720 832
613
$ 37 650. 75
+ 2.28 %

Shamir Secret Backup Scheme Bug Bounty


The New Bug Bounty program for Shamir Secret Backup Scheme starts at the international cybersecurity conference ZeroNights X, which will be held on 25 August 2021 in Saint Petersburg, Russia. You can submit your bug reports starting from June 10, at the conference we will reward participants who have found flaws and vulnerabilities in the implementation of this scheme. Also, if you can hack the scheme completely, then the main reward is already waiting for you at the bitcoin address.

To submit a bug report, open an issue on GitHub in a specific implementation in the PyBTC Python library or the JsBTC Javascript library.

Main reward
Zpub:
zpub6qdEDkv51FpxX6g1rpFGckmiL46vV8ccmtEgPAkj3qj8N4ZZHyXDRA9RwpTiFK2Kb8vRaDmSmwgX6rfB4t2K8Ktdq8ExQ6fumKpn2ndJCqL

An additional 1 BTC will be paid for disclosing the attack method, which allowed to compromise the presented implementation of the secret sharing scheme.


Bug rewards

0.1 BTC - Any bug in the implementation of the presented secret sharing scheme that can lead to loss of access and the inability to recover the original mnemonic phrase.

from 0.05 BTC - Any other significant implementation bug. The exact reward amount is determined after analyzing the significance of the bug.

Challenge

The 12-word original mnemonic code was split using the Shamir Secret Sharing scheme with 3 out of 5 threshold schemes were used. This means that any three shares are sufficient to restore the original mnemonic code. The goal is to break the Shamir Secret Sharing scheme or break the implementation of software for SSSS. We publish 2 of 3 shares needed to restore the original mnemonics.

Share 1:
Share 2:

In case of success your 1 BTC will waiting for you at m/84'/0'/0'/0/0 path. We use this mnemonic tool to split code.

Details about used implementation of Shamir secret scheme you can find here:
https://github.com/bitaps-com/mnemonic-offline-tool/blob/master/BIP/mnemonic-improvement.md

Exact software implementation you can find here:
https://github.com/bitaps-com/jsbtc/blob/master/src/functions/shamir_secret_sharing.js#L88
https://github.com/bitaps-com/pybtc/blob/master/pybtc/functions/shamir.py#L89


Additional information

Armory wallet shamir scheme vulnerability:
https://btcarmory.com/fragmented-backup-vuln/
https://bitcointalk.org/index.php?topic=2199659.0

HTC Exodus phone shamir scheme vulnerability:
https://donjon.ledger.com/Stealing-all-HTC-Exodus-users/
http://diyhpl.us/wiki/transcripts/breaking-bitcoin/2019/extracting-seeds-from-hardware-wallets/

Bug report from https://github.com/onvej-sl:
https://github.com/bitaps-com/pybtc/issues/23