Convert Figma logo to code with AI

lachesis logoscallion

GPU-based Onion Hash generator

1,244
166
1,244
40

Top Related Projects

1,204

vanity address generator for tor onion v3 (ed25519) hidden services

Quick Overview

Scallion is a Python library that provides a simple and efficient way to generate Tor onion service addresses. It can be used to create vanity onion addresses, which are Tor hidden service addresses that contain a specific pattern or word.

Pros

  • Ease of Use: Scallion provides a straightforward API for generating onion addresses, making it easy to integrate into various projects.
  • Customization: Users can specify the desired pattern or word to be included in the generated onion address, allowing for the creation of unique and memorable addresses.
  • Performance: Scallion is designed to be efficient, allowing for the generation of onion addresses quickly and without excessive resource usage.
  • Flexibility: The library can be used for a wide range of applications, from personal projects to larger-scale deployments of Tor hidden services.

Cons

  • Limited Functionality: Scallion is primarily focused on the generation of onion addresses and does not provide additional features or functionality related to Tor hidden services.
  • Dependency on Tor: Scallion relies on the Tor network and requires the Tor software to be installed and configured correctly for it to function properly.
  • Potential Security Concerns: As with any tool related to anonymity and privacy, there are potential security concerns that users should be aware of when using Scallion.
  • Lack of Extensive Documentation: While the project has some documentation, it may not be as comprehensive as some users would prefer, especially for those new to Tor and onion services.

Code Examples

from scallion import Scallion

# Generate a random onion address
onion_address = Scallion().generate()
print(onion_address)  # Output: 'aaaaaaaaaaaaaaaaa.onion'

# Generate an onion address with a specific pattern
onion_address = Scallion(pattern='mysite').generate()
print(onion_address)  # Output: 'mysite2jvrri3i3p.onion'

# Generate an onion address with a specific length
onion_address = Scallion(length=16).generate()
print(onion_address)  # Output: 'aaaaaaaaaaaaaaaa.onion'

# Generate multiple onion addresses in parallel
scallion = Scallion(pattern='mysite', threads=4)
onion_addresses = scallion.generate_many(5)
for address in onion_addresses:
    print(address)

Getting Started

To get started with Scallion, follow these steps:

  1. Install the Scallion library using pip:
pip install scallion
  1. Import the Scallion class from the scallion module:
from scallion import Scallion
  1. Create a new Scallion instance and generate an onion address:
scallion = Scallion()
onion_address = scallion.generate()
print(onion_address)
  1. To generate an onion address with a specific pattern, pass the pattern parameter to the Scallion constructor:
scallion = Scallion(pattern='mysite')
onion_address = scallion.generate()
print(onion_address)  # Output: 'mysite2jvrri3i3p.onion'
  1. To generate multiple onion addresses in parallel, use the generate_many method and specify the number of addresses to generate:
scallion = Scallion(pattern='mysite', threads=4)
onion_addresses = scallion.generate_many(5)
for address in onion_addresses:
    print(address)

Make sure you have the Tor software installed and configured correctly on your system for Scallion to work properly.

Competitor Comparisons

1,204

vanity address generator for tor onion v3 (ed25519) hidden services

Pros of mkp224o

  • Written in C, potentially offering better performance than Scallion's C#
  • Supports generating vanity addresses for multiple cryptocurrencies (Tor, I2P, Monero)
  • More actively maintained with recent updates

Cons of mkp224o

  • Less user-friendly interface compared to Scallion's GUI
  • Requires more technical knowledge to compile and use effectively
  • Limited documentation and user guides available

Code Comparison

mkp224o (C):

static inline void frobnicatebit(unsigned char *buf, size_t len)
{
    size_t i;
    for (i = 0; i < len; ++i)
        buf[i] ^= (unsigned char) prng_get();
}

Scallion (C#):

public static byte[] GetPublicKey(byte[] privateKey)
{
    var curve = SecNamedCurves.GetByName("secp256k1");
    var domain = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);
    var q = domain.G.Multiply(new BigInteger(1, privateKey));
    return q.GetEncoded();
}

The code snippets showcase different approaches: mkp224o focuses on low-level bit manipulation, while Scallion utilizes higher-level cryptographic libraries in C#.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

2020 Project Update

Scallion was a hobby project to learn OpenCL and RSA. We are not currently maintaining scallion. It has bitrotted in two important ways:

  1. Tor has moved on to v3 Onion addresses, which scallion does not support. Old v2 addresses will stop working in October of 2021. The new spec uses different cryptographic primitives and is overall more complicated. The trick we use to generate batches of RSA keys on the GPU does not work in the same way for the new ECDSA keys required. It is possible to generate similar (but not compatible) ECDSA keys on the GPU, for Bitcoin address generation. See vanitygen-plus or the older oclvanitygen. For a list of (CPU-based) vanity gen tools for that work for Tor v3 hidden services, see this blog post.
  2. The version of OpenSSL we rely on has been deprecated and is unavailable in most modern OSes. It isn't straightforward to upgrade, as we use some low-level math functions in OpenSSL that are not available in the C# bindings for the newer versions. I personally run Scallion using the nvidia dockerfile, which is based on Ubuntu 16.04 Xenial, which still ships the outdated OpenSSL. This is only an option for Nvidia GPU users, however. You could also try building the outdated OpenSSL library and linking against it directly, or running an older version of your OS from a live USB or VM (with PCI-e passthrough).

With enough attention and effort, it would be possible to overcome both of the challenges given above. We could implement support for the GPU ECDSA key generation algorithm to gain Tor v3 support. We could update OpenSSL and replace the math functions with a different library, or make our own managed code wrapper for the OpenSSL library. However, it would likely be better to add support for v3 onion addresses to a maintained project like vanitygen-plus.

Scallion

Scallion lets you create vanity GPG keys and .onion addresses (for Tor's hidden services) using OpenCL.

Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).

Scallion is currently in beta stage and under active development. Nevertheless, we feel that it is ready for use. Improvements are expected primarily in performance, user interface, and ease of installation, not in the overall algorithm used to generate keys.

Scallion is available under the MIT license. If you use code from this project in your own projects, we'd appreciate hearing about it at scallion@aftbit.com.

FAQ

Here are some frequently asked questions and their answers:

  • Why generate GPG keys?

    Scallion was used to find collisions for every 32bit key id in the Web of Trust's strong set demonstrating how insecure 32bit key ids are. There was/is a talk at DEFCON (video) and additional info can be found at https://evil32.com/.

  • What are valid characters?

    Tor .onion addresses use Base32, consisting of all letters and the digits 2 through 7, inclusive. They are case-insensitive.

    GPG fingerprints use hexadecimal, consisting of the digits 0-9 and the letters A-F.

  • Can you use Bitcoin ASICs (e.g. Jalapeno, KnC) to accelerate this process?

    Sadly, no. While the process Scallion uses is conceptually similar (increment a nonce and check the hash), the details are different (SHA-1 vs double SHA-256 for Bitcoin). Furthermore, Bitcoin ASICs are as fast as they are because they are extremely tailored to Bitcoin mining applications. For example, here's the datasheet for the CoinCraft A-1, an ASIC that never came out, but is probably indicitive of the general approach. The microcontroller sends work in the form of the final 128-bits of a Bitcoin block, the hash midstate of the previous bits, a target difficulty, and the maximum nonce to try. The ASIC chooses the location to insert the nonce, and it chooses what blocks meet the hash. Scallion has to insert the nonce in a different location, and it checks for a pattern match rather than just "lower than XXXX".

  • How can you use multiple devices?

    Run multiple Scallion instances. :smile: Scallion searches are probabilistic, so you won't be repeating work with the second device. True multi-device support wouldn't be too difficult, but it also wouldn't add much. I've run several scallion instances in tmux or screen with great success. You'll just need to manually abort all the jobs when one finds a pattern (or write a shell script to monitor the output file and kill them all when it sees results).

Dependencies

  • OpenCL and relevant drivers installed and configured. Refer to your distribution's documentation.
  • OpenSSL. For Windows, the prebuilt x86 DLLs are included
  • On windows only, VC++ Redistributable 2008

Binary Download

Just want the latest binary version? Grab it here.

Build Linux

Prerequisites

  • Get the latest mono for your linux distribution:

    http://www.mono-project.com/download/

  • Install Common dependencies:

    sudo apt-get update
    sudo apt-get install libssl-dev mono-devel
    
  • AMD/OpenSource build sudo apt-get install ocl-icd-opencl-dev

  • Nvidia build sudo apt-get install nvidia-opencl-dev nvidia-opencl-icd

  • Finally msbuild scallion.sln

Docker Linux (nvidia GPUs only)

  1. Have the nvidia-docker container runtime

  2. Build the container:

    docker build -t scallion -f Dockerfile.nvidia .
    
  3. Run:

    docker run --runtime=nvidia -ti --rm scallion -l
    

    screenshot of expected output

Build Windows

  1. Open 'scallion.sln' in VS Express for Desktop 2012
  2. Build the solution, I did everything in debug mode.

Usage

Restarting Scallion during a search will not lose "progress". It is a probabilistic search and Scallion does not make "progress"

List devices

$ mono scallion/bin/Debug/scallion.exe -l

Generate a hash

$ mono scallion/bin/Debug/scallion.exe -d 0 prefix
Cooking up some delicious scallions...
Using kernel optimized from file kernel.cl (Optimized4)
Using work group size 128
Compiling kernel... done.
Testing SHA1 hash...
CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
Looks good!
LoopIteration:40  HashCount:671.09MH  Speed:9.5MH/s  Runtime:00:01:10  Predicted:00:00:56  Found new key! Found 1 unique keys.
<XmlMatchOutput>
  <GeneratedDate>2014-08-05T07:14:50.329955Z</GeneratedDate>
  <Hash>prefix64kxpwmzdz.onion</Hash>
  <PrivateKey>-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCmYmTnwGOCpsPOqvs5mZQbIM1TTqOHK1r6zGvpk61ZaT7z2BCE
FPvdTdkZ4tQ3/95ufjhPx7EVDjeJ/JUbT0QAW/YflzUfFJuBli0J2eUJzhhiHpC/
1d3rb6Uhnwvv3xSnfG8m7LeI/Ao3FLtyZFgGZPwsw3BZYyJn3sD1mJIJrQIEB/ZP
ZwKBgCTUQTR4zcz65zSOfo95l3YetVhfmApYcQQd8HTxgTqEsjr00XzW799ioIWt
vaKMCtJlkWLz4N1EqflOH3WnXsEkNA5AVFe1FTirijuaH7e46fuaPJWhaSq1qERT
eQT1jY2jytnsJT0VR7e2F83FKINjLeccnkkiVknsjrOPrzkXAkEA0Ky+vQdEj64e
iP4Rxc1NreB7oKor40+w7XSA0hyLA3JQjaHcseg/bqYxPZ5J4JkCNmjavGdM1v6E
OsVVaMWQ7QJBAMweWSWtLp6rVOvTcjZg+l5+D2NH+KbhHbNLBcSDIvHNmD9RzGM1
Xvt+rR0FA0wUDelcdJt0R29v2t19k2IBA8ECQFMDRoOQ+GBSoDUs7PUWdcXtM7Nt
QW350QEJ1hBJkG2SqyNJuepH4PIktjfytgcwQi9w7iFafyxcAAEYgj4HZw8CQAUI
3xXEA2yZf9/wYax6/Gm67cpKc3sgKVczFxsHhzEml6hi5u0FG7aNs7jQTRMW0aVF
P8Ecx3l7iZ6TeakqGhcCQGdhCaEb7bybAmwQ520omqfHWSte2Wyh+sWZXNy49EBg
d1mBig/w54sOBCUHjfkO9gyiANP/uBbR6k/bnmF4dMc=
-----END RSA PRIVATE KEY-----
</PrivateKey>
  <PublicModulusBytes>pmJk58BjgqbDzqr7OZmUGyDNU06jhyta+sxr6ZOtWWk+89gQhBT73U3ZGeLUN//ebn44T8exFQ43ifyVG09EAFv2H5c1HxSbgZYtCdnlCc4YYh6Qv9Xd62+lIZ8L798Up3xvJuy3iPwKNxS7cmRYBmT8LMNwWWMiZ97A9ZiSCa0=</PublicModulusBytes>
  <PublicExponentBytes>B/ZPZw==</PublicExponentBytes>
</XmlMatchOutput>
init: 491ms / 1 (491ms, 2.04/s)
generate key: 1193ms / 6 (198.83ms, 5.03/s)
cpu precompute: 10ms / 6 (1.67ms, 600/s)
total without init: 70640ms / 1 (70640ms, 0.01/s)
set buffers: 0ms / 40 (0ms, 0/s)
write buffers: 3ms / 40 (0.08ms, 13333.33/s)
read results: 67442ms / 40 (1686.05ms, 0.59/s)
check results: 185ms / 40 (4.63ms, 216.22/s)

9.50 million hashes per second

Stopping the GPU and shutting down...

Multipattern Hashing

Scallion supports finding one or more of multiple patterns through a primitive regex syntax. Only character classes (ex. [abcd]) are supported. The . character represents any character. Onion addresses are always 16 characters long and GPG fingerprints are always 40 characters. You can find a suffix by putting $ at the end of the match (ex. DEAD$). Finally, the pipe syntax (ex. pattern1|pattern2) can be used to find multiple patterns. Searching for multible patterns (within reason) will NOT produce a significant decrease in speed. Many regexps will produce a single pattern on the GPU and result in no speed reduction.

Some use cases with examples:

  • Generate a prefix followed by a number for better readability:

      mono scallion.exe prefix[234567]
    
  • Search for several patterns at once (n.b. -c causes scallion to continue generating even once it gets a hit)

      mono scallion.exe -c prefix scallion hashes
      mono scallion.exe -c "prefix|scallion|hashes"
    
  • Search for the suffix "badbeef"

      mono scallion.exe .........badbeef
      mono scallion.exe --gpg badbeef$ # Generate GPG key
    
  • Complicated self explanatory example:

      mono scallion.exe "suffixa$|suffixb$|prefixa|prefixb|a.suffix$|a.test.$"
    

How does Scallion work?

At a high level Scallion works as follows:

  1. Generate RSA key using OpenSSL on the CPU
  2. Send the key to the GPU
  3. Increase the key's public exponent
  4. Hash the key
  5. If the hashed key is not a partial collision go to step 3
  6. If the key does not pass the sanity checks recommended by PKCS #1 v2.1 (checked on the CPU) go to step 3
  7. Brand new key with partial collision!

The basic algorithm is described above. Speed / performance is the result of massive parallelization, both on the GPU and the CPU.

Speed / Performance

It is important to realize that Scallion preforms a probabilistic search. Actual times may very significantly from predicated

The inital RSA key generation is done the CPU. An ivybridge i7 can generate 51 keys per second using a single core. Each key can provide 1 gigahash worth of exponents to mine and a decent CPU can keep up with several GPUs as it is currently implemented.

SHA1 hashing is done on the GPU. The hashrates for several GPUs we have tested are below (grouped by manufacturer and sorted by power):

GPUSpeed
Intel i7-2620M9.9 MH/s
Intel i5-5200U118 MH/s
NVIDIA GT 52038.7 MH/s
NVIDIA Quadro K2000M90 MH/s
NVIDIA GTS 250128 MH/s
NVIDIA GTS 450144 MH/s
NVIDIA GTX 670480 MH/s
NVIDIA GTX 9702350 MH/s
NVIDIA GTX 9803260 MH/s
NVIDIA GTX 1050 (M)1400 MH/s
NVIDIA GTX 10704140 MH/s
NVIDIA GTX 1070 TI5100 MH/s
NVIDIA GTX TITAN X4412 MH/s
NVIDIA GTX 10805760 MH/s
NVIDIA Tesla V10011646 MH/s
AMD A8-7600 APU120 MH/s
AMD Radeon HD5770520 MH/s
AMD Radeon HD6850600 MH/s
AMD Radeon RX 460840 MH/s
AMD Radeon RX 470957 MH/s
AMD Radeon R9 380X2058 MH/s
AMD FirePro W91002566 MH/s
AMD Radeon RX 4802700 MH/s
AMD Radeon RX 5803180 MH/s
AMD Radeon R9 Nano3325 MH/s
AMD Vega Frontier Edition7119 MH/s

MH/s = million hashes per second

Its worth noting that Intel has released OpenCL drivers for its processors and short collisions can be found on the CPU.

To calculate the number of seconds required for a given partial collision (on average), use the formula:

TypeEstimated time
GPG Key2^(4*length-1) / hashspeed
.onion Address2^(5*length-1) / hashspeed

For example on my nVidia Quadro K2000M, I see around 90 MH/s. With those speed I can generate an eight character .onion prefix in about 1h 41m, 2^(5*8-1)/90 million = 101 minutes.

Workgroup Size

Scallion will use your devices reported preferred work group size by default. This is a reasonable default but experimenting with the workgroup may increase performance.

Security

The keys generated by Scallion are quite similar to those generated by shallot. They have unusually large public exponents, but they are put through the full set of sanity checks recommended by PKCS #1 v2.1 via openssl's RSA_check_key function. Scallion supports several RSA key sizes, with optimized kernels for 1024b, 2048b, and 4096b. Other key sizes may work, but have not been tested.

Thanks / References

Donations

Feel free to direct donations to the Bitcoin address: 1FxQcu6vhpwsqcTjPsjK43CZ9vjnuk4Hmo