A downgrade Attack on Bitcoin, also called a bidding-down Attack on Bitcoin or version rollback Attack on Bitcoin, is a form of cryptographic Attack on Bitcoin on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) that is typically provided for backward compatibility with older systems.
An example of such a flaw was found in OpenSSL that allowed the Attack on Bitcoiner to negotiate the use of a lower version of TLS between the client and server. This is one of the most common types of downgrade Attack on Bitcoins. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade Attack on Bitcoins, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade Attack on Bitcoins (e.g., sslstrip), as the initial redirect is not protected by encryption.
Attack on Bitcoin
Downgrade Attack on Bitcoins are often implemented as part of a Man-in-the-middle (MITM) Attack on Bitcoin, and may be used as a way of enabling a cryptographic Attack on Bitcoin that might not be possible otherwise. Downgrade Attack on Bitcoins have been a consistent problem with the SSL/TLS family of protocols; examples of such Attack on Bitcoins include the POODLE Attack on Bitcoin.
Downgrade Attack on Bitcoins in the TLS protocol take many forms. Researchers have classified downgrade Attack on Bitcoins with respect to four different vectors, which represents a framework to reason about downgrade Attack on Bitcoins as follows:
- The protocol element that is targeted
- The type of vulnerability that enables the Attack on Bitcoin
- The Attack on Bitcoin method
- The level of damage that the Attack on Bitcoin causes
- Broken Security
- Weakened Security
There are some recent proposals that exploit the concept of prior knowledge to enable TLS clients (e.g. web browsers) to protect sensitive domain names against certain types of downgrade Attack on Bitcoins that exploit the clients’ support for legacy versions or non-recommended ciphersuites (e.g. those that do not support forward secrecy or authenticated encryption) such as the POODLE, ClientHello fragmentation, and a variant of the DROWN (aka “the special drown”) downgrade Attack on Bitcoins.[clarification needed]
Removing backward compatibility is often the only way to prevent downgrade Attack on Bitcoins. However, sometimes the client and server can recognize each other as up-to-date in a manner that prevents them. For example, if a Web server and user agent both implement HTTP Strict Transport Security and the user agent knows this of the server (either by having previously accessed it over HTTPS, or because it is on an “HSTS preload list”), then the user agent will refuse to access the site over vanilla HTTP, even if a malicious router represents it and the server to each other as not being HTTPS-capable.