are literally picking a 128-bit key out of the air and trying it, so it's irrelevant how the owner got their keys.  Second, the astronomical figure you submit implies each key owns their own subset of hash results, which they don't.  It's statistically being proven by these very experiments (break and enters?) that there are viable hashes with possibly large numbers of working keys; meaning that not all possible 128-bit potential hash values might even have a key (unviable).  It's the unknown ratio of viable to unviable hashes that these brute force attacks are exploiting, and with publicly-demonstrable success.  Third, compound this with the notion that they aren't just targeting a single address, but instead, whatever hashes they produce are used try to find an address out of the millions (billions?) with meaningful balances that they might unlock, effectively massively magnifying their hashing efforts.

I believe this really is an existential threat to the security of all blockchains less than 256-bit, dare I say 512?  Quantum computers will make the ratio of viable to unviable even more glaring as random accounts start losing balances.  I fully understand the implications of moving to 512-bits, but I think Ripple is best situated to evolve there first.  Hell, it could even be a fantastic selling point to your clients: upgrade to 512, then publicly highlight how you've nullified the brute-force attack threat, leaving the other blockchains with their pants down and suddenly looking very risky.

My commission is 10%

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...