ZenGo Uncovers ‘Dogbyte’ Attack in Diogenes Protocol Proof of Ethereum 2.0 Beacon Chain

September 2, 2020 by · 3 min read

The attack termed as “Dogbyte” allows passive observers to access the secret project to break the security of the protocol. All it requires is the central coordinator to conspire with a participant according to ZenGo.

The Diogenes project being led by Ligero Inc team has been under review by ZenGo upon the request of the Ethereum Foundation and VDF alliance. According to a recent update, there was a massive discovery of a potential attack vector that has the capacity to access the Ethereum 2.0 VDF from the backdoor. After that discovery, the ZenGo researcher has uncovered another vulnerability termed as “Dogbyte” that can open a way for a potential attack.  It allows passive observers to access the secret of the project to break the security of the protocol. All it requires is the central coordinator to conspire with a participant for the attack to materialize.

Diogenes is designed to facilitate “ceremony” in a bid to produce RSA modules. The said ceremony is a multiparty computation protocol which once completed, the modules would be integrated into the VDF protocol. This is meant to form a part of an unbiased random beacon within the Ethereum 2.0 blockchain. The protocol aims to produce a bit-prime N=pq. P and q are 1024 bit-primes hidden to the parties. In layman terms, there are about 1024 participants involved in the process and run a number of protocols. 

Protocols Run by Participants

 All the parties involved compute a joint public key. Each of them also samples random local secrets and encrypts their secret shares to the point of public keys. Interestingly, there is a coordinator designed to combine all the ciphertexts. It is also charged to compute the encryption of “p” homomorphically. After the parties decrypt to get a candidate N jointly, they check through multiple tests that p and q are primes. In fact, the tests are conducted in a distributed fashion since p and q are unknown to the parties. 

The vulnerability in the protocol that puts it at risk of a crucial attack according to ZenGo comes from the fact that the above process must be repeated many times to ensure that at least one of the candidates passes all the tests. The protocol will then produce many bad candidates naturally. 

Back to the Dogbyte Attack by ZenGo

Although the process run to ensure fairness, the Dogbyte attack guarantees that anyone who could observe the protocol transcript access and learn the secrets generated by the ceremony.  Moreover, participants can equally access the secret.

According to Omer Shlomovits, the ZenGo researcher, “participants can gain an unfair advantage in all utilities built atop the random beacon chain” after using the secret to “skew the randomness generated in the beacon chain”. 

The cost of seeing malicious parties engage in a protocol that looks for an honest computation can be a disaster, because they can introduce bias, learn secret inputs, and even launch a DDoS attack.


Related Articles

Ethereum 2.0: Beacon Chain Upgrade Goes Live

By December 1st, 2020

The launch of Ethereum 2.0 today will be followed by other significant events including the ushering in of the Shard Chains and subsequently the merger of the current PoW Ethereum and the PoS Ethereum.

Ethplorer Bulk API Monitor Launched: Better Way of Tracing Ethereum Addresses

By December 1st, 2020

Ethplorer isn’t the only Ethereum tracking service out there. What makes it unique is its ability to track any number of addresses and transactions – millions if needed.

Crypto Exchange Coinbase Outlines Plans to Support ETH 2.0 Staking

By December 1st, 2020

Coinbase said that it will support ETH 2.0 staking rewards in eligible jurisdictions starting from early 2021. Other crypto exchanges like Huobi, Kucoin, and Binance has also made similar announcements.