Skip to main content
SpringerLink
Log in

The Trojan Message Attack on the Pay-to-Public-Key-Hash Protocol of Bitcoin

  • Conference paper
  • First Online:
Blockchain Technology and Application (CBCC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1176))

Included in the following conference series:

Abstract

Bitcoin is the first and seemingly the most successful cryptocurrency based in a peer-to-peer network that uses blockchain technology. Given Bitcoin’s growing real-life deployment and popularity, its security has aroused more and more attention in both financial and information industries. As a body containing a variety of cryptosystems, Bitcoin may also suffer from cryptanalysis attacks. This paper focuses on one of such attacks: the Trojan message attack, and presents in detail how to conduct the attack according to the structure and workflow of the Pay-to-Public-Key-Hash protocol of Bitcoin. The attack aims at forging an upcoming transaction record and results from the fact that all users’ candidate input transactions are open to the attacker. The construction of the attack employs a combination of the Bitcoin transaction structure with standard Merkle–Damgard extension vulnerabilities. The conclusion of the attack shows that both the mathematical structure of the hash function itself and the public information in the blockchain are important to the security of Bitcoin. These factors should be considered in the future for the design of other cryptocurrency and blockchain systems.

The work is supported by the National Key R&D Program of China under Grant No. 2017YFB1400700, Beijing Natural Science Foundation under Grant No. 4194090, the National Natural Science Foundation of China under Grant No. 61702570, U1509214, the Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security under Grant No. AGK2018005, the Opening Project of Key Laboratory of Computer Network and Information Integration (Southeast University) under Grant No. K93-9-2018-05, and Open Fund of Key Laboratory of Hunan Province (2017TP1026).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Nakamoto, S.: bitcoin: A Peer-to-Peer Electronic Cash System (2008)

    Google Scholar 

  2. Bonneau, J., Miller, A., Clark, J., et al.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy, pp. 104–121. IEEE (2015)

    Google Scholar 

  3. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10

    Chapter  Google Scholar 

  4. Miers, I., Garman, C., Green, M., et al.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE (2013)

    Google Scholar 

  5. Sasson, E.B., Chiesa, A., Garman, C., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)

    Google Scholar 

  6. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_28

    Chapter  Google Scholar 

  7. Velner, Y., Teutsch, J., Luu, L.: Smart contracts make bitcoin mining pools vulnerable. IACR Cryptology ePrint Archive, 2017:230 (2017)

    Google Scholar 

  8. Kwon, Y., Kim, D., Son, Y., Choi, J., Kim, Y.: Doppelganger in bitcoin mining pools: an analysis of the duplication share attack. In: Choi, D., Guilley, S. (eds.) WISA 2016. LNCS, vol. 10144, pp. 124–135. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56549-1_11

    Chapter  Google Scholar 

  9. Dmitrienko, A., Noack, D., Yung, M.: Secure wallet-assisted offline bitcoin payments with double-spender revocation. In: Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, pp. 520–531. ACM (2017)

    Google Scholar 

  10. Gervais, A., Ritzdorf, H., Karame, G.O., et al.: Tampering with the delivery of blocks and transactions in bitcoin. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 692–705. ACM (2015)

    Google Scholar 

  11. Heilman, E., Kendler, A., Zohar, A., et al.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security Symposium, pp. 129–144 (2015)

    Google Scholar 

  12. Liao, K., Katz, J.: Incentivizing blockchain forks via whale transactions. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 264–279. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_17

    Chapter  Google Scholar 

  13. Bartoletti, M., Pompianu, L.: An analysis of bitcoin OP_RETURN metadata. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 218–230. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_14

    Chapter  Google Scholar 

  14. McCorry, P., Shahandashti, S.F., Hao, F.: Refund attacks on bitcoin’s payment protocol. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 581–599. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_34

    Chapter  Google Scholar 

  15. Bonneau, J.: Why buy when you can rent? In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 19–26. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_2

    Chapter  Google Scholar 

  16. Stevens, M., Lenstra, A.K., De Weger, B.: Chosen-prefix collisions for MD5 and applications. Int. J. Appl. Cryptogr. 2(4), 322–359 (2012)

    Article  MathSciNet  Google Scholar 

  17. Stevens, M., et al.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_4

    Chapter  Google Scholar 

  18. Stevens, M.: New collision attacks on SHA-1 based on optimal joint local-collision analysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 245–261. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_15

    Chapter  Google Scholar 

  19. Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: Network and Distributed System Security Symposium, NDSS 2016 (2016)

    Google Scholar 

  20. Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., et al.: A cross-protocol attack on the TLS protocol. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 62–72. ACM (2012)

    Google Scholar 

  21. Vaudenay, S.: Security flaws induced by CBC padding—applications to SSL, IPSEC, WTLS…. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_35

    Chapter  Google Scholar 

  22. Zheng, Z., Zhao, C., Fan, H., et al.: A key backup scheme based on bitcoin. IACR Cryptology ePrint Archive, 2017:704 (2017)

    Google Scholar 

  23. Abusalah, H., Alwen, J., Cohen, B., Khilko, D., Pietrzak, K., Reyzin, L.: Beyond Hellman’s time-memory trade-offs with applications to proofs of space. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 357–379. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_13

    Chapter  Google Scholar 

  24. Dinur, I., Nadler, N.: Time-memory tradeoff attacks on the MTP proof-of-work scheme. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 375–403. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_13

    Chapter  Google Scholar 

  25. Biryukov, A., Khovratovich, D.: Egalitarian computing. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 315–326. USENIX Association (2016)

    Google Scholar 

  26. Giechaskiel, I., Cremers, C., Rasmussen, K.B.: On bitcoin security in the presence of broken cryptographic primitives. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 201–222. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_11

    Chapter  Google Scholar 

  27. bitcoincore.org. bitcoin core. https://github.com/bitcoin/bitcoin

  28. Andreeva, E., Bouillaguet, C., Dunkelman, O., et al.: Herding, second preimage and Trojan message attacks beyond Merkle-Damgård. Sel. Areas Cryptogr. 5867, 393–414 (2009)

    Article  Google Scholar 

  29. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    MATH  Google Scholar 

  30. Standard SH: Federal Information Processing Standard Publication 180-2, US Department of Commerce, National Institute of Standards and Technology (NIST) (2002) csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

  31. Mendel, F., Nad, T., Schläffer, M.: Improving local collisions: new attacks on reduced SHA-256. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 262–278. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_16

    Chapter  Google Scholar 

  32. Kortelainen, T., Kortelainen, J.: On diamond structures and Trojan message attacks. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 524–539. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_27

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information, Central University of Finance and Economics, Beijing, 100081, China

    Maoning Wang, Meijiao Duan & Jianming Zhu

  2. Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai, 200240, China

    Maoning Wang

  3. Key Laboratory of Computer Network and Information Integration, Southeast University, Ministry of Education, Nanjing, 211189, China

    Maoning Wang

  4. Hunan Provincial Base of International Science and Technology Innovation and Cooperation on Big Data Technology and Management, Changsha, 410205, China

    Maoning Wang

Authors
  1. Maoning Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Meijiao Duan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianming Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maoning Wang .

Editor information

Editors and Affiliations

  1. Fudan University, Shanghai, China

    Xueming Si

  2. Huazhong University of Science and Technology, Wuhan, China

    Hai Jin

  3. Chinese Academy of Sciences, Beijing, China

    Yi Sun

  4. Central University of Finance and Economics, Beijing, China

    Jianming Zhu

  5. Central University of Finance and Economics, Beijing, China

    Liehuang Zhu

  6. Harbin University of Science and Technology, Harbin, China

    Xianhua Song

  7. National Academy of Guo Ding, Harbin, China

    Zeguang Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, M., Duan, M., Zhu, J. (2020). The Trojan Message Attack on the Pay-to-Public-Key-Hash Protocol of Bitcoin. In: Si, X., et al. Blockchain Technology and Application. CBCC 2019. Communications in Computer and Information Science, vol 1176. Springer, Singapore. https://doi.org/10.1007/978-981-15-3278-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-3278-8_13

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-3277-1

  • Online ISBN: 978-981-15-3278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation