{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:5YDVUSDM3BU6LRJPOM6D4QPDJO","short_pith_number":"pith:5YDVUSDM","schema_version":"1.0","canonical_sha256":"ee075a486cd869e5c52f733c3e41e34ba9ae91adec8dc715f7195860d39d2600","source":{"kind":"arxiv","id":"2606.00918","version":1},"attestation_state":"computed","paper":{"title":"One (Thread) Can Keep a (PRNG) Secret, but not Two","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Amit Klein, Benny Pinkas, Ehood Porat","submitted_at":"2026-05-30T23:00:31Z","abstract_excerpt":"We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator (PRNG) to cryptanalytically break, learn the internal state of the generator, and consequently predict fragment IDs, which, in turn, facilitates an IPv6 fragment spoofing attack. As far as we know, this is the first cryptanalytic attack that is based on exploiting race-conditions. With fragment spoofing, it is possible to partially manipulat"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2606.00918","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-30T23:00:31Z","cross_cats_sorted":[],"title_canon_sha256":"6c9048ae12a09870a4da1ec433228b79bb5fd709c929fa2ec92f4b59028e9a1b","abstract_canon_sha256":"886d4afc066cc3f6f5d67f9c53dae18df8ff954f2a16e2c4f38b8ec943ab37aa"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-02T01:04:09.449240Z","signature_b64":"e3ofrjoLjVWBkjWjrHscj9tNN9BvSaTziHsalBM9L8uiAKRd7uZH2IZ7AZS9zrOkuXfkpdCJa1n8n4DTmXAMCQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"ee075a486cd869e5c52f733c3e41e34ba9ae91adec8dc715f7195860d39d2600","last_reissued_at":"2026-06-02T01:04:09.448831Z","signature_status":"signed_v1","first_computed_at":"2026-06-02T01:04:09.448831Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"One (Thread) Can Keep a (PRNG) Secret, but not Two","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Amit Klein, Benny Pinkas, Ehood Porat","submitted_at":"2026-05-30T23:00:31Z","abstract_excerpt":"We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator (PRNG) to cryptanalytically break, learn the internal state of the generator, and consequently predict fragment IDs, which, in turn, facilitates an IPv6 fragment spoofing attack. As far as we know, this is the first cryptanalytic attack that is based on exploiting race-conditions. With fragment spoofing, it is possible to partially manipulat"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.00918","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.00918/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2606.00918","created_at":"2026-06-02T01:04:09.448885+00:00"},{"alias_kind":"arxiv_version","alias_value":"2606.00918v1","created_at":"2026-06-02T01:04:09.448885+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.00918","created_at":"2026-06-02T01:04:09.448885+00:00"},{"alias_kind":"pith_short_12","alias_value":"5YDVUSDM3BU6","created_at":"2026-06-02T01:04:09.448885+00:00"},{"alias_kind":"pith_short_16","alias_value":"5YDVUSDM3BU6LRJP","created_at":"2026-06-02T01:04:09.448885+00:00"},{"alias_kind":"pith_short_8","alias_value":"5YDVUSDM","created_at":"2026-06-02T01:04:09.448885+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO","json":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO.json","graph_json":"https://pith.science/api/pith-number/5YDVUSDM3BU6LRJPOM6D4QPDJO/graph.json","events_json":"https://pith.science/api/pith-number/5YDVUSDM3BU6LRJPOM6D4QPDJO/events.json","paper":"https://pith.science/paper/5YDVUSDM"},"agent_actions":{"view_html":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO","download_json":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO.json","view_paper":"https://pith.science/paper/5YDVUSDM","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2606.00918&json=true","fetch_graph":"https://pith.science/api/pith-number/5YDVUSDM3BU6LRJPOM6D4QPDJO/graph.json","fetch_events":"https://pith.science/api/pith-number/5YDVUSDM3BU6LRJPOM6D4QPDJO/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO/action/timestamp_anchor","attest_storage":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO/action/storage_attestation","attest_author":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO/action/author_attestation","sign_citation":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO/action/citation_signature","submit_replication":"https://pith.science/pith/5YDVUSDM3BU6LRJPOM6D4QPDJO/action/replication_record"}},"created_at":"2026-06-02T01:04:09.448885+00:00","updated_at":"2026-06-02T01:04:09.448885+00:00"}