The Trojan Message Attack on the Pay-to-Public-Key-Hash Protocol of Bitcoin

Bitcoin is the first and seemingly the most successful cryptocurrency based in a peer-to-peer network that uses blockchain technology. Given Bitcoin’s growing real-life deployment and popularity, its security has aroused more and more attention in both financial and information industries. As a body containing a variety of cryptosystems, Bitcoin may also suffer from cryptanalysis attacks. This paper focuses on one of such attacks: the Trojan message attack, and presents in detail how to conduct the attack according to the structure and workflow of the Pay-to-Public-Key-Hash protocol of Bitcoin. The attack aims at forging an upcoming transaction record and results from the fact that all users’ candidate input transactions are open to the attacker. The construction of the attack employs a combination of the Bitcoin transaction structure with standard Merkle–Damgard extension vulnerabilities. The conclusion of the attack shows that both the mathematical structure of the hash function itself and the public information in the blockchain are important to the security of Bitcoin. These factors should be considered in the future for the design of other cryptocurrency and blockchain systems.

[1]  Alex Biryukov,et al.  Egalitarian Computing , 2016, USENIX Security Symposium.

[2]  Florian Mendel,et al.  Improving Local Collisions: New Attacks on Reduced SHA-256 , 2013, EUROCRYPT.

[3]  Marc Stevens,et al.  Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.

[4]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[5]  Yongdae Kim,et al.  Doppelganger in Bitcoin Mining Pools: An Analysis of the Duplication Share Attack , 2016, WISA.

[6]  Frederik Vercauteren,et al.  A cross-protocol attack on the TLS protocol , 2012, CCS.

[7]  Itai Dinur,et al.  Time-Memory Tradeoff Attacks on the MTP Proof-of-Work Scheme , 2017, CRYPTO.

[8]  Hubert Ritzdorf,et al.  Tampering with the Delivery of Blocks and Transactions in Bitcoin , 2015, IACR Cryptol. ePrint Arch..

[9]  Joseph Bonneau,et al.  Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus , 2016, Financial Cryptography Workshops.

[10]  Massimo Bartoletti,et al.  An Analysis of Bitcoin OP_RETURN Metadata , 2017, Financial Cryptography Workshops.

[11]  Jason Teutsch,et al.  Smart Contracts Make Bitcoin Mining Pools Vulnerable , 2017, Financial Cryptography Workshops.

[12]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[13]  Marc Stevens,et al.  New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis , 2013, EUROCRYPT.

[14]  John Kelsey,et al.  Herding, Second Preimage and Trojan Message Attacks beyond Merkle-Damgård , 2009, Selected Areas in Cryptography.

[15]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[16]  Feng Hao,et al.  Refund Attacks on Bitcoin's Payment Protocol , 2016, Financial Cryptography.

[17]  Juha Kortelainen,et al.  On Diamond Structures and Trojan Message Attacks , 2013, ASIACRYPT.

[18]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[19]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[20]  Moti Yung,et al.  Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation , 2017, AsiaCCS.

[21]  Karthikeyan Bhargavan,et al.  Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH , 2016, NDSS.

[22]  Leonid Reyzin,et al.  Beyond Hellman's Time-Memory Trade-Offs with Applications to Proofs of Space , 2017, ASIACRYPT.

[23]  Kasper Bonne Rasmussen,et al.  On Bitcoin Security in the Presence of Broken Cryptographic Primitives , 2016, ESORICS.

[24]  Marc Stevens,et al.  Chosen-prefix collisions for MD5 and applications , 2012, Int. J. Appl. Cryptogr..

[25]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[26]  Jonathan Katz,et al.  Incentivizing Blockchain Forks via Whale Transactions , 2017, Financial Cryptography Workshops.

[27]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[28]  Xiaoyun Wang,et al.  A Key Backup Scheme Based on Bitcoin , 2017, IACR Cryptol. ePrint Arch..