ZenGo Uncovers ‘Dogbyte’ Attack in Diogenes Protocol Proof of Ethereum 2.0 Beacon Chain

On Sep 2, 2020 at 1:32 pm UTC by · 3 min read

The attack termed as “Dogbyte” allows passive observers to access the secret project to break the security of the protocol. All it requires is the central coordinator to conspire with a participant according to ZenGo.

The Diogenes project being led by Ligero Inc team has been under review by ZenGo upon the request of the Ethereum Foundation and VDF alliance. According to a recent update, there was a massive discovery of a potential attack vector that has the capacity to access the Ethereum 2.0 VDF from the backdoor. After that discovery, the ZenGo researcher has uncovered another vulnerability termed as “Dogbyte” that can open a way for a potential attack.  It allows passive observers to access the secret of the project to break the security of the protocol. All it requires is the central coordinator to conspire with a participant for the attack to materialize.

Diogenes is designed to facilitate “ceremony” in a bid to produce RSA modules. The said ceremony is a multiparty computation protocol which once completed, the modules would be integrated into the VDF protocol. This is meant to form a part of an unbiased random beacon within the Ethereum 2.0 blockchain. The protocol aims to produce a bit-prime N=pq. P and q are 1024 bit-primes hidden to the parties. In layman terms, there are about 1024 participants involved in the process and run a number of protocols. 

Protocols Run by Participants

 All the parties involved compute a joint public key. Each of them also samples random local secrets and encrypts their secret shares to the point of public keys. Interestingly, there is a coordinator designed to combine all the ciphertexts. It is also charged to compute the encryption of “p” homomorphically. After the parties decrypt to get a candidate N jointly, they check through multiple tests that p and q are primes. In fact, the tests are conducted in a distributed fashion since p and q are unknown to the parties. 

The vulnerability in the protocol that puts it at risk of a crucial attack according to ZenGo comes from the fact that the above process must be repeated many times to ensure that at least one of the candidates passes all the tests. The protocol will then produce many bad candidates naturally. 

Back to the Dogbyte Attack by ZenGo

Although the process run to ensure fairness, the Dogbyte attack guarantees that anyone who could observe the protocol transcript access and learn the secrets generated by the ceremony.  Moreover, participants can equally access the secret.

According to Omer Shlomovits, the ZenGo researcher, “participants can gain an unfair advantage in all utilities built atop the random beacon chain” after using the secret to “skew the randomness generated in the beacon chain”. 

The cost of seeing malicious parties engage in a protocol that looks for an honest computation can be a disaster, because they can introduce bias, learn secret inputs, and even launch a DDoS attack.


Related Articles

Major Cryptos Stage Mini Reversal but Still Far from Redeeming Lost Value

By July 5th, 2022

The mini-rally recorded in the last 24 hours is believed to have been caused by the positive movement in Total Value Locked across Ethereum as well as improved on-chain activities.

Bitcoin Mining Revenues Flipped Ethereum’s in June for 1st Time in a Year

By July 5th, 2022

Ever since Bitcoin price dropped to current levels of around $20k, miners are rewarded approximately $120,000 per successful mined block.

Beverage Giant Coca-Cola to Launch Pride Series NFT Collection on Polygon

By July 5th, 2022

Coca-Cola said that it will donate all proceeds of the sale to support South Africa’s OUT community, which works towards helping the LGBTQIA+ community.