Digital cryptocurrency signatures: vulnerability in Bitcoin, Ripple and Ethereum digital signatures discovered by researchers

January 13, 2019 Ethereum



[ad_1]

cryptocurrency
Some researchers have just reported vulnerabilities in cryptographic signatures for Ethereum, Bitcoin and Ripple. These vulnerabilities allow attackers to calculate private keys and steal cryptocurrencies from a given portfolio. The researchers were able to calculate hundreds of Bitcoin private keys but dozens of private Ripple, Ethereum, HTTPS, and SSH keys using this cryptanalytic attack.

Reticle attacks against weak ECDSA signatures

According to the paper published by the researchers, it is possible to obtain private keys by analyzing the signatures of Bitcoin, Ethereum and Ripple. This vulnerability only occurs in borderline cases where the code is not implemented correctly by the developers. It can also occur when there is a failure in multi-signature hardware.

The document underlines the resilience of cryptographic schemes used by cryptocurrencies and also emphasizes the importance of correct implementation.
Whenever a cryptocurrency holder makes a transaction, he must create a digital signature with an elliptic curve algorithm. The software opens with an arbitrary number that can be used only once for communication. The arbitrary number is called nonce.

The software will have to sign each transaction with a single nonce. Otherwise, hackers will be able to calculate the signer's private key and steal as many tokens as possible. The researchers also found that hackers can continue to monitor a blockchain for repeated nonce to extract money from compromised keys. They can calculate private keys from signatures that have similar similarities.

Bitcoin (BTC) Price today – BTC / USD

The authors of the document are Dr. Nadia Heninger, associate professor of computer science at the University of California and Joachim Breitner, senior researcher at DFINITY. The vulnerability was as scholarship holders:

"The ECDSA digital signature algorithm must generate a random number of each signature.The number is called nonce.Note that this nonce is different from that used in the extraction of cryptocurrency.We have exploited the nonce vulnerabilities that are they were implementations that generated much shorter values ​​than they should be.Some values ​​shared the least significant bits. "

Using lattices, an advanced form of mathematics, the researchers were able to decipher some portfolio addresses and find private keys:

"Lattice algorithms allow us to find solutions to systems that are constrained by linear equations.There are many cryptanalytic techniques that already use lattice algorithms as constitutive elements."

The document made it clear that any non-uniformity that occurs during the generation of these digital signature nonce can show information about the private key. With enough signatures, hackers can calculate private keys to drain the user's wallet.

Vulnerability is a cause for concern?

According to the report, most cryptocurrency users do not have to worry about vulnerabilities. Vulnerabilities can be exploited only if the digital signature code is blocked. There will be no security breaches as long as developers use the right techniques. These vulnerabilities can be exploited only when specific implementations are implemented.

This kind of attacks will be difficult for hackers because they are not profitable. They can not take advantage of the launch of such an attack because of the amount of time, computational power and electricity they need to move forward. This does not mean that they will not add this new method of attack to their arsenal.

[ad_2]
Source link

Tags

Designed by Tricksfast Solutions
© Copyright 2024, All Rights Reserved