The research area of the digital security company Kudelski Security has found a new way to find private keys that can give access to bitcoins only using the blockchain of the cryptocurrency itself.
In this post we will describe the basics of how bitcoin works, how the attack was carried out and the measures to protect yourself from it.
Understanding the Bitcoin System
To understand the new attack, we need to know that Bitcoin uses a digital signature system composed of a public and private key pair, which proves who can spend the bitcoins of the public key (bitcoin address) without revealing the private key.
If you want to better understand how the idea of public-private keys works, watch this 4-minute video:
Only someone with the correct private key can generate a valid signature capable of unlocking bitcoins and sending them to another public key.
A digital signature used is made up of a hash of what is to be signed, a number random called nonce and the private key. The idea is that you sign without revealing your private key and everyone knows that this signature is valid for your public key.
A known weak point of this type of signature is the nonce, if it is used repeatedly it is possible to discover the user’s private key.
The attack to discover a private-key
The attack uses the idea that it is possible to find the private keys even of non-repeating signatures.
This is due to random number generators. Random number generators are often not as random and can create observable deterministic relationships.
In weak implementations of bitcoin wallets, the relationship can be easily observed. Therefore, each time a signature is created, the easier it is to observe the relationship in the simplest number generators.
The group downloaded the entire Bitcoin blockchain, extracted the signatures and discovered some interesting numbers;
Of the 424 million public keys, 390 million (92%) produced only 1 signature, 18 million three, 12 million at least 4 and some keys had more than 200 thousand signatures (probably from exchanges).
The attackers were able to discover access to 773 unique wallets, including wallets with problematic implementations by repeating the nonce.
The total amount of theoretical bitcoins that were vulnerable at some point (passed through these wallets) is 484 BTC or approximately $31 million at the cryptocurrency’s peak value.
To carry out this attack they spent only 285 dollars or R$1,510.50 and 48 hours between downloading the blockchain, extracting the information and starting the attack.
Should I be concerned about the security of my Bitcoins?
You should always be concerned about the security of your bitcoins. However, for this attack to work, the wallet you use must implement poor cryptographic practices.
“In simpler words, what our attack means is that every time a signature… is generated, the signature itself gives us a relationship between the nonce and the private key.
If the nonces are truly randomly generated, this should never be a problem, because the chance that a randomly chosen number of nonces will fit in a low-degree polynomial recurrence relation is negligibly small.” – says the survey.
That is, wallets from renowned developers such as Bitcoin Core, Samourai Wallet, Trezor and many others are concerned with the most basic aspects that would open up this type of attack.
In other words, if you use major bitcoin wallets, you can rest assured about this type of attack.
Want to understand more about the attack, below are the references used to build the article:
Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears
ECDSA Weakness Where Nonces Are Reused
Badly implementing encryption: Part V–nonce reuse