site: research.kudelskisecurity.com
Blockchains: How to Steal Millions in 2^64 Operations
https://research.kudelskisecurity.com/2018/01/16/blockchains-how-to-steal-millions-in-264-operations/ [research.kudelskisecurity.com]
2018-01-18 17:44
tags:
blockchain
exploit
hash
security
TL;DR: you can hijack certain Lisk accounts and steal all their balance after only 2^64 evaluations of the address generation function (a combination of SHA-256, SHA-512, and a scalar multiplication over Ed25519’s curve).
source: green
Algorithms can’t be patched
https://research.kudelskisecurity.com/2017/12/14/algorithms-cant-be-patched/ [research.kudelskisecurity.com]
2017-12-15 04:22
tags:
crypto
development
networking
security
standard
A few more thoughts on the ROBOT attack.
Crypto algorithms are a bit like hardware: if a standardized algorithm has some vulnerability yet isn’t totally broken, you can’t do much about it except avoid using it, or try to minimize the vulnerability’s exploitability.
Improving the SPHINCS post-quantum signature scheme
https://research.kudelskisecurity.com/2017/09/25/improving-the-sphincs-post-quantum-signature-scheme-part-1/ [research.kudelskisecurity.com]
2017-09-30 22:01
tags:
crypto
hash
paper
quantum
security
Should Curve25519 keys be validated?
https://research.kudelskisecurity.com/2017/04/25/should-ecdh-keys-be-validated/ [research.kudelskisecurity.com]
2017-04-25 21:53
tags:
crypto
development
networking
security
When Constant-Time Source Code May Not Save You
https://research.kudelskisecurity.com/2017/01/16/when-constant-time-source-may-not-save-you/ [research.kudelskisecurity.com]
2017-01-17 01:32
tags:
cpu
crypto
exploit
math
security
Once a security design is implemented, whatever effort is put into protecting each part of the code, there still remains a strong possibility of a timing leak. It is virtually impossible to have control over all the parameters at stake. Compiler and processor optimizations, processor specificity, hardware construction, and run-time libraries are all examples of elements that cannot be predicted when implementing at a high level.
source: green