Researchers recently identified vulnerabilities in cryptographic signatures for Bitcoin, Ethereum, and Ripple, that allowed attackers to calculate private keys and, consequently, steal any crypto in that wallet. In total, the researchers calculated hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys using this unique form of cryptanalytic attack.
In the paper Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies, researchers utilize a method to calculate private keys by analyzing Bitcoin signatures. The researchers were also able to apply these techniques to Ethereum and Ripple.
That said, these vulnerabilities only occur in edge cases where code is not implemented by developers properly, or likely occurred because of faulty multi-signature hardware. The research emphasizes the resiliency of the cryptographic schemes used by cryptocurrencies, as well as highlights the importance of proper implementation.
Background on Research
Whenever crypto holders make a transaction, they are required to create a cryptographic signature using an elliptic curve digital signature algorithm (ECDSA). In this algorithm, the software comes up with an arbitrary number that is used just once for communication—this number is called a nonce.
It is critical that the software signs each transaction with a different nonce, otherwise hackers can (rather easily) find and calculate the signers’ private key. There is even evidence that hackers continuously monitor the blockchain for these kinds of repeated nonces, extracting money from compromised keys.
What’s less well-known is that attackers can calculate keys from signatures that use different, but similar nonces. For example, if nonces have characters that are similar at the beginning of the signature, or if the nonce has characters that are similar at the end of a signature,