Vulnerabilities In Bitcoin, Ripple, And Ethereum Digital Signatures Discovered By Researchers

Some researchers have just reported vulnerabilities in cryptographic signatures for Ethereum, Bitcoin and Ripple. These vulnerabilities allow attackers …
cryptocurrency


Some researchers have just reported vulnerabilities in cryptographic signatures for Ethereum, Bitcoin and Ripple. These vulnerabilities allow attackers to calculate private keys, and steal cryptocurrencies from a given wallet. The researchers were able to calculate hundreds of Bitcoin private keys but dozens of Ripple, Ethereum, HTTPS, and SSH private keys using this cryptanalytic attack.


Lattice Attacks Against Weak ECDSA Signatures

According to the paper published by the researchers, it is possible get private keys by analyzing Bitcoin, Ethereum and Ripple signatures. This vulnerabilities only occur in edge cases where the code isn’t implemented properly by developers. It can also occur when there is a fault in the multi-signature hardware.
The paper emphasizes on the resiliency of cryptographic schemes that are used by cryptocurrencies and also highlights the importance of proper implementation.

Each time a cryptocurrency holder makes a transaction, they will need to create a digital signature with an elliptic curve algorithm. The software pops up with an arbitrary number that can only be used once for communication. The arbitrary number is called a nonce.

The software will have to sign each transaction with a unique nonce. If not, hackers will be able to calculate the private key of the signer and steal as many tokens as possible. The researchers also found out that hackers can continue to monitor a blockchain for repeated nonces to extract money from compromised keys. They can calculate private keys from signatures that have similar nonces.


Bitcoin (BTC) Price Today – BTC / USD

Name Price 24H (%)

bitcoin
Bitcoin(BTC)

$3,619.16

The authors of the paper are Dr. Nadia Heninger, an associate professor of computer science in the University of California and Joachim Breitner, a senior researcher at DFINITY. The vulnerability was as fellows:

“The ECDSA digital signature algorithm needs to generate a random number of each signature. The number is called nonce. Note that this nonce is different from the one used in cryptocurrency mining. We exploited nonce vulnerabilities that were implementations that generated values that are much shorter than they should be. Some values shared the least significant bits.”


Using lattices, an advanced form of mathematics, the researchers were able to crack some wallet addresses and find private keys:


“Lattice algorithms allow us to find solutions to systems that are under constrained of linear equations. There are many cryptanalytic techniques that already use lattice algorithms as a building block.”


The paper made it clear that any non-uniformity that occurs during the generation of these digital signature nonces can show the private key information. With enough signatures, hackers can compute private keys to drain the users wallet.


Is The Vulnerability A Cause For Concern?


According to the report, the majority of cryptocurrency users need not worry about the vulnerabilities. The vulnerabilities can only be exploited if the digital signature code is bugged. There will be no security breaches as long as developers use the right techniques. These vulnerabilities can only be exploited when specific implementations are made.


These kind of attacks will be difficult for hackers because they are not cost effective. They may not profit from launching such an attack because of the amount of time, computational power and electricity they need to move forward. This doesn’t mean they will not add this new method of attack to their arsenal.

Unique Cryptanalytic Attack Used To Crack Private Keys of Cryptocurrencies

Vinny Lingham, CEO of Civic, on January 11, 2019, predicted that the cryptocurrency might fall below $3,000. Lingam states that the market would …

Vinny Lingham, CEO of Civic, onJanuary 11, 2019, predicted that the cryptocurrency might fall below $3,000.

Lingam states that the marketwould either breakdown or breakout. Bitcoin is trying to decide which way togo, therefore would trade sideways until the crypto finds a breakout orbreakdown direction.

On Thursday, within just a fewminutes Bitcoin shed $250 out of $4000. Thevolatility pattern of the Bitcoin took a new turn. The gains that were made earlier got canceledout. The price movements of Altcoinsreacted intensely to the price drop of Bitcoin. Almost all the cryptocurrenciesin the top twenty list by market capitalization shed 11.3% on Friday.

Recent research has identifiedthat hackers are using methods to calculate the private keys ofcryptocurrencies. They make use of a unique cryptanalytic attack.

However, these attacks occur onlyin cases where the developers have not executed their codes properly or in situationsthat involve faulty hardware that functions with multi-signature. Thosenetworks that are properly implemented do not suffer these attacks.

It so happens that anytime acrypto holder is involved in a transaction, they create a cryptographic signature.They make use of Elliptic Curve Digital Signature Algorithm (ECDSA). A nonce isgenerated by the algorithm. Thisarbitrary number is to be used for just once. It is important for the softwareto sign up with a different nonce each time otherwise hackers will be able tocalculate the private key of the signers.

Hackers continually monitor theblockchain watching for repeated nonces. Thus, they will be able to extractmoney from compromised keys. Hackers will be able to calculate the keys fromsignatures that make use of different signatures, but similar nonce. In cases,where the nonces have similar strings in the beginning and end of thesignatures then the hackers can exploit it.

The digital signature nonce isdifferent from the nonce used in the cryptocurrency mining process. The chancesfor exploitation of nonce are more when the values are very shorter than itshould be.

Lattice is an advancedmathematical approach that can be used to crack the wallet addresses toidentify the private keys. Several cryptanalytic techniques make use of thelattice algorithms as a building block.

This need not set most of thecryptocurrency users into a world of worry, because, a hack is possible onlywhen there is a bug in the digital signature code. The security scheme will be secure for aslong as it is executed according to the protocol and documented methods.The amount of time and electricity required forthis process is too high to make it profitable for attackers.

Researchers Find Vulnerability for Bitcoin, Ethereum, and Ripple Digital Signatures in Faulty …

In the paper Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies, researchers utilize a method to calculate …

Researchers recently identified vulnerabilities in cryptographic signatures for Bitcoin, Ethereum, and Ripple, that allowed attackers to calculate private keys and, consequently, steal any crypto in that wallet. In total, the researchers calculated hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys using this unique form of cryptanalytic attack.

In the paper Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies, researchers utilize a method to calculate private keys by analyzing Bitcoin signatures. The researchers were also able to apply these techniques to Ethereum and Ripple.

That said, these vulnerabilities only occur in edge cases where code is not implemented by developers properly, or likely occurred because of faulty multi-signature hardware. The research emphasizes the resiliency of the cryptographic schemes used by cryptocurrencies, as well as highlights the importance of proper implementation.

Background on Research

Whenever crypto holders make a transaction, they are required to create a cryptographic signature using an elliptic curve digital signaturealgorithm (ECDSA). In this algorithm, the software comes up with an arbitrary number that is used just once for communication—this number is called a nonce.

It is critical that the software signs each transaction with a different nonce, otherwise hackers can (rather easily) find and calculate the signers’ private key. There is even evidence that hackers continuously monitor the blockchain for these kinds of repeated nonces, extracting money from compromised keys.

What’s less well-known is that attackers can calculate keys from signatures that use different, but similar nonces. For example, if nonces have characters that are similar at the beginning of the signature, or if the nonce has characters that are similar at the end of a signature, then some big bad terrible thing will happen.

What the Researchers Say

CryptoSlate contacted both authors of the paper: Dr. Nadia Heninger is an associate professor of computer science at the University of California. Joachim Breitner, is a senior researcher at DFINITY. According to Dr. Heninger, the vulnerability was described as follows:

“The ECDSA digital signaturealgorithm requires generating a random number for each signature, which is often called a “nonce” (This is different from the nonces used in cryptocurrency mining). If these random values used in the signatures are not generated properly, in some cases, an attacker can compute the private signing keys. The types of nonce vulnerabilities that we exploited were implementations that generated values that were much shorter than they should have been, or values that shared most or least significant bits.”

And, using some advance math called lattices, the two were able to crack some of these wallet addresses and find the private keys:

“For the nerds in the audience, lattice algorithms allow us to find small solutions to underconstrained systems of linear equations. There are a number of crypotanalytic techniques that use lattice algorithms as a building block.”

As stated in the paper, any non-uniformity in the generation of these signature nonces can reveal private key information. Given a sufficient number of signatures, hackers can compute private keys and gain access to a user’s wallet and drain its funds.

Do Crypto Users Need to Worry?

According to Dr. Heninger and Breitner, the vast majority of cryptocurrency users need not worry:

“The only reason this would happen is if there is some type of bug in the digital signature code.”

Furthermore, as long as developers use the proper techniques and documented methods to ensure user security, the signature scheme is considered secure:

“As far as we know, ECDSA is a secure digital signaturealgorithm if implemented correctly. We concluded that these were not common implementations based on the fact that we only found a few thousand vulnerable signatures out of nearly a billion Bitcoin signatures that we examined.”

Furthermore, these vulnerabilities are only “specific to distinct implementations. Furthermore, the authors speculate that the faulty implementationn could possibly be a result of a few multifactor security devices:

“The mention of multifactor security is specific to the case of the signatures we found with 64-bit nonces on the Bitcoin blockchain. Nearly all of them were part of multisig addresses, which is not the usual case on the blockchain, hence our guess of the source. There has since been some further speculation about the specific implementation.”

Now, there are ways for developers to implement ECDSA without the vulnerabilities described in the paper, even for hardware devices. According to Breitner:

“The official blockchain clients get their crypto right… since 2016, the Bitcoin client uses deterministic signatures (RFC6979) which completely removes the need for randomness in the process [eliminating the possibility of the kind of attack employed by the researchers]. If you are using non-standard libraries, or if you write your own crypto routines… you should make sure that these use RFC6979. This is even more important on embedded devices or hardware tokens where a good source of randomness might be hard to come by.”

Profitable for Attackers?

Ultimately, these kinds of attacks are not cost-effective given the amount of time, electricity, and computational power needed to conduct them—even with this new tool added to their arsenal:

“Given that attackers are already exploiting other cryptographic vulnerabilities to compromise wallets, it seems likely that this will be added to their arsenal. However, if one has to pay for the computing time to do the computation, it is probably not a cost-effective attack given the balances that we found associated with vulnerable keys.”

At the end of the day, the research reassures cryptocurrency users that the cryptography underlining Bitcoin and other digital currencies is sound. With tens of thousands of people scrutinizing the underlying code for these systems, it is a testimony that the core security schemes, if used properly, still adequately protect the user—for now.

Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.

Disclaimer: Our writers’ opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Did you like this article? Join us.

Get blockchain news and crypto insights.

Follow @cryptoslateJoin Us on Telegram

Related Posts:

  • No Related Posts

What the ‘Meltdown’ and ‘Spectre’ CPU Flaws Mean for Cryptocurrency

Pavol Rusnak, CTO of SatoshiLabs, the company behind Trezor, went as far as to argue “Using a [hardware] wallet is now more important than ever!” While ethereum developer Lefteris Karapetsas quipped, “I bet Spectre and Meltdown is the best thing that could have happened for cryptocurrency cold …

Recently leaked computer vulnerabilities Meltdown and Spectre offer yet another reminder of how hard the digital age makes it to keep private information – even cryptocurrency private keys – safe.

Unveiled Wednesday, the widespread hardware vulnerabilities simultaneously impact Intel, ARM and AMD computer chips, which power the vast majority of the world’s computers, mobile devices and servers, making it possible to steal private data such as passwords, financial information or just about anything stored on any device that uses one of these chips.

Where this is important for cryptocurrency in particular is, hackers can potentially use the specific attack vector to pinch the private keys that allow users to control their bitcoins on the blockchain.

Popular Mechanics called it a “horrific” bug, contending it’s “hard to zero in on the most troubling part of this flaw,” while an informational page authored by security researchers remarks that you’re “most certainly” impacted by the bug.

And though there’s no evidence that any passwords have been compromised, experts say it wouldn’t be surprising if hackers or the NSA have been exploiting the attack.

If you’re already following best practices for cryptocurrency storage, then you’re probably fine. But if not, or if you’re a newer user, experts say it’s important to keep private keys on a safe device.

“Better safe than sorry,” said Bitcoin Core developer Bryan Bishop told CoinDesk, adding:

“An attacker who has knowledge of a sufficiently powerful vulnerability can theoretically force your CPU to reveal secret data such as private keys used to control your bitcoin.”

Attack vectors

It’s important to note that the advice to store private keys on a secure device is nothing new. (Crypto developers have long warned against storing private keys on laptops or other devices that interact with the internet.)

But the reasons why might not be obvious for newer users. Even though bitcoin and other cryptocurrencies are secure protocols, they must interact with the open internet and regular computers. In short, storing private keys so close to the internet can potentially expose users to hacks and theft.

And the new CPU vulnerabilities make the situation even worse, as a chain of actions can lead to error and compromise.

“If the protected memory problem is real, then a browser plugin or even a website may access your private keys,” said Bitcoin Core contributor Jonas Schnelli.

The full details of the issue aren’t yet public, so it’s unclear what the precise attack vectors are. Still, others suggested a similar impact could be likely.

“To get hit by this attack, all you would have to do is click a link by accident and maybe you end up on a website that serves a bad ad with the malware code that steals your data,” Bishop added.

And while these scenarios might sound far-fetched, most of today’s malware pry on similar vulnerabilities that have yet to be patched. It’s just impossible to know who and when they’ll actually hit.

Operating system fixes are now available that users should use to patch up their Windows, Mac, and Linux devices. But, for cryptocurrency users, the better option is not to store private keys on an internet-connected device at all, a recommendation common far before this particular vulnerability.

One option is to store private keys on a so-called “hardware wallet,” such as Ledger or Trezor. The small devices might not be quite as easy to use, but they are more secure in that their not connected to the internet.

Pavol Rusnak, CTO of SatoshiLabs, the company behind Trezor, went as far as to argue “Using a [hardware] wallet is now more important than ever!” While ethereum developer Lefteris Karapetsas quipped, “I bet Spectre and Meltdown is the best thing that could have happened for cryptocurrency cold wallet businesses.”

Exchange treasure troves

Beyond solo consumer devices, a much bigger, more worrying target is cryptocurrency exchanges and businesses, which store cryptocurrency private keys for millions of users at once.

Some cryptocurrency exchanges use cloud hosting services such as Amazon Web Services and Google Cloud to run their websites, rather than spin up their own servers.

While these platforms make websites easier to manage, they are particularly vulnerable to these attacks. A hacker could theoretically spin up a server using the same hardware as a cryptocurrency startup running operations on such a cloud platform and suddenly have access to all of their data.

In the crypto world, a hacker could hypothetically use this attack vector to steal private keys.

On the one hand, many of the most popular cloud platforms quickly unrolled fixes. On the other hand, researchers worry that deep-rooted vulnerabilities could spawn unfixed variants, with possible lingering effects to come.

Bitcoin in the dark image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Interested in offering your expertise or insights to our reporting? Contact us at news@coindesk.com.

Related Posts: