Litecoin MimbleWimble November Recap Replace

3 views 12:45 pm 0 Comments May 24, 2023

This replace was written and offered by Litecoin MimbleWimble lead developer David Burkett.


Safety Vulnerability

As shared on Twitter yesterday:

Kurt, a long-time GRIN group member, contacted Charlie and I to tell us of a vulnerability within the design for non-interactive transactions. Whereas the assault is troublesome to carry out in apply, it does permit for theft of funds if the circumstances line up good.

This assault is slightly technical, and obscure with out first studying the entire crypto behind MWEB. Very informally, it really works like this:

  1. Alice sends 2 cash to Bob:
    • coin 1 = 10 LTC
    • coin 2 = 20 LTC
  2. Bob creates 2 transactions, 1 to Charlie, and one other again to Alice, and sends them at roughly the identical time:
    • tx1 = spend coin 1 to ship 8 LTCs to Alice (8 LTC Alice, 2 LTC Change)
    • tx2 = spend coin 2 to ship 15 LTCs to Charlie (15 LTC Charlie, 5 LTC Change)
  3. Alice modifications tx1 to spend coin 2 as a substitute, maintaining the extra 10 LTCs for herself:
    • tx3 = spend coin 2 to ship 18 LTCs to Alice and a couple of LTC again to Bob as Change
    • tx1 & tx2 dropped and changed with tx3

There are a variety of explanation why this assault would fail in apply almost each time. However the penalties if it did succeed could be very critical, so it was apparent this was one thing we needed to forestall.

We’re very grateful for Kurt taking the time to review MWEB’s design, and for reaching out to share this assault with us. Because of the significance of the discovering, Charlie generously donated his personal cash to pay Kurt a well-deserved 0.15 BTC bounty.

The Repair

Contemplating the proximity to the deliberate launch date, panic began to set in. Fortuitously, I noticed there’s a comparatively easy repair for the assault that consists of introducing a brand new public key in every enter that stops reuse of enter signatures.

On the similar time we had been working by means of the small print of the assault & fixes, I used to be put in touch with some top-notch cryptographers who provided to do a safety audit of our design, which they had been contemplating to make use of as a place to begin for one more mission they had been engaged on.

The necessity for a extra formally documented design grew to become evident, so I spent the following few weeks rewriting LIP-0004 right into a extra full and formally specified design, making minor tweaks alongside the best way to harden it the place I may. Clearly, I ought to’ve completed this from the start, as a result of we’ve had almost as many reviewers of LIP-0004 on this previous month as we’ve for the earlier 1.5 years 🙂

Whereas I’d’ve beloved to have all of those eyes on the design way back, I’m thrilled about the entire suggestions I’ve obtained.

Sadly, some modifications do should be made to the code to now match the brand new design, which suggests just a few extra extra weeks of dev work. Fortuitously, almost the entire modifications can be within the libmw subproject, which is extremely modularized and closely examined. That is nice information, because it means the modifications ought to be simpler to make, take a look at, and most significantly, assessment. This assessment could be rigorously carried out by the opposite LTC builders, so I don’t consider it’s essential to ship the modifications again to the auditors. This may have an effect on launch date, however the delay ought to be minimal.

Launch Course of

I discussed final month that the discharge construct course of was time-consuming, and the scripts had been outdated, so I spent a while cleansing the entire outdated scripts up, and creating a less complicated, extra automated construct course of. The construct scripts and verification keys are going to be maintained in a separate repo going ahead. Proper now, the brand new ltc-release-build is slightly below my private github account, but when it really works out effectively for the MWEB launch, we’ll get that moved to litecoin’s github org.

Timeline updates

  • I’ve chosen to push the discharge to January to make sure we’ve sufficient time to repair the vulnerability discovered. Hopefully that would be the final time 🤞. is as soon as once more up-to-date.

  • v0.21.1 any day now™ for actual this time™

Leave a Reply

Your email address will not be published. Required fields are marked *