cryptography

Cryptography (or cryptology; from Greek κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "writing", or -λογία -logia, "study", respectively) is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). read more at WikiPedia

  • For the first time a comprehensive overview is available that shows the size, importance and diversity of the whole ecosystem in the Crypto Valley. http://cryptovalley.directory lists more than 350 companies developing and using blockchain technologies

    The Swiss blockchain ecosystem, also known as the Crypto Valley, is home to a growing number of startups, service providers and other organizations. The Crypto Valley Map is a constantly updated database of these ecosystem contributors, provided for free.

    I was having lots of fun implementing it with all my colleagues of inacta AG & Lakeside Partners AG :-)

  •  

    Blocks & Transactions

    Transaction data is permanently recorded in files called blocks. They can be thought of as the individual pages of a city recorder's recordbook (where changes to title to real estate are recorded) or a stock transaction ledger. Blocks are organized into a linear sequence over time ("Miner" or "Worker") also known as the block chain). New transactions are constantly being processed by Miners (into new blocks which are added to the end of the chain and can never be changed or removed once accepted by the network. Each block contains, among other things, a record of some or all recent transactions, and a reference to the block that came immediately before it. It also contains an answer to a difficult-to-solve mathematical puzzle – the answer to which is unique to each block. New blocks cannot be submitted to the network without the correct answer – the process of "mining" is essentially the process of competing to be the next to find the answer that "solves" the current block. The mathematical problem in each block is extremely difficult to solve, but once a valid solution is found, it is very easy for the rest of the network to confirm that the solution is correct. There are multiple valid solutions for any given block – only one of the solutions needs to be found for the block to be solved. Because there is a reward of brand new cryptocurrency units for solving each block, every block also contains a record of which address is entitled to receive the reward. Transactions are broadcast to the network by the sender, and all peers trying to solve blocks collect the transaction records and add them to the block they are working to solve. Miners get incentive to include transactions in their blocks because of attached transaction fees. The difficulty of the mathematical problem is automatically adjusted by the network, such that it targets a goal of solving an average of (X) blocks per time interval (details are specified in the respective consensus rules of a cryptocurrency). The network comes to a consensus and automatically increases (or decreases) the difficulty of generating blocks. Because each block contains a reference to the prior block, the collection of all blocks in existence can be said to form a chain. However, it's possible for the chain to have temporary splits – for example, if two Miners arrive at two different valid solutions for the same block at the same time, unbeknownst to one another. The peer-to-peer network is designed to resolve these splits within a short period of time, so that only one branch of the chain survives. The client accepts the "longest" chain of blocks as valid. The "length" of the entire block chain refers to the chain with the most combined difficulty, not the one with the most blocks. [Source: https://en.bitcoin.it/wiki/Block ]

    Uncles

    Uncles are orphaned blocks that contribute to the security of the main chain, but are not considered the canonical "truth" for that particular chain height. They only exist in Ethereumbased cryptocurrencies. For more information on Ethereums uncle mechanism please review the relevant section of the Ethereum wiki under uncle-incentivization">https://github.com/ethereum/wiki/wiki/Design-Rationaleuncle-incentivization. [Source: http://ethereum.stackexchange.com/questions/34/what-is-an-uncle-ommer-block]

    Block chain

    Block chain is a decentralized and continually updated list of transactions occurring across a certain peer-to-peer network. Blocks of transactions are validated and linked together by specific methods of cryptography. Manipulating individual transaction records is hardly possible in this context. A blockchain provides a wide range of functionality. Besides establishing cryptocurrency and payment infrastructures, it can be used, for instance, to digitally sign documents (proving identity) or create verifiable records of business processes.

    Mining

    Mining is the process of adding transaction records to a cryptocurrencies public ledger of past transactions. This ledger of past transactions is called the block chain as it is a chain of blocks. The block chain serves to confirm transactions to the rest of the network as having taken place. Cryptocurrency nodes use the block chain to distinguish legitimate transactions from attempts to re-spend coins that have already been spent elsewhere. Mining is intentionally designed to be resource-intensive and difficult so that the number of blocks found each day by Miners remains steady. Individual blocks must contain a proof of work to be considered valid. This proof of work is verified by other nodes each time they receive a block. Ethereum uses the "ethash" proof-of-work function while Zcash uses the "equihash" algorithm. The primary purpose of mining is to allow nodes to reach a secure, tamper-resistant consensus. Mining is also the mechanism used to introduce new units of cryptocurrency into the system: Miners are paid any transaction fees as well as a "subsidy" of newly created coins. These both serve the purpose of disseminating new coins in a decentralized manner as well as motivating people to provide security for the system. Mining is so called because it resembles the mining of other commodities: it requires exertion and it slowly makes new currency available at a rate that resembles the rate at which commodities like gold are mined from the ground. [Source: https://en.bitcoin.it/wiki/Mining] To ensure mining can be carried out reasonably, certain hardware demands are to be fulfilled; mining entails a high level of power consumption. The process of mining is conducted using specialized software available for different operating systems. Each cryptocurrency defines a unique mining reward scheme. For more information on the rewarding scheme employed by the Ethereum cryptocurrency please consult the Ethereum Yellow Paper under https://github.com/ethereum/yellowpaper ; for more information on the Zcash rewarding scheme please consult the Zcash protocol specifications under https://github.com/zcash/zips/blob/master/protocol/protocol.pdf . The intensity of the mining tasks is highly demanding; hardware components may – exceptionally – be destroyed completely. As the hardware setup of each Worker is individually compiled, you must assess (and bear) the risk associated with such high electrical load by yourself. As mining is an intensive task for the hardware of your computer (CPU, GPU), the process can cause high costs for electricity. 

    Mining pools 

    Mining pools pursue the objective to solve blocks more quickly and split the rewards equally. Participants of a mining pool presenting a valid proof of work are awarded a "share". A share is a hash, smaller than a specified difficulty, but generally without value as only the hash smaller than the target value solving a block and determined by difficulty is of importance. Mining pools are available in a range of forms and arrangements as well as for different types of cryptocurrency. Depending on the mining pool, various payout schemes may be applied.

    Solo mining payout scheme

    Each submitted share will increase the credits of the Miner who submitted the share by the fixed share difficulty of the pool. The Miner who accumulated the most credits will receive the reward of the next block that has been mined by the pool and his credits will be reset to his current credits minus the credits of the runner up Miner. "Uncles" are distributed in a similar way only that the credits of the Miner receiving the uncle reward will not be reset.

    Pay-Per-Last-NShares ("PPLNS") payout scheme

    This reward system is round based, whereby one round has an arbitrary number (N) of minutes. When a block has been found by the pool, the block reward is distributed according to the number and difficulty of the shares submitted during the last hour. Payout takes place immediately after the minimum payout amount of 1 "Coin" has been reached. However, the payout threshold may be customizable.

    Pool fee

    The pool fee to be collected by the service provider amounts to a uniform x% (0.5% up to 2%) calculated from the total mining rewards as defined by the cryptocurrency consensus protocol .

    Share 

    A Share is awarded by the mining pool to the clients who present a valid proof of work of the same type as the proof of work that is used for creating blocks, but of lesser difficulty, so that it requires less time on average to generate. [Source: https://en.bitcoin.it/wiki/Pooled_mining ]

    Ethereum 

    Ethereum is an open-source project establishing a decentralised platform running applications exactly as programmed. Downtime, censorship, fraud and third party interference are not possible according to the developers. Using a customized blockchain able to move values, Ethereum has an enormously wide application area and provides numerous options for developers. The platform facilitates the realization of so called smart contracts, allowing, for example, the automatic negotiation or enforcement of contracts. Ether, as the actual cryptocurrency, is a necessary element for operating Ethereum (payment for requested operations). It is also traded on cryptocurrency exchanges. Ethereum Classic is a split from the existing cryptocurrency Ethereum and Etherium Classic offer the same features. Both blockchains act individually.

    Zcash 

    Zcash ("ZEC") is a decentralised and open-source cryptocurrency with increased confidentiality. Despite payments are – as usual in connection with cryptocurrencies – published on a blockchain, the sender, recipient and amount of transactions are only visible to those people with the corresponding "view key" as these "shielded" transactions are specifically encrypted. In using advanced cryptographic technology, transactions can be verified without revealing additional information.

  • Recorded by me at Tech Tuesday Meetup group 4 Oct. 2016

    "Blockchain, cryptography, and consensus" By Christian Cachin (Cryptographer, IBM Research - Zurich)

    Christian Cachin is a senior researcher at IBM Research Zurich. His research focuses on information security and distributed systems, with emphasis on secure protocols for distributed systems. Two of his current research topics are blockchain and consensus protocols in general. He received his PhD in cryptography from ETH Zurich in 1997.

  • cryptoparty

    CryptoParty is a grassroots global endeavor to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, True Crypt, and virtual private networks to the general public.

    The first draft of the 442-page CryptoParty&160;Handbook (the hard copy of which is available at cost), was pulled together in three days using the book sprint approach, and was released 2012-10-04 under a CC-BY-SA license; it remains under constant revision.

    The CryptoParty&160;Handbook v1.1 has been released and you download or edit here

    Why Privacy Matters
    Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Simply put, privacy is the border where we draw a line between how far a society can intrude into our personal lives.

  • pdf-iconSome PDFs on the internet have a copy protection to make sure you cannot copy-paste any content from the PDF into a document you're writing. Defeating this protection is very easy as you will see in this post.

    I will use a combination of Open Source tools to extract the content of a protected PDF..

     

     

     

     

    This is how a protected PDF look like in Adobe Acrobat under File - Properties

     password.protected.pdf.copy.text 

    You will need to obtain GhostScript

    Ghostscript is an interpreter for the PostScript language and for PDF, and related software and documentation.

    So run the self-extracting EXE from http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl871.htm to install the engine

    gs871w32.exe, GPL Ghostscript 8.71 for 32-bit Windows (the common variety).
    gs871w64.exe, GPL Ghostscript 8.71 for 64-bit Windows (x86_64).

    Now install the viewer from http://pages.cs.wisc.edu/~ghost/gsview/get49.htm 

    gsv49w32.exeWin32 self extracting archive
    gsv49w64.exeWin64 (x86_64) self extracting archive

    password.protected.pdf.copy.gsview

    Then start Gsview and Open the PDF, you can either convert it to PS (Postscript) and you’ll be able to edit it like any other document or under the menu  Edit - text extract you’ll be able to save the context in a Text file. Enjoy :-)

  • I start reading this book 2 days ago (135pages read of 412 pages), It is quite interesting, especially the chapter about pseudo-random generator quality and bias, Zero knowledge protocol, polymorphic virus body using relatively small algorithm (TEA)...It also propose some solutions but I did not reach this chapter...

    Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it.

    Malicious Cryptography: Exposing Cryptovirology
    Adam Young, Moti Yung
    ISBN: 0-7645-4975-8

    • Understand the mechanics of computationally secure information stealing
    • Learn how non-zero sum Game Theory is used to develop survivable malware
    • Discover how hackers use public key cryptography to mount extortion attacks
    • Recognize and combat the danger of kleptographic attacks on smart-card devices
    • Build a strong arsenal against a cryptovirology attack

    Preface by security expert Bruce Schneier (Pratical Cryptography a reference)


  • Comments are welcomed!
    Here we go....
    I've patched the component Ako comment of Arthur Konze with a hashcash technology....:
    A new form hidden field:
    • with a random name (Hname),
    • with a random MD5 value (Hvalue),
    is now send to the user.

    If the user want to submit a comment, a browser has to:
    • Locate the random hidden field name (Hname) with javascript: (function replace())
    • Rehash with a javascript  MD5 the hidden field value (Hvalue) (and this is time consuming for spammer :-) )
    and send everything to server.

    If the spammer do not follow the challenge, the comment wont be accepted!

    required: com_log4php  and com_hashcash library
    The  zip file in download sections  contains the components and the mambot! decompress first before installing both.
    All credit to Arthur Konze for his wonderful component.



  • How to create a rogue CA certificate...

    We(note Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger) have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

    ps3cluster

    [..]

    "A single attempt for constructing a chosen-prefix collision costs about a little more than a day. The first stage consisting of the birthday search is computationally the most expensive. Luckily it is also very suited for the special SPU cores of the Cell Processor that the Sony PlayStation 3 uses. We had about 200 PS3s at our disposal, located at the"PlayStation Lab" of Arjen Lenstra at EPFL, Lausanne, Switzerland (see the picture). The birthdaying takes about 18 hours on the 200 PS3s using 30GB of memory that was equally divided over the PS3s. The second stage computes the 3 collision blocks that eliminate the IHV differences left after the first stage and costs in total about 3 to 10 hours on a high-end quadcore pc."

    from http://www.win.tue.nl/hashclash/rogue-ca/

    Note: only certificate signed with MD5 are forgeable, and it required a lot of knowledge and money at the moment... unfortunately these are things that spammer, thief and zombies network have at disposal. By luck as soon as Verisign switch to a more secure hashing function, the problem will be solved (Verisign will phase MD5 by January out)

    Note2: even a geek need 1 week to understand the explanations ;-)

    Read more at http://www.win.tue.nl/hashclash/rogue-ca/