Bitaps Shamir Secret Backup Scheme Bug Bounty
The New Bug Bounty program for Shamir Secret Backup Scheme starts at the international cybersecurity conference ZeroNights X, which will be held on 25 August 2021 in Saint Petersburg, Russia. You can submit your bug reports starting from June 10, at the conference we will reward participants who have found flaws and vulnerabilities in the implementation of this scheme. Also, if you can hack the scheme completely, then the main reward is already waiting for you at the bitcoin address.
To submit a bug report, open an issue on GitHub in a specific implementation in the PyBTC Python library or the JsBTC Javascript library.
Main reward
Zpub:
zpub6qdEDkv51FpxX6g1rpFGckmiL46vV8ccmtEgPAkj3qj8N4ZZHyXDRA9Rwp
TiFK2Kb8vRaDmSmwgX6rfB4t2K8Ktdq8ExQ6fumKpn2ndJCqL
An additional 1 BTC will be paid for disclosing the attack method, which allowed to compromise the presented implementation of the secret sharing scheme.
0.1 BTC – Any bug in the implementation of the presented secret sharing scheme that can lead to loss of access and the inability to recover the original mnemonic phrase.
from 0.05 BTC – Any other significant implementation bug. The exact reward amount is determined after analyzing the significance of the bug.
The 12-word original mnemonic code was split using the Shamir Secret Sharing scheme with 3 out of 5 threshold schemes were used. This means that any three shares are sufficient to restore the original mnemonic code. The goal is to break the Shamir Secret Sharing scheme or break the implementation of software for SSSS. We publish 2 of 3 shares needed to restore the original mnemonics.
Share 1:
Share 2:
In case of success 1 BTC will waiting for at m/84’/0’/0’/0/0 path. We use this mnemonic tool to split code.
Details about used implementation of Shamir secret scheme you can find here:
Click/Scan QR
Exact software implementation you can find here:
Click/Scan QR
Click/Scan QR
Few additional links for related vulnerability
Click/Scan QR
Click/Scan QR
Click/Scan QR
Click/Scan QR
Click/Scan QR
Click/Scan QR
Id like to thank you for the efforts youve put in writing this website. I really hope to view the same high-grade blog posts from you in the future as well. In fact, your creative writing abilities has inspired me to get my own, personal site now 😉
Everything is very open with a precise clarification of the challenges. It was definitely informative. Your site is useful. Thanks for sharing!