The Bitcoin Piñata

Published: 2017-09-15 (last updated: 2018-01-14)


The Bitcoin Piñata is a unikernel which serves as bug bounty system to test TLS and the underlying implementations. Its communication endpoints are a website describing the setup, and both a TLS client and a TLS server listening on a port. The total size, including TLS, X.509, TCP/IP, of the virtual machine image is 4MB, which is less than 4% of a comparable system using a Linux kernel and OpenSSL.

When a TLS handshake is successfully completed with mutual authentication, the Piñata transmits the private key to a bitcoin wallet which initially contained 10BTC. In 2018, most of them will be reused for other projects.

On startup, the Piñata generates its certificate authority on the fly, including certificates and private keys. This means that only the Piñata itself contains private keys which can authenticate successfully, and an attacker has to find an exploitable flaw in any software layer (OCaml runtime, virtual network device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge.

The Piñata is online since February 2015, and even though thousands of unique IP addresses established connections and initiated TLS handshakes, no bitcoins were taken. Looks like its security is decent or obscure enough.

By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody can observe (by looking into the Bitcoin blockchain) whether it has been compromised and the money has been transferred to another wallet. It is also self-serving: when an attacker discovers a flaw, they don't need to fill out any forms to retrieve the bounty, instead they can take the wallet, without any questions asked.