on the crypto
ZenGo researchers disclosed a vulnerability discovered in the Diogenes test protocol. This release was designed to provide the raw entropy for a Verifiable Delay Function (VDF) for the Ethereum 2.0 beacon chain.
A random beacon chain at the base of Eth 2.0
Ligero Inc., the team behind Diogenes, is redesigning a trial version of the protocol eliminating the reported vulnerability, according to a ZenGo post. Entropy is a mathematical "randomness" that bolsters security for crypto functions.
The long-awaited Ethereum upgrade - here it quotation in real time, Ethereum 2.0 requires a random beacon chain to create entropy. This beacon chain has been defined as the "backbone" of Eth 2.0 due to its role in coordinating functions between the main Ethereum blockchain and all its smaller derivative chains called "shard chains".
VDFs are needed to build a truly secure random beacon chain, ZenGo researcher Omer Shlomovits said. Under an Eth 2.0 paradigm, the Diogenes protocol orchestrates so-called "ceremonies" to generate the entropy that creates the parameters for the random beacon VDF.
About 1024 participants are involved in the process. Each participant who takes part in the ceremony gets only one piece of the "secret" - the crypto key that would allow attackers to interfere with the "randomness" of the VDF - so each of the 1.024 participants would have to work together to put the whole key together; Diogenes assumes that at least one of these participants will act honestly.
The DogByte bug
The "DogByte" bug, as ZenGo calls it, would allow anyone observing the transcript of the protocol, not just the ceremony participants, to learn the secret created during the ceremony itself. Thanks to the secrecy, attackers could theoretically "distort" or "influence the randomness generated in the beacon chain," Shlomovits explained.
This could allow them to "gain an unfair advantage over all products built on the random beacon chain", such as working to gain a greater chance of validating new Ethereum 2.0 blocks or interfering with a smart contract based on the entropy of the beacon chain. .
The vulnerability found in a security check commissioned by the Ethereum Foundation and the VDF Alliance
This vulnerability is the second that ZenGo found in the Diogenes project and is part of an ongoing security check commissioned by the Ethereum Foundation and the VDF Alliance. The first vulnerability involved "a potential attack vector that could [give the hacker] backdoor access to an Ethereum 2.0 VDF" and required that "the central coordinator [of the VDF] colludes with one of the participants," ZenGo wrote in a recent post.
Shlomovits pointed out that ZenGo is working closely with Ligero Inc. on this research, adding that "the type of bug attests to the high quality of the project and the amount of control that is put into testing this protocol" and that the technology stack of Eth 2.0 appears to be “highly resilient”.
