Bitcoin 0Day Discovers Only $54 Worth of Bitcoin, $14 XRP and 0.00002 ETH Are Vulnerable

32w
3m read
Summary

What seems to be new is to analyze the blockchain for biased nonces: Nonces that have *not* been repeated, but that are biased in one way or another. However Matthew Green, a cryptography professor at John Hopkins, says: “Dropping the Bitcoin 0day,” in reference to the paper. Potential problems with address, thus private key, reuse have been known since forever. The problem appears to be some faulty set-up in hardware, multi-sig, or perhaps a custom hand coded design that generates a not very random number (nounce) when signing with the same private key twice or more. Asked whether this is really a 0day, Breitner told Trustnodes: “It wasn’t us that called it a 0day.

Article Preview

Crypto researchers have discovered what they claim is a previously unknown vulnerability in digital signatures which happens to affect only $54 worth of bitcoin out of its circa $70 billion market cap.

The problem appears to be some faulty set-up in hardware, multi-sig, or perhaps a custom hand coded design that generates a not very random number (nounce) when signing with the same private key twice or more. In giving a summary, Joachim Breitner, one of the researchers, says:

“When you create a cryptographic signatures using ECDSA (the elliptic curve digital signature algorithm), you need to come up with the nonce, a 256 bit random number. It is really important to use a different nonce every time, otherwise it is easy for someone else to take your signatures (which might be stored for everyone to read on the Bitcoin blockchain) and calculate your private key using relatively simple math,...

Read the full article @ TrustNodes