Navajo Indians Help Explain Ethereum / Classic Replay Attacks

October 11, 2016 by Christian Seberino

I will explain replay attacks in general and how to protect yourself.  I will give specifics regarding the Ethereum and Ethereum Classic replay attacks.

Navajo Code Talkers

navajo

Replay attacks are general attacks that are not even limited to computers.  Here is an example involving foreign languages.  During World War 2, bilingual Navajo soldiers secured communications by transmitting messages in the Navajo language.  If no extra precautions were taken, imagine the chaos that could ensure by simply repeating previously intercepted radio messages to random units.  You would not know what you were transmitting, but, you could conceivably send unsuspecting American soldiers messages such as “MOVE 1 MILE WEST NOW” or even “ATTACK NOW”.  Notice this takes little effort.  It does not even require deciphering the foreign language!

Remote Controlled House

remote_controlled

Here is an example of a replay attack involving computers. Imagine you decide to make your house remotely controllable with text commands while you are on travel.  You decide to take extreme measures and only send commands over the Internet that have been SHA-256 hashed 100 times.  The following Python code will encrypt your commands thusly:

#!/usr/bin/env python3

import hashlib

NUM_OF_HASHES = 100

encrypted_text = input("What is the house command? ")
for i in range(NUM_OF_HASHES):
        encrypted_text = hashlib.sha256(encrypted_text.encode()).hexdigest()

print(encrypted_text)

You can run the script yourself to see that for the command “WATER THE LAWN NOW”, the encrypted text to send will be:

0e7a9b2e305988a09ca6431dcc2ccff50db2e0922e43d90c3950f1b16842a82f

For the command “INCREASE THE TEMPERATURE 5 DEGREES”, the encrypted text will be:

66e14d7c75f8ef72a74d99d6690169aff310b7c6cc0d79ad09a945e8c926cf17

If someone listens in on the transmission, all they would see is unintelligible bits.  Imagine the mischief someone could cause by resending the above two encrypted commands to your house every ten minutes nonstop.  This is another example of an attack that is easily carried out.  The attack is even effective against (apparently) strong encryption!

Protecting Against Replay Attacks

The problem with the aforementioned scenarios is that the same messages always have the same corresponding encoded text.  This method, with regards to encryption, is referred to as Electronic Codebook (ECB) mode.  What is needed is some variability in all messages.  For example, imagine if the date and time were added to messages with the understanding that messages were to be ignored after an agreed upon expiry.  That would prevent replay attacks. Another simple solution is to add a unique number to every message.  Unique message numbers are referred to as nonces.

What About Ethereum & Ethereum Classic?

Ethereum (ETH) and Ethereum Classic (ETC) do have protection against replay attacks.  All transactions on both systems have nonces!  If you send me some ETH tokens from your ETH account,  I cannot replay that transaction (“double spend”) on the ETH system to get more; likewise for the ETC system.  However, both systems are sometimes vulnerable to replay attacks involving the resending of transactions between systems.  The reason for this is that the uniqueness of corresponding nonces between the two systems is not required.

The replay attack transaction

0x87f8a62d4f04776701e95672b85838c818ceff3102d72be9377ede77ed59f83b (minus the digital signature) on ETH block 1,920,100:

FIELD VALUE
Nonce 115255
Sending Address 0x4bb96091ee9d802ed039c4d1a5f6216f90f81b01
Receiving Address 0x5d438e155d0b38c568496c411a4bcc1dcf45632a
Ether Sending 5.008931333047880161
Data Sending (None)
Max Gas Units Can Use 90000
Price Per Gas Unit In Ether 0.000000021786783329

The same replay attack transaction

0x87f8a62d4f04776701e95672b85838c818ceff3102d72be9377ede77ed59f83b (minus the digital signature) on ETC block 1,920,021:

FIELD VALUE
Nonce 115255
Sending Address 0x4bb96091ee9d802ed039c4d1a5f6216f90f81b01
Receiving Address 0x5d438e155d0b38c568496c411a4bcc1dcf45632a
Ether Sending 5.008931333047880161
Data Sending (None)
Max Gas Units Can Use 90000
Price Per Gas Unit In Ether 0.000000021786783329

What specific funds are at risk?  Funds associated with the same address on both blockchains are at risk.  Therefore, this pertains to all funds existing before the ETH hard fork that now exist on both systems.  Notice this vulnerability does not pertain to the DAO related funds with modified histories. This is because these funds do not exist at the same addresses on both blockchains.

Solutions Part One

The easiest solution is to just send your funds to an exchange that promises to secure your funds for you.  If you want to protect your funds yourself, you need to add variability between the funds on both blockchains.  Since nonces are not providing that, another method is needed.  The easiest way to add variability is to move funds to different addresses on each blockchain.  Using two wallets, one for each system, send the funds from the same addresses to different addresses on each system.

Solutions Part Two

Perceptive readers may wonder whether the transactions that send funds to different addresses on each blockchain are themselves vulnerable to replay attacks.  There is a possibility that your attempt to add variability in the addresses fails.  But, that would just mean that your funds end up on the same new addresses on both systems controlled by you!  You could simply keep trying until you succeed in sending your funds to different addresses on each blockchain.

Solutions Part Three

Perceptive readers may also wonder whether an aggressive attacker could make it impossible to successfully move funds as required to protect them.  Assume all transactions are instantly copied to both systems.  The countermeasure for this situation relies on the fact that there is uncertainty in the time required to process (“mine”) new transactions on blockchains that use proof of work information.   You could broadcast the two transactions, meant for different blockchains, to one blockchain.  Why would this thwart every replay attack?  Remember that the ETH and ETC systems both have replay attack protection with regards to multiple transactions on the same blockchain.  One of the transactions should be accepted, and one rejected, on each blockchain.  No one can predict which of the two transactions will be accepted on either blockchain without also compromising mining nodes.  It may take multiple attempts, but, eventually funds will end up at different addresses on each system.

Solutions Part Four

Perceptive readers may also wonder whether new funds, sent to old addresses that previously held funds on both systems, are also vulnerable to replay attacks.  In some cases the answer is yes.  The simplest advice regarding that concern is to just avoid doing that.  In other words, do not reuse vulnerable addresses.  Arrange it so that no funds are ever sent to those addresses again.  If someone nevertheless insists on reusing addresses that exist on both chains, more work is required to secure future funds sent to those addresses.

Parting Thoughts

coyote

Everyone must be vigilant about protecting their cryptocurrency.  Fortunately, there are effective tools and techniques that provide adequate safeguards.  The dangers cannot be ignored.  As an old Navajo proverb says:

“Coyote is always out there waiting, and Coyote is always hungry.”

Feedback

You can contact me by clicking any of these icons:

twitter facebook linkedin

Acknowledgements

I would like to thank Nick Johnson and Timon Rapp for their help. I would also like to thank IOHK (Input Output Hong Kong) for funding this effort.

License

license

This work is licensed under the Creative Commons Attribution ShareAlike 4.0 International License.

Archive Previous posts

July 28, 2017Christian Seberino

Web 3.0 And Ethereum Classic

July 23, 2017Prophet Daniel

Development forces arriving

June 17, 2017Christian Seberino

Should The Ethereum Classic Community Be Ashamed Of Promoting Privacy?

June 17, 2017Christian Seberino

When Absolutely No One Can Steal Or Return Lost Ethereum Classic Funds

June 17, 2017Christian Seberino

ICOs & Custom Cryptocurrencies On Ethereum Classic

May 19, 2017Prophet Daniel

Stand up from the crowd

May 11, 2017Carlo V

ETC Weekly Newsletter: Dev Update 10!

May 1, 2017Christian Seberino

Why You Should LOVE Proof Of Stake Systems — Hybrids!

April 28, 2017Christian Seberino

Ethereum Classic Blocks Explained: The Three Categories

April 28, 2017Christian Seberino

Ethereum Classic World Computer Transactions Explained

April 19, 2017Carlo V

ETC Weekly Newsletter: New all time highs as ETC surges!

April 18, 2017Christian Seberino

Ethereum Classic Public And Private Keys: A Little Enlightenment

April 13, 2017Carlo V

ETC Weekly Newsletter: New devs on ETCdev Team.

March 30, 2017Christian Seberino

The Ethereum Classic World Computer Accounts & States Explained

March 29, 2017Carlo V

ETC Weekly Newsletter: Dev Update + News from Bitkio.

March 24, 2017Christian Seberino

How To Improve Ethereum Classic Immutability Discussions

March 16, 2017Carlo V

ETC Weekly Newsletter: Dev update and more

March 13, 2017Christian Seberino

Ethereum's Vitalik Buterin Discusses The New Viper Smart Contract Programming Language

March 8, 2017Carlo V

ETC Weekly Newsletter: Dev Updates + New Discussions

March 2, 2017Carlo V

ETC Weekly Newsletter : Monetary Policy Statement.

February 28, 2017Christian Seberino

An Interview With The Anonymous Individual That Started Ethereum Classic

February 28, 2017Christian Seberino

How To Create A Censorship Resistant Domain Name System On Ethereum Classic

February 20, 2017Carlo V

ETC Weekly Newsletter : Treasury Proposal

February 13, 2017Christian Seberino

Should We Make ⟠ The Ethereum Classic Currency Symbol?

February 10, 2017Christian Seberino

Serpent: Introduction To The BEST Ethereum Classic Smart Contract Language

February 10, 2017Christian Seberino

Proposal: Ethereum Classic Currency And Logo Conventions To Improve Communication And Avoid Expensive Mistakes

February 10, 2017Christian Seberino

Why Ethereum Classic Uses An Incorrect SHA3 Implementation

February 10, 2017Christian Seberino

Hashes: An Introduction & Why They Are Foundational To The Internet & Blockchains

February 10, 2017Christian Seberino

Why Bloom Filters Are So Cool (+ Useful!) For Blockchains & Beyond: An Introduction

February 1, 2017Carlo V

ETC Weekly Newsletter : Another Great Month Ahead

January 24, 2017Prophet Daniel

Ethereum Classic Harmony

January 17, 2017Carlo V

ETC Weekly Newsletter : Protocol Update Successful!

January 6, 2017Prophet Daniel

Sustainable Development Goals

January 4, 2017Carlo V

ETC Weekly Newsletter : Happy New Year!

December 29, 2016Carlo V

ETC Weekly Newsletter : End Of 2016!

December 28, 2016Christian Seberino

Zero Knowledge Proofs For Dummies

December 20, 2016Carlo V

ETC Weekly Newsletter : In Case You Missed It

December 16, 2016Christian Seberino

How To EASILY Set Up An AMAZING Ethereum Classic Node & Talk To It With Your OWN Code

December 14, 2016Carlo V

ETC Weekly Newsletter : ETC Meetup in London + The New Team

December 12, 2016Carlo V

Introducing The Grothendieck Team

December 6, 2016Carlo V

ETC Weekly Newsletter : The Grothendieck Team

December 6, 2016Christian Seberino

Why Would I Choose To Run My Application On Ethereum / Classic Instead Of The World Wide Web?

December 4, 2016Arvicco

ETC End of Year and Monetary Policy Event: London, December 13th

December 1, 2016Christian Seberino

Why InterPlanetary File System & Its Ilk Are A Big Deal For Blockchains & Beyond

November 29, 2016Carlo V

ETC Weekly Newsletter : Network Update

November 23, 2016Christian Seberino

The Skinny On Smart Contracts: An Introduction & Why You Should Care

November 22, 2016Carlo V

ETC Weekly Newsletter : Monetary Policy Update

November 15, 2016Carlo Vicari

ETC Newsletter

November 15, 2016Christian Seberino

The Bare Basics Of Money And Monetary Policy WITH A FEW WORDS FROM SATOSHI NAKAMOTO

November 8, 2016Carlo Vicari

ETC Newsletter : 2016-11-01 - 2016-11-08

November 4, 2016Christian Seberino

Let's Admit Blockchains Are Weird: An Introduction To The Strangeness

November 1, 2016Carlo Vicari

ETC Newsletter : 2016-10-24 - 2016-11-01

October 31, 2016Carlos Graterol

Instead of The Halvening, A Tithing for ETC

October 17, 2016Arvicco

Gas Reprice Hard Fork on ETC block 2500000 (October 25)

October 14, 2016Christian Seberino

Why Another Hard Fork To Deal With The Recent Denial Of Service Attack Spam Shouldn't Be Controversial

October 13, 2016Christian Seberino

Ethereum / Classic Denial Of Service Attacks & The Estonian Cyberwar

October 12, 2016Christian Seberino

Cuban Piracy & Why Merkle Trees Are So Awesome For Blockchains

October 11, 2016Christian Seberino

Navajo Indians Help Explain Ethereum / Classic Replay Attacks

September 18, 2016ProphetDaniel

The Invisible Field

September 9, 2016Arvicco

Code is Law and the Quest for Justice

September 1, 2016Ethereum Classic

CHBTC contributes funds to foster growth of Ethereum Classic

August 18, 2016Arvicco

Ethereum Classic Kickoff (London)

August 16, 2016ProphetDaniel

Nature Inspired Ethereum Classic Community Dynamics Proposal

August 14, 2016DaxClassix

New Website Created

August 11, 2016ProphetDaniel

Decentralized anarchist governance system

August 10, 2016ProphetDaniel

Couple Values That Forked Ethereum Broke

July 27, 2016Arvicco

Getting things done in a decentralized way

July 25, 2016Arvicco

What can I do to help Ethereum Classic project?

July 24, 2016Arvicco

ETC exchange trading and other news

July 22, 2016Arvicco

ETC - new Ethereum Classic ticker symbol

July 15, 2016Arvicco

Let's keep the original censorship-resistant Ethereum going!

July 11, 2016Arvicco

A Crypto-Decentralist Manifesto