1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Gradecoin</title>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<style>
:root {
/* Primary theme color */
--primary-color: #F8D12F;
/* Primary theme text color */
--primary-text-color: #1E2329;
/* Primary theme link color */
--primary-link-color: #2F57F7;
/* Secondary color: the background body color */
--secondary-color: #FAFAFA;
--secondary-text-color: #303030;
/* Highlight text color of table of content */
--toc-highlight-text-color: #d46e13;
}
</style>
<link href="https://fonts.googleapis.com/css?family=Alfa+Slab+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Fira+Sans:400,500,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/normalize.css">
<link rel="stylesheet" href="https://gradecoin.xyz/juice.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css" />
<link rel="stylesheet" href="/site.css" />
</head>
<body>
<header class="pos-absolute" style="background-color: transparent">
<a href="https://gradecoin.xyz/">
<div class="logo">
<img src="https://gradecoin.xyz/gradecoin.png" alt="logo">
Gradecoin
</div>
</a>
<nav>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/register-docs/">Register</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/jwt/">JWT</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/transaction-docs/">Transactions</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/block-docs/">Blocks</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/misc-docs/">Misc</a>
<a class="nav-item subtitle-text" href="https://github.com/zhuowei/nft_ptr#why">why?</a>
</nav>
</header>
<div class="hero">
<section class="text-center">
<h1 class="heading-text animate__animated animate__jackInTheBox" style="font-size: 50px">
Mine your own grades
</h1>
<h3 class="title-text">
<b>Gradecoin</b> is the latest cutting edge blockchain technology agile grading framework that drives organic engagement and other buzzwords, with big data mining search engine optimization
</h3>
<div>
</div>
</section>
<img class="hero-image" style="width: 40%" src="https://gradecoin.xyz/gradecoin.png">
<div class="explore-more text"
onclick="document.getElementById('features').scrollIntoView({behavior: 'smooth'})">
⇩ Learn How ⇩
</div>
<style>
.hero section {
padding: 0 5rem;
}
@media screen and (max-width: 768px) {
.hero section {
padding: 0 2rem;
}
.hero-image {
display: none
}
}
footer {
color: #8b8b8b;
}
</style>
</div>
<main>
<div class="toc">
<div class="toc-sticky">
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/#welcome-to-gradecoin">Welcome to Gradecoin!</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/#coinbase">Coinbase</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/#public-key-signatures">Public Key Signatures</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/#services">Services</a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#register"><small>- /register</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#transaction"><small>- /transaction</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#block"><small>- /block</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#user"><small>- /user</small></a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/#questions">Questions</a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#this-all-sound-complicated"><small>- This all sound complicated!</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#how-do-you-actually-earn-gradecoin"><small>- How do you actually earn Gradecoin?</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#i-found-a-bug"><small>- I found a bug!</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#i-hacked-the-server"><small>- I hacked the server!</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#submission"><small>- Submission?</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#can-my-friends-play"><small>- Can my friends play?</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/#how-and-or-why"><small>- How and or Why?</small></a>
</div>
</div>
</div>
<div class="content text">
<div class="tcontainer">
<div class="ticker-wrap">
<div class="ticker-move">
<div class="ticker-item"><b>News:</b></div>
<div class="ticker-item">Gradecoin is in testnet mode, API is not stable, everything might reset at any time.</div>
<div class="ticker-item">Someone managed to authenticate themselves in less than 24 hours!</div>
<div class="ticker-item">Transactions now have saner amount limits.</div>
<div class="ticker-item">Blocks now properly require 10 transactions in them.</div>
</div>
</div>
</div>
<h1 id="welcome-to-gradecoin">Welcome to Gradecoin!</h1>
<p>Blockchains are incredibly simple yet can appear very complicated, we will see how they work and practice programming <em>production</em> cryptography code.</p>
<p>This server is the sandbox for the PA1, it's currently running the Gradecoin application. Gradecoin is the faux currency we will use to simulate a blockchain network. At the end of the simulation, the amount of Gradecoin you hold will be your PA1 grade.</p>
<p><strong>A quick summary</strong>: authenticate yourself to the system using public key encryption.
Craft <a href="https://gradecoin.xyz/transaction-docs/">Transaction</a> proposals and tag them using <a href="https://gradecoin.xyz/jwt/">JWTs</a>.
When there are enough transactions then you can propose <a href="https://gradecoin.xyz/block-docs/">Blocks</a> in the same way.
Blocks need to be <em>mined</em> beforehand using Proof-of-work, or brute force.</p>
<p>Gradecoin offers 3 endpoints at <a href="/register">/register</a>, <a href="/block">/block</a> and <a href="/transaction">/transaction</a>. You can only send GET requests to /block and /transaction without authorization.
The server is programmed in <a href="https://www.service-architecture.com/articles/web-services/representational_state_transfer_rest.html">RESTful</a> architecture, there are no <code>DELETE</code>, <code>PUT</code> or <code>UPDATE</code> operations, though.</p>
<p>Gradecoin uses a Proof-of-work block accepting mechanism. It uses single round <a href="https://www.blake2.net/">Blake2s</a> hashing which produces 256-bit (64 hexadecimal characters) output. The <a href="https://wiki.bitcoinsv.io/index.php/Target">target</a> hash is <em>24 bits</em> or <em>6 hexadecimal characters</em> of 0. During testing, I could mine a block on average around 4-6 minutes.</p>
<blockquote>
<p>We're expecting you to use existing tools and implementations. Standards are hard. <a href="https://www.reddit.com/r/crypto/comments/2coqsy/dont_roll_your_own/">Don't roll your own crypto</a>. Feel free to ask questions. Collaborate.</p>
</blockquote>
<p>You might ask,</p>
<blockquote>
<p>But if nobody has any Gradecoin then how do we have transactions?</p>
</blockquote>
<p>There is a bank! Their public key is <code>31415926535897932384626433832795028841971693993751058209749445923</code> and they have some amount of Gradecoin preloaded. It's also the only account that you can send transactions requests <em>to</em> yourself.</p>
<h1 id="coinbase">Coinbase</h1>
<p>The first transactions of a block is called the <code>coinbase</code>. They are the <strong>author</strong> of the block proposal and if the block is accepted then they get compensated for their efforts with some Gradecoin.</p>
<h1 id="public-key-signatures">Public Key Signatures</h1>
<p>Gradecoin uses 2048 bit RSA keypairs.</p>
<h1 id="services">Services</h1>
<h2 id="register">/register</h2>
<ul>
<li>Create your own 2048 bit RSA <code>keypair</code></li>
<li>Download <code>Gradecoin</code>'s Public Key from <a href="https://odtuclass.metu.edu.tr/my/">Moodle</a></li>
<li>Encrypt your <a href="https://www.json.org/json-en.html">JSON</a> wrapped <code>Public Key</code>, <code>Student ID</code> and one time <code>passwd</code> using Gradecoin's Public Key</li>
<li>Your public key is now in our database and can be used to sign your JWT's during requests</li>
<li>For more information, check the <a href="https://gradecoin.xyz/register-docs/">register</a> page</li>
</ul>
<h2 id="transaction">/transaction</h2>
<ul>
<li>You can offer a <a href="https://gradecoin.xyz/transaction-docs/">Transaction</a> with a POST request
<ul>
<li>The request should have <code>Authorization</code></li>
<li>The request header should be signed by the Public Key of the <code>by</code> field in the transaction</li>
</ul>
</li>
<li>Fetch the list of <code>Transaction</code>s with a GET request</li>
<li>For more information, check our <a href="https://gradecoin.xyz/transaction-docs/">transaction</a> page</li>
</ul>
<h2 id="block">/block</h2>
<ul>
<li>
<p>Offer a <a href="https://gradecoin.xyz/block-docs/">Block</a> with a POST request</p>
<ul>
<li>The request should have <code>Authorization</code></li>
<li>The <code>transaction_list</code> of the block should be a subset of pending transactions, available on <a href="/transaction">/transaction</a></li>
</ul>
</li>
<li>
<p>Fetch the last accepted <code>Block</code> with a GET request</p>
</li>
<li>
<p>For more information, check our <a href="https://gradecoin.xyz/block-docs/">block</a> page</p>
<p><code>Authorization</code>: The request header should have Bearer JWT.Token signed with Student Public Key</p>
</li>
</ul>
<h2 id="user">/user</h2>
<ul>
<li>Meant to be used in the browser, you can see the current list of users and their balance here</li>
</ul>
<h1 id="questions">Questions</h1>
<h2 id="this-all-sound-complicated">This all sound complicated!</h2>
<ul>
<li>I've drawn inspiration from <a href="https://explorer.bitcoin.com/btc">actual Bitcoin transactions</a> and <a href="https://github.com/seanmonstar/warp/blob/master/examples/todos.rs">warp</a>. The simplicity of the system is how little interfaces it has.</li>
<li>Don't know where to start? Gradecoin uses RESTful API; simple <code>curl</code> commands or even your browser will work! <a href="https://curl.trillworks.com/">This website can help as well</a>.</li>
<li><a href="https://jwt.io">JWT Debugger</a> and the corresponding <a href="https://tools.ietf.org/html/rfc7519">RFC</a>.</li>
<li>Remember that you are absolutely encouraged to grab off-the-shelf implementations for every cryptography primitive you will use. You can start by finding a code snippet to generate a RSA keypair?</li>
<li>Check out <a href="https://gradecoin.xyz/misc-docs/">misc</a> for everything else you might be curious about.</li>
</ul>
<h2 id="how-do-you-actually-earn-gradecoin">How do you actually earn Gradecoin?</h2>
<ul>
<li>Register yourself to at <a href="https://gradecoin.xyz/register-docs/">/register</a></li>
<li>Create transactions at <a href="https://gradecoin.xyz/transaction-docs/">/transaction</a></li>
<li>Create blocks to commit transactions at <a href="https://gradecoin.xyz/block-docs/">/block</a></li>
<li>See how everyone is doing and find people to trade with at <a href="/user">/user</a></li>
</ul>
<h2 id="i-found-a-bug">I found a bug!</h2>
<p>Thank you! Please <a href="mailto:yigit@ceng.metu.edu.tr">let me know</a> so we can solve it.</p>
<h2 id="i-hacked-the-server">I hacked the server!</h2>
<p>That wasn't supposed to happen :( I did not place any intentional vulnerabilities to the system so if you cracked something, it was not intended. Please don't abuse it and let me know so I can patch it.</p>
<h2 id="submission">Submission?</h2>
<p>At the end of the <em>simulation</em>, your Gradecoin balance will be your grade. I will also expect a unique client programmed in either;</p>
<ul>
<li>c</li>
<li>c++</li>
<li>perl</li>
<li>rust</li>
<li>python</li>
<li>random assortment of bash scripts</li>
</ul>
<p>If your favourite programming language is missing please let me know 🤷?</p>
<h2 id="can-my-friends-play">Can my friends play?</h2>
<p>Sadly, no. Student's who are enrolled to the class will receive one-time-passwords for authentication.</p>
<h2 id="how-and-or-why">How and or Why?</h2>
<ul>
<li><a href="https://xkcd.com/2314/">Built</a>, <a href="https://lofi.cafe/">with</a> <a href="https://xkcd.com/2418/">Rust</a></li>
</ul>
</div>
</main>
<footer>
Built For ⁂ CENG489 ⁂ Introduction to Computer Security
</footer>
</body>
<script>
function highlightNav(heading) {
let pathname = location.pathname;
document.querySelectorAll(".toc a").forEach((item) => {
item.classList.remove("active");
});
document.querySelector(".toc a[href$='" + pathname + "#" + heading + "']").classList.add("active");
}
let currentHeading = "";
window.onscroll = function () {
let h = document.querySelectorAll("h1,h2,h3,h4,h5,h6");
let elementArr = [];
h.forEach(item => {
if (item.id !== "") {
elementArr[item.id] = item.getBoundingClientRect().top;
}
});
elementArr.sort();
for (let key in elementArr) {
if (!elementArr.hasOwnProperty(key)) {
continue;
}
if (elementArr[key] > 0 && elementArr[key] < 300) {
if (currentHeading !== key) {
highlightNav(key);
currentHeading = key;
}
break;
}
}
}
</script>
</html>
|