mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a...
Transcript of mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a...
![Page 1: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/1.jpg)
IOTA TUTORIAL 27mobilefish.com
Why normalizedBundleHash? Why not reuse an address for outgoing txs?
v1.0.0
![Page 2: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/2.jpg)
INTROmobilefish.com
• In IOTA tutorial 6 I have explained why you should not reuse an address for outgoing transactions by using the Lamport One Time Signature scheme. That was a simplified explanation but not an accurate one. This tutorial will provide you the correct answer.
• In IOTA tutorial 16 I have never explained why the bundleHash is normalized. In this tutorial I will explain why this it is needed.
![Page 3: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/3.jpg)
PREREQUISITESmobilefish.com
• I assume that you have watched:
• IOTA tutorial 8: Cryptographic sponge construction
• IOTA tutorial 9.1: Key, Digests & Address
• IOTA tutorial 10: Transaction and bundle
• IOTA tutorial 15: BundleHash
• IOTA tutorial 16: normalizedBundleHash
• IOTA tutorial 17: Create and validate a signature
![Page 4: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/4.jpg)
PREREQUISITESmobilefish.com
• If you have not watched these videos you probably will not understand this tutorial. I highly recommended that you first watch these tutorials.
![Page 5: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/5.jpg)
QUICK REFRESHERmobilefish.com
• To be on the same page, in the following slides I will give you a quick refresher:
• What is a transaction bundle and transaction objects.
• What is a bundleHash and how it is created.
• What is a normalizedBundleHash and how it is created.
• How to calculate the number of hashes.
• How to create and validate a signatureFragment.
• How is an address calculated.
![Page 6: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/6.jpg)
TRANSACTIONBUNDLEmobilefish.com
tip0tip1
currentIndex N
trunkTransaction
hash
branchTransaction
currentIndex 2
trunkTransaction
hash
branchTransaction
currentIndex 1
trunkTransaction
hash
branchTransaction
currentIndex 0
trunkTransaction
hash
branchTransaction
:
Transaction bundle
currentIndex N
trunkTransaction
hash
branchTransaction
currentIndex 2
trunkTransaction
hash
branchTransaction
currentIndex 1
trunkTransaction
hash
branchTransaction
currentIndex 0
trunkTransaction
hash
branchTransaction
:
transactionObjects
![Page 7: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/7.jpg)
TRANSACTIONOBJECT EXAMPLEmobilefish.com
• This is what a single transactionObject looks like in a transaction bundle:{
"hash": "YDDQ...A9999",
"signatureMessageFragment": "JHAK...MVGY","address": "HRKD...XKHX","value": -3,"obsoleteTag": "999999999999999999999999999","timestamp": 1515494426,"currentIndex": 1,"lastIndex": 2,
"bundle": "RTGX...LQCY","trunkTransaction": "WVCLP...99999","branchTransaction": "DOXV...X999","tag": "999999999999999999999999999","attachmentTimestamp": 1515496571334,"attachmentTimestampLowerBound": 0,"attachmentTimestampUpperBound": 3812798742493,"nonce": "AZ999IOB9999999999999999999","persistence": true
},
How is this bundleHash created?
![Page 8: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/8.jpg)
BUNDLEHASHmobilefish.com
• The bundle transactionObject addresses, values, obsoleteTags, timestamps, currentIndexes and lastIndexes are used to calculate the bundleEssences:
bundleEssence = convertToTrits(address) + convertToTrytes(valueTrits) + obsoleteTag + convertToTrytes(timestampTrits) + convertToTrytes(currentIndexTrits) + convertToTrytes(lastIndexTrits))
![Page 9: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/9.jpg)
BUNDLEHASHmobilefish.com
• Use the cryptographic sponge construction to absorb the bundleEssences and squeeze the hash.bundle = [transactionObject0, transactionObject1, transactionObject2, transactionObject3]
transactionObjectN = {address, value, obsoleteTag, timestamp, currentIndex, lastIndex}
transactionObject0
bundleEssence0transactionObject1
bundleEssence1
transactionObject2
bundleEssence2transactionObject3
bundleEssence3
f f f f f0 hash
absorbing squeezing
![Page 10: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/10.jpg)
BUNDLEHASHmobilefish.com
• Convert the hash to trytes:bundleHash = convertToTrytes(hash)
![Page 11: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/11.jpg)
TRANSACTIONOBJECT EXAMPLEmobilefish.com
• This is what a single transactionObject looks like in a transaction bundle:{
"hash": "YDDQ...A9999",
"signatureMessageFragment": "JHAK...MVGY","address": "HRKD...XKHX","value": -3,"obsoleteTag": "999999999999999999999999999","timestamp": 1515494426,"currentIndex": 1,"lastIndex": 2,
"bundle": "RTGX...LQCY","trunkTransaction": "WVCLP...99999","branchTransaction": "DOXV...X999","tag": "999999999999999999999999999","attachmentTimestamp": 1515496571334,"attachmentTimestampLowerBound": 0,"attachmentTimestampUpperBound": 3812798742493,"nonce": "AZ999IOB9999999999999999999","persistence": true
},
bundleHash
![Page 12: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/12.jpg)
NORMALIZED BUNDLEHASHmobilefish.com
• The normalizedBundleHash is created by extracting the bundleHash from the transactionObject and the bundleHash is then normalized.
• The normalizedBundleHash contains no tryte value M and the "weights" of the trytes are evenly distributed.
![Page 13: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/13.jpg)
NORMALIZED BUNDLEHASHmobilefish.com
• You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.
• The normalizedBundleHash is used to create or validate a signature.
134
10
-1-4
Before normalizing sum = 22
first tryte in the part 13-13 4-4 -1
After normalizing sum = -1
![Page 14: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/14.jpg)
mobilefish.com
CALCULATE NUMBER OF HASHES
K = 13 - decimal 23 26 23 13 12 23 19 20 1512025
K times to hash each segment to CREATE signatureFragment
K = 13 + decimal 3 0 3 13 14 3 7 6 112561
K times to hash each segment to VALIDATE signatureFragment
… …
…
…
… …
L Q…R T … 9 AZ T … C YW UbundleHash81 trytes
normalized BundleHash L Q…O T … 9 AN Q … T YQ U
normalized BundleFragment27 trytes
-12 -7 12 -2-7-6-1010-10-13-10tryte decimal
value… … …
![Page 15: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/15.jpg)
mobilefish.com
security level 1
… 25 260 1 … 25 260 1
key
… 25 260 1 … 25 260 1 … 25 260 1hash each segment K times
segment each segment consists of 81 trytes
hash each keyFragment 1x
digests
each digests consists of 81 trytes
27 segments forms a keyFragment
3141330
… 25 260 1
1 3256 1167
1
address
0
1
1
1
address
1
2
1
address
1
hash n digests 1x
security level 2
security level 3
signature Fragment
key Fragment
25 23120
… 25 260 1
26 121323
… 25 260 1
23 152019
… 25 260 1
hash each segment K times
fragment stored in bundle
Seed, index number, security level
![Page 16: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/16.jpg)
SIGNATUREMESSAGEFRAGMENT EXAMPLEmobilefish.com
• This is what a single transactionObject looks like in a transaction bundle:{
"hash": "YDDQ...A9999",
"signatureMessageFragment": "JHAK...MVGY","address": "HRKD...XKHX","value": -3,"obsoleteTag": "999999999999999999999999999","timestamp": 1515494426,"currentIndex": 1,"lastIndex": 2,
"bundle": "RTGX...LQCY","trunkTransaction": "WVCLP...99999","branchTransaction": "DOXV...X999","tag": "999999999999999999999999999","attachmentTimestamp": 1515496571334,"attachmentTimestampLowerBound": 0,"attachmentTimestampUpperBound": 3812798742493,"nonce": "AZ999IOB9999999999999999999","persistence": true
},
![Page 17: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/17.jpg)
mobilefish.com
security level 1
… 25 260 1 … 25 260 1
key
… 25 260 1 … 25 260 1 … 25 260 1hash each segment K times
segment each segment consists of 81 trytes
hash each keyFragment 1x
digests
each digests consists of 81 trytes
27 segments forms a keyFragment
3141330
… 25 260 1
1 3256 1167
1
address
0
1
1
1
address
1
2
1
address
1
hash n digests 1x
security level 2
security level 3
signature Fragment
key Fragment
25 23120
… 25 260 1
26 121323
… 25 260 1
23 152019
… 25 260 1
hash each segment K times
fragment stored in bundle
Seed, index number, security level
![Page 18: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/18.jpg)
mobilefish.com
security level 1
… 25 260 1 … 25 260 1key
… 25 260 1 … 25 260 1 … 25 260 1hash each segment K times
segment each segment consists of 81 trytes
hash each keyFragment 1x
digests
each digests consists of 81 trytes
27 segments forms a keyFragment
2626262626
… 25 260 1
26 262626 262626
1
address
0
1
1
1
address
1
2
1
address
1
hash n digests 1x
security level 2
security level 3
key Fragment
CALCULATE ADDRESSSeed, index number, security level
![Page 19: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/19.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• I have created a simple value transaction: I have used security level 1 and transferred 1 IOTA from address A to B and there is no remainder.
• See the corresponding transaction bundle:https://www.mobilefish.com/download/iota/transactions_in_bundle_security_level1.txt
• The transaction bundle has two transactionObjects. A transactionObject containing recipient data and the other containing sender data.
• The senders signatureMessageFragment is “KVSA…HMKW” and the senders address is “VXO…LTKA”.
![Page 20: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/20.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
… 25 260 1
… 25 260 1
1 3256
1
address
0
1
key
digests
signature Fragment
key Fragment
25 23120
… 25 260 1
hash each segment K times
segment, each segment consists of 81 trytes
hash each keyFragment 1x
each digests consists of 81 trytes
27 segments forms a keyFragment
hash n digests 1x
hash each segment K times
fragment stored in bundle
security level 1
![Page 21: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/21.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• Let assume the submitted transaction bundle is pending and a hacker, called Eve, gets hold of this transaction bundle.
• Eve can change the transaction bundle by replacing the recipient’s address with her own address. By doing so the bundleHash changes which means the normalizedBundleHash and the number of hashes (K) are also changed accordingly.
![Page 22: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/22.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
bundle = [transactionObject0, transactionObject1]
transactionObjectN = {address, value, obsoleteTag, timestamp, currentIndex, lastIndex}
transactionObject0
bundleEssence0transactionObject1
bundleEssence1
f f0
absorbing
f hash bundleHash = convertToTrytes(hash)
squeezing
![Page 23: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/23.jpg)
mobilefish.com
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
K = 13 - decimal 23 26 23 13 12 23 19 20 1512025
K times to hash each segment to CREATE signatureFragment
K = 13 + decimal 3 0 3 13 14 3 7 6 112561
K times to hash each segment to VALIDATE signatureFragment
… …
…
…
… …
L Q…R T … 9 AZ T … C YW UbundleHash81 trytes
normalized BundleHash L Q…O T … 9 AN Q … T YQ U
normalized BundleFragment27 trytes
-12 -7 12 -2-7-6-1010-10-13-10tryte decimal
value… … …
K = number of hashes
![Page 24: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/24.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
… 25 260 1
… 25 260 1 fragment stored in bundle
9 12132
1 6 25 3
hash each segment K times
hash each keyFragment 1x
each digests consists of 81 trytes
27 segments forms a keyFragment
hash n digests 1x
Number of hashes (K) changed!
The generated address does not match the sendersaddress. Eve’s attempt will fail.
1
address
0
1
![Page 25: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/25.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
D 5 D5
Data (D) is hashed 5x to get the hashed result D5:
D 1 D1 1 D2 1 D3 1 D4 1 D5
You can also draw it this way:
D 1 D1 1 D2 1 D3 1 D4 1 D5
Question: Can you hash a value 3x to get D5?Answer: Yes, if you start with D2.
Question: Can you hash a value 6x to get D5?Answer: No, you can’t! A hash algorithm is a one-way function.
![Page 26: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/26.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
D 5 D5
Data (D) is hashed 5x to get the hashed result D5:
Question: Can you hash a value 1x to get D5?Answer: Yes, if you start with D4.
D4 1 D5
Question: Can you hash a value 4x to get D5?Answer: Yes, if you start with D1.
D1 4 D5
Question: Can you hash a value 7x to get D5?Answer: No, you can’t.
![Page 27: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/27.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• Eve knows she can change the signatureFragment.
1
4
1
6
1 1
14
2
1
=
25
12
25
25
25 25
2512
13
25
=
… 25120 14
9 2 13
26
12
… 25 260 1
signature fragment hacked
K hacked
segmenthashed 4x
segmenthashed 12x
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
Khacked, after Eve changed the address
signature fragment
… 25 260 1
25 260 1
9 12132
1 6 25 3 Koriginal
…
![Page 28: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/28.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• But Eve still has a problem with the first and last segment.
• Her attempt is only successful if all Koriginal values are bigger of equal than the corresponding Khacked values.
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
… 25120 14
9 2 13
26
12
… 25 260 1
signature fragment hacked
K hacked
segmenthashed 4x
segmenthashed 12x
Khacked
signature fragment
… 25 260 1
25 260 1
9 12132
1 6 25 3
…Koriginal
![Page 29: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/29.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• Now lets assume the following case:The Koriginal values are all between 14-26.The Khacked values are all between 1-13.
• In this case, Eve can successfully hack the transaction bundle and send IOTAs to her address.
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
… 251208 111
9 2 13
262
12
… 25 260 1
signature fragment hacked
K hacked
8x 12x11x 2x
Khacked
signature fragment
… 25 260 1
25 260 1
9 12132
17 13 25 14 Koriginal
…
![Page 30: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/30.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• However in reality the previous mentioned case is difficult to realise because a normalizedBundleHash is used.
• Eve attempt can only be successful if ALL Koriginal values are bigger of equal than the corresponding Khacked values.
• By using a normalizedBundleHash the probability that this will happen is small.
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
![Page 31: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/31.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
L Q…R T … 9 AZ T … C YW UbundleHash81 trytes
normalized BundleHash L Q…O T … 9 AN Q … T YQ U
normalized BundleFragment27 trytes
-12 -7 12 -2-7-6-1010-10-13-10tryte decimal value
… … …
K = 13 + decimal 3 0 3 13 14 3 7 6 112561
K times to hash each segment to VALIDATE signatureFragment
…… …K = number of hashes
![Page 32: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/32.jpg)
WHY IS NORMALIZEDBUNDLEHASH NEEDED?mobilefish.com
• The previous mentioned decimal values (= normalizedBundleHash tryte values converted to decimal values) are in the range -13 to 13 and are evenly distributed just like a seesaw.
• By distributing these values evenly the Koriginal values are “spread”. You will have low values: 1-13 and high values 14-26.You can not have only Koriginal values between 14 and 26, the normalizedBundleHash prevents this.
WHY IS NORMALIZEDBUNDLEHASH NEEDED?
134
10
-1-4
Before normalizing sum = 22
13-13 4-4 -1
After normalizing sum = -1
![Page 33: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/33.jpg)
WHY NOT REUSE AN ADDRESS FOR OUTGOING TXS?mobilefish.com
… 25 260 1
… 25 260 1
1 3254
1
address
0
1
digests
signature Fragment
key Fragment … 25 260 1
… 25 260 1
20 21115
1
address
0
1
1st tx bundle 2nd tx bundle
Create another outgoing transaction using the same address
![Page 34: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/34.jpg)
WHY NOT REUSE AN ADDRESS FOR OUTGOING TXS?mobilefish.com
• Eve has found these two transaction bundles using the same address A for outgoing transactions.
• A few days later, Eve noticed 500 MIOTA were send to address A.
• Eve tries a hack attempt, she takes the 2nd transaction bundle:
• From the receiver tx object, she change the recipient’s address with her own address and change the recipient’s value to 500 MIOTA.
• From the sender tx object, she change the spending value to 500 MIOTA.
• By doing so the bundleHash, normalizedBundleHash and the K values are changed.
![Page 35: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/35.jpg)
WHY NOT REUSE AN ADDRESS FOR OUTGOING TXS?mobilefish.com
… 25 260 1
… 25 260 1
1 3254
1
address
0
1
1st tx bundle
… 25 260 1
… 25 260 1
20 21115
1
address
0
1
2nd tx bundle
… 25 260 1
… 25 261102 1
18 10124
1
address
0
1
Eve modified 2nd tx bundle
20 21115
Using 2nd tx bundleHack attempt not successful
Koriginal
Khacked
![Page 36: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/36.jpg)
WHY NOT REUSE AN ADDRESS FOR OUTGOING TXS?mobilefish.com
… 25 260 1
… 25 260 1
1 3254
1
address
0
1
1st tx bundle
… 25 260 1
… 25 261102 1
18 10124
1
address
0
1
Eve modified 2nd tx bundle
20 21115
Using 2nd bundleHack attempt not successful
… 25 260 1
… 2513 261102 1
18 10124
1
address
0
1
Eve modified 1st tx bundle
20 21254
Using 2nd & 1sttx bundleHack attempt issuccessful
Koriginal
Khacked
![Page 37: mobilefish.com IOTA TUTORIAL 27 · • You can think of normalizing the bundleHash as balancing a seesaw, by manipulating its “weight” (=trytes) to reach a more equilibrium state.](https://reader030.fdocuments.us/reader030/viewer/2022041208/5d63fb8d88c993a8688b8ab8/html5/thumbnails/37.jpg)
WHY NOT REUSE AN ADDRESS FOR OUTGOING TXS?mobilefish.com
• If you reuse an address for outgoing addresses you provide a hacker more possibilities to successfully create a modified transaction bundle sending IOTAs from the victim’s address to the hackers address.
• Reusing an address for outgoing transactions does not mean the hacker will immediately succeed in its hack attempt, but it will definitely increase its chances.