P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg titulka PA193 Security technologies Team projects: parser for cryptocurrency blockchain entry •Petr Švenda •Faculty of Informatics, Masaryk University, Brno, CZ •| PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Project idea 1.Write custom parser for selected cryptocurrency 2.Code review of other team parser 3.Create patch for a selected flow and pull request 4. •| PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Project 1.Identify, design and implement cryptocurrency blockchain parser (now) –Parser will take two consecutive blocks, assume validity of a first one and verify the validity of the second one –Must be written completely from scratch, your own code –For cryptographic functions (sign, hash) use some existing library –Use git (GitHub), document functions, create tests –Not Bitcoin or its direct copycats (with same or very similar block structure) –Parse original binary format of the block (not some postprocessed JSON etc.) –See https://www.worldcoinindex.com/ for list of coins 2.Review of code of other group’s parser –Find bugs by code review, using automated tools etc. (static analyzers, fuzzers…) –Prepare presentation with findings 3.Implement bugfix for one selected issue and create pull request – •| PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Teams •3 people per team –Assigned today (within group) •Teams must use GitHub for cooperation –Distribute work load between all members –Contribution from all team members must be visible in commits (git commits from the member) –Your evaluation will be partially based on your participation •Start working early, especially with implementation • | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Immediate next steps •Form group, exchange emails •Get together and select your favorite currency •Find example of valid binary blockchain blocks •Send me email with your selection together with an example block (25.09.2017) –Wait for confirmation •Setup repo at GitHub ‘PA193_test_parser_XXX’ where XXX is name of your currency •Write parser implementation together with Tests! – | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Projects - timeline 1.Write code (GitHub): 10 points (5.10.2017 & 9.11.2017) –Demonstrate basic setup, Github repo, Travis CI, example inputs blocks (valid & invalid) [short presentation 5.10.2017 at your seminar] –Completed implementation + presentation [9.11.2017, your seminar group, random team member] 2.Review and attack implementations: 7 points (14.12.2017) –Review and attack implementations of other teams –Initial kickoff together with implementation team [9.11.2017] –Report + presentations [14.12.2017] 3.Write patch for a selected bug: 3 points (19.1.2018) –Notify me once patch is committed and accepted by target team •At least 10 points (total) from project are required •| PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Basics of block chain | PA193 - Security technologies https://bitcoin.org/en/developer-guide#block-chain P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Basics of block chain II. | PA193 - Security technologies https://bitcoin.org/en/developer-guide#block-chain P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Bitcoin block (example invalid) •Bitcoin block 74638 (15th August 2010) 9 CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba, nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2) CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0) CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00) CTxOut(nValue= 50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7) CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0) CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC) CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7) CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512) vMerkleTree: 012cd8 1d5e51 618eba Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9 Input transaction (with 0.5BTC) https://blockexplorer.com/tx/237fe8348fc77ace11049931058abb034c99698c7fe99b1cc022b1365a705d39 Mining block reward (was 50BTC at 2010, is 12.50BTC now) 2 output transactions (each with 9*1010 BTC) !!! Should have been rejected by miners as value(output) >> value(input), but was not! P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg TEAMS •NOTE: Teams with 4 members are expected to implement full verification of the whole blockchain instead of single block | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg •Ethereum, C++: https://github.com/kasparjarek/PA193_test_parser_Ethereum –Jaroslav Kašpar –Šimon Struk –Vojta Polasek •Litecoin, C++: https://github.com/Urvek/PA193_test_parser_litecoin –Urvekkumar C Shah –Hitesh Lilhare –Akhilesh kumar Soni –Vikas Lamba • | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg •Novacoin, C++: •https://github.com/arvindrao7589/PA193_test_parser_Novacoin –Arvind Rao <476357@mail.muni.cz> –Kuldeep Goyal –Surendra Kumar Yadav <476364@mail.muni.cz> •Dash, C++: https://github.com/JakubMar/PA193_test_parser_dash –Jakub Martinka, –Marek Vančík –Peter Benčík | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA193 - Security technologies P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg •DogdeCoin, Java: https://github.com/securecodingproject/PA193_test_parser_dogecoin –Eduardo Roldan –Clement Thiallet –Barna Bruder •ZCash, C++: https://github.com/nirajkalra/PA193_test_parser_ZEC –Niraj Kalra <476365@mail.muni.cz> –Chintan Khanna <476362@mail.muni.cz> –Gajraj Kuldeep <476369@mail.muni.cz> • | PA193 - Security technologies