Reticle attacks against weak ECDSA signatures
According to the paper published by the researchers, it is possible to obtain private keys by analyzing the signatures of Bitcoin, Ethereum and Ripple. This vulnerability only occurs in borderline cases where the code is not implemented correctly by the developers. It can also occur when there is a failure in multi-signature hardware.
The document underlines the resilience of cryptographic schemes used by cryptocurrencies and also emphasizes the importance of correct implementation.
Whenever a cryptocurrency holder makes a transaction, he must create a digital signature with an elliptic curve algorithm. The software opens with an arbitrary number that can be used only once for communication. The arbitrary number is called nonce.
The software will have to sign each transaction with a single nonce. Otherwise, hackers will be able to calculate the signer's private key and steal as many tokens as possible. The researchers also found that hackers can continue to monitor a blockchain for repeated nonce to extract money from compromised keys. They can calculate private keys from signatures that have similar similarities.
The authors of the document are Dr. Nadia Heninger, associate professor of computer science at the University of California and Joachim Breitner, senior researcher at DFINITY. The vulnerability was as scholarship holders:
Using lattices, an advanced form of mathematics, the researchers were able to decipher some portfolio addresses and find private keys:
"Lattice algorithms allow us to find solutions to systems that are constrained by linear equations.There are many cryptanalytic techniques that already use lattice algorithms as constitutive elements."
The document made it clear that any non-uniformity that occurs during the generation of these digital signature nonce can show information about the private key. With enough signatures, hackers can calculate private keys to drain the user's wallet.
Vulnerability is a cause for concern?
According to the report, most cryptocurrency users do not have to worry about vulnerabilities. Vulnerabilities can be exploited only if the digital signature code is blocked. There will be no security breaches as long as developers use the right techniques. These vulnerabilities can be exploited only when specific implementations are implemented.
This kind of attacks will be difficult for hackers because they are not profitable. They can not take advantage of the launch of such an attack because of the amount of time, computational power and electricity they need to move forward. This does not mean that they will not add this new method of attack to their arsenal.