The attack termed as “Dogbyte” allows passive observers to access the secret project to break the security of the protocol. All it requires is the central coordinator to conspire with a participant according to ZenGo.
The Diogenes project being led by Ligero Inc team has been under review by ZenGo upon the request of the Ethereum Foundation and VDF alliance. According to a recent update, there was a massive discovery of a potential attack vector that has the capacity to access the Ethereum 2.0 VDF from the backdoor. After that discovery, the ZenGo researcher has uncovered another vulnerability termed as “Dogbyte” that can open a way for a potential attack. It allows passive observers to access the secret of the project to break the security of the protocol. All it requires is the central coordinator to conspire with a participant for the attack to materialize.
Diogenes is designed to facilitate “ceremony” in a bid to produce RSA modules. The said ceremony is a multiparty computation protocol which once completed, the modules would be integrated into the VDF protocol. This is meant to form a part of an unbiased random beacon within the Ethereum 2.0 blockchain. The protocol aims to produce a bit-prime N=pq. P and q are 1024 bit-primes hidden to the parties. In layman terms, there are about 1024 participants involved in the process and run a number of protocols.
Protocols Run by Participants
All the parties involved compute a joint public key. Each of them also samples random local secrets and encrypts their secret shares to the point of public keys. Interestingly, there is a coordinator designed to combine all the ciphertexts. It is also charged to compute the encryption of “p” homomorphically. After the parties decrypt to get a candidate N jointly, they check through multiple tests that p and q are primes. In fact, the tests are conducted in a distributed fashion since p and q are unknown to the parties.
The vulnerability in the protocol that puts it at risk of a crucial attack according to ZenGo comes from the fact that the above process must be repeated many times to ensure that at least one of the candidates passes all the tests. The protocol will then produce many bad candidates naturally.
Back to the Dogbyte Attack by ZenGo
Although the process run to ensure fairness, the Dogbyte attack guarantees that anyone who could observe the protocol transcript access and learn the secrets generated by the ceremony. Moreover, participants can equally access the secret.
According to Omer Shlomovits, the ZenGo researcher, “participants can gain an unfair advantage in all utilities built atop the random beacon chain” after using the secret to “skew the randomness generated in the beacon chain”.
The cost of seeing malicious parties engage in a protocol that looks for an honest computation can be a disaster, because they can introduce bias, learn secret inputs, and even launch a DDoS attack.