Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [DSH] Dashcoin (Cryptonote) UPDATE: New source/wallets+GUI - 1.0.10
by
DashCoinInfo
on 21/05/2017, 11:08:32 UTC
hello everybody, i'm arielbit i'm not a very technical person like the coders/programmers here so i would like to put this PM in public for everyone to see and understand stuff..i believe the update slb posted up thread, the latest wallet version is patched.

i'm just managing this thread since kushedout is busy on his stuff....just trying to help

Quote from: fluffypony on April 25, 2017, 08:50:53 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In Monero we've discovered and patched a critical bug that affects all CryptoNote-based cryptocurrencies. We patched it quite some time ago, but until the hard fork that we had a few weeks ago we were unsure as to whether or not the entire network had updated. Because we are now certain they have, we are able to reveal the details to you so that you can patch your coin.

Note that the hash of these details was precommitted to the Monero blockchain in tx dff7a79e44f9392e19fe5205c389d3e799f89c62d90d624219618d754b806e04, and we will be revealing the details publicly by the middle of May. Please make sure you have patched your coin by then.


Problem:
The so-called "key image" as used in Cryptonote coins utilizing elliptic curve ed25519 can be modified in a special way, allowing double-spends. I leave out exact details in this draft to give some time for mitigation.

Hash (keccak-256) of details, to be released later: <4402e902f1ac8cec96a17453dcae307d21a7995a94b76e9c3eb7ca7baeffb8c8>


Mitigation:
Several options exist for mitigation; I include the simplest, least invasive here.

To mitigate, check key images for correctness by multiplying by the curve order l. Check that the result is the identity element.

I include hexadecimal values of each:
Identity element = "0100000000000000000000000000000000000000000000000000000000000000"
Curve order (little endian) = "edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"

For each transaction key image, check ((key image * curve order) == (identity element)); reject transaction if false.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJY/w0uAAoJEFVDLfMczU/NHMoH/A5Qb7OQbz1w/Vr33+MEfd+p
ZVf1PXHbA7xIU14Pvg4TBNtZz9FL+cG4QeG5zPEJ/mVX6mG6AoaaVMnCm9vGi3pb
d06qKmPYeXB9AAdXMFaz55YGb24tVwNb3yJpZGYRNMhsJNfPXnHEI4nyWY+pEQ9d
B4VD9aknhPRSSZ7UoHOBVV91FHYhZ2RF65sMbTq8qvo9/kIdNzgg8UULwh4Z16aE
wgyNYI9jESOKsa3SxOx5C2MYLx7YI2dj5Z9paJo3RD6E2SDSs86t6PGb06vPo85j
HaIcsM5HVm58Pf1FLpGnKUZZ/vKyh5NQdogxyH6NIHdG5aV7CDiK+FP8qu50OD4=
=JsNa
-----END PGP SIGNATURE-----

thanks fluffypony.