Today Gridcoin released a new Algorithm that improves the security of Research rewards for users earning Gridcoin by contributing to BOINC projects. This improved Algorithm addresses multiple theoretical attack vectors that affect individual CPID rewards, where the attacker could potentially intercept the reward for themselves. A Bulletin on the details of the upgrade was released and is included here:
Security Upgrade
Bulletin Date: September 18th, 2016
The Gridcoin Research security system for Proof of Research blocks is being upgraded to
withstand new attack methods including but not limited to “algorithm attacks” (reverse
engineering an algorithm), “man in the middle attacks” (altering information transmitted
between parties), “replay attacks” (construction of data using a replay of prior
information), and social attacks (gaining the boinc e-mail through social interaction).
Note: The updates discussed herein Do Not affect Investors. Investors mine blocks with
an investor CPID, and earn interest based on Coin age. None of the additions referenced
here will affect the safety of the coins or the interest bearing ability or the day to day
operations of the Investor and this entire document may be ignored. This document
pertains to researchers with Boinc CPIDs that accrue research rewards.
The upgrade plan end-goal is to replace the POR CPID Validity algorithm with a new
system to be completed in Phases. This allows us to continue to operate smoothly in
Prod, while we achieve each milestone. Phase 1 involves upgrading to the new beacon
system with hardened keypairs (one pair for each researcher CPID). Phase 2 involves a
Mandatory upgrade of the Wallet (affecting our service providers and the entire network)
to respect the new keys.
Currently, Gridcoin requires two pieces of data from separate systems to successfully
stake a research reward block: Piece 1: The Beacon (The beacon currently contains your
researcher CPID) and could be expired or non-existent (resulting in no reward), and Piece
2: The Magnitude value for the CPID (from the daily superblock, originating from the
neural network). Note that our current security model ties the existing beacon with the
magnitude, and each remote node verifies the ownership of the originating CPID by using
the POR CPID algorithm (IE, verification of the components of the long CPID are tested
to ensure the Long cpid hashes in a way that proves it was originally generated from the
researcher that owned the boinc e-mail address). Beacons expire in 6 months, and the
client will automatically send a new beacon once the old expires (after 3 hours of being
found missing in the chain). If either a beacon does not exist, or magnitude does not
exist, the POR block is not staked. The CPID is tested when a block is being checked
with magnitude and with an existing beacon.
In the new upgraded system, a stronger Beacon is used, and is now indexed by the Public
CPID, and signed by the researcher, and contains the public beacon key. The private
researcher beacon key is stored on the researcher’s machine in the gridcoinresearch.conf
file (under PrivateKeyCPID=). The information sent in the block is sent in a way that
cannot be replayed (IE, the blockhash+cpid is signed with the PrivateKey of the
researcher, which will never be revealed to the network). In this way, a foreign node may
verify the ownership of the public CPID by testing the signature. At that point a decision
is made to reject the block or accept it.
Since we would like to accelerate the replacement of the CPID algorithm immediately, I
recommend we go through a process to immediately insert each researchers new beacon
in the chain.
The reason it is important to upgrade your beacon quickly and this is being treated with
such high priority, is to ensure all of our researchers stake the claim of their personal
CPID, and this will prevent any hacking groups from taking ownership of the CPID or
the e-mail address you currently use. Note: An effort has been made to make it very hard
to create a keypair using a boinc CPID without actually owning it, but nevertheless if you
upgrade your beacon immediately this threat is removed.
We have built in extra safeguards to allow for “extraneous circumstances”. If you would
like to remove all traces of your prior CPID and corresponding e-mail address hash, you
may change your e-mail address across all projects within the boinc network and wait
until a new CPID is generated. Then advertise the beacon and you will end up with a
new keypair. In the new system, no e-mail hash will be sent over the network (this will
not be live until Phase 2 starts however).
On the other hand, if you discover that someone has taken control of your CPID, (IE you
keep attempting to create a beacon and it fails), execute the command “execute
proveownership” and send the results along with a URL of your boinc credit to RTM, and
he will use the Delete tool to delete the beacon manually. (This allows you to keep your
old CPID if you love it and have a problem with someone attempting to take it over).
In Phase 2, we will set a future block number for a mandatory release. Phase2 will
respect the new POR security system.
(Note some items have been tested by Rob, others need more testing before phase 2):
At that point we will set a block number for the mandatory upgrade and notify the
exchanges and prioritize the upgrade.
Miscellaneous Notes:
Our upgraded beacons are backward compatible so that in the interim (before phase 2),
old clients will check blocks successfully.
The beacon design is partially driven by the desire for ease of initial configuration for
new users (IE not requiring configuration settings to be stored inside Boinc, other than
joining team Gridcoin), preserving existing CPIDs, minimizing changes required by the
researchers, and maintaining a decentralized network (decentralized private keys by
default) with minimal admin intervention.
Happy Researching!
Rob Halford
