未密封：对去中心化抗审查协议 Nostr 的实际攻击.pdf

1、#BHUSA BlackHatEventsNot Sealed:Practical Attacks on Nostr,a Decentralized Censorship-Resistant ProtocolSpeakers:Hayato KimuraContributors:Ryoma Ito,Kazuhiko Minematsu,Shogo Shiraki and Takanori IsobeKeywords:Distributed SNS,signature verification bypass,CBC mode malleability,cache poisoning,plainte

2、xt recovery(Also,IEEE EuroS&P2025)#BHUSA BlackHatEventsOur Team2Ryoma Ito(NICT)Kazuhiko Minematsu(NEC)Shogo Shiraki(University of Hyogo)Takanori Isobe(The University of Osaka)Hayato Kimura Researcher at NICT,Japan(National Institute of information and Communications Technology)Ph.D.candidate at The

3、University of Osaka Research field:Applied Cryptography&Protocol Security#BHUSA BlackHatEvents3The dawn of the Distributed SNS#BHUSA BlackHatEventsSelf-sovereignFederatedAuthentication by a single service providerService providers are interconnectedBut identity managed like a centralized SNSSigned P

4、ostSigning Key(identity)Service providers are independentUsers identity is managed by userUser authPostDistributed SNS4#BHUSA BlackHatEventsSelf-sovereignFederatedAuthentication by a single service providerService providers are interconnectedBut identity managed like a centralized SNSSigned PostSign

5、ing Key(identity)Service providers are independentUsers identity is managed by userUser authPostDistributed SNS5Quite different architecture fromtraditional centralized SNS/messagingResearch QuestionsHow to trust public keys?New architecture,new attack surface?#BHUSA BlackHatEventsOpen,censorship-re

6、sistant social-network1.1 million registration users No centralizedauthority,users must manage Public-key-based identitiesA secp256k1 key pair defines who you are;every post carries a signatureZero barriers to participationAnyone can run a relay server or clientCovers most of the attractive features