[2020-07-01] Researcher Says Bitcoin’s Elliptic Curve Could Have a Backdoor

[peterurb]

A Bitcoin public key is created by applying elliptic-curve cryptography to the private key. One can easily create a public key from the private key, but it is impossible to go in the reverse direction. Unless, of course, Bitcoin?s elliptic curve is compromised. Many crypto experts have noticed that Bitcoin?s choice of secp256k1 elliptic curve was unusual for its time, as it was not yet well researched.

More: https://cointelegraph.com/news/this-researcher-says-bitcoins-elliptic-curve-could-have-a-secret-backdoor

[1714476593]

1714476593

[o_e_l_e_o]

What absolute clickbait nonsense. A typical absolutely piece of trash "article" from CoinTelegraph written by someone who doesn't understand the words they are using.

The headline "Bitcoin’s Elliptic Curve Could Have a Backdoor" is the exact opposite of what the researcher quoted in the article actually says:

Although the Secp256r1 curve was announced to be randomly selected, there could still exist some suspicion that some backdoor might be secretly set up in the curve parameters. In contrast, the Koblitz curve parameters are mathematically determined, and there is little possibility for setting such a backdoor.

Bitcoin uses the secp256k1 Koblitz curve, not the secp256r1 random curve.

The author also writes the following:

Bitcoin Core developer Wladimir van der Laan told Cointelegraph that he does not know why Satoshi chose this particular curve. He also noted that if someone has discovered a vulnerability, they have not stepped forward to announce it:

“I have no idea why Satoshi chose this particular curve, they have provided no rationale anywhere (it seems, in hindsight, to have been a fairly good choice though). Even if Secp256r1 has a vulnerability, no one has stepped forward yet to announce their discovery.

If that quote is accurate, van der Laan is referring to vulnerabilities in the secp256r1 curve which is not used in bitcoin, not the secp256k1 curve which is used. It seems the author of this article doesn't understand that they are two different things.

0/10. Would not read again.

[Carlton Banks]

The author also writes the following:

Bitcoin Core developer Wladimir van der Laan told Cointelegraph that he does not know why Satoshi chose this particular curve. He also noted that if someone has discovered a vulnerability, they have not stepped forward to announce it:

“I have no idea why Satoshi chose this particular curve, they have provided no rationale anywhere (it seems, in hindsight, to have been a fairly good choice though). Even if Secp256r1 has a vulnerability, no one has stepped forward yet to announce their discovery.

If that quote is accurate, van der Laan is referring to vulnerabilities in the secp256r1 curve which is not used in bitcoin, not the secp256k1 curve which is used. It seems the author of this article doesn't understand that they are two different things.

it also appears that either Wladimir has forgotten an important fact, or the quote (or the article itself) is incredibly old, because...

...gmaxwell disclosed a vulnerability in the secp256r1 curve, here on bitcointalk, a very very long time ago

but Bitcoin has never used the secp256r1 curve, so, whatever Cointelegraph

[cr1776]

A Bitcoin public key is created by applying elliptic-curve cryptography to the private key. One can easily create a public key from the private key, but it is impossible to go in the reverse direction. Unless, of course, Bitcoin?s elliptic curve is compromised. Many crypto experts have noticed that Bitcoin?s choice of secp256k1 elliptic curve was unusual for its time, as it was not yet well researched.

More: https://cointelegraph.com/news/this-researcher-says-bitcoins-elliptic-curve-could-have-a-secret-backdoor

It is not quite as bad, but you often see similar things in medical research.  The people doing it don't understand the math and then screw up the analysis.  

This, though, is much worse since it is like saying "Researcher says true could be false."  It is absolute nonsense, but many of these "publications" seem to have the goal solely of creating clickbait content.

The worst thing is the author holds himself out as an expert and is teaching classes about "blockchain":
"Michael lives in New York. He has been working in the blockchain space since 2015, founding, advising, speaking and writing. He currently teaches a blockchain course that he designed for MBA and master’s students at Pace University, and he mentors startups at the Columbia University-IBM Blockchain Accelerator."

His students need at least a partial refund.

[buwaytress]

I love discussions about backdoors that Bitcoin don't even have. Well done indeed, CT.

This bitcointalk user says Bitcoin keys could be discovered by monkeys clacking on a keyboard would have been a far more accurate article, and definitely far more interesting. Waiting for my interview request.

[Carlton Banks]

Can you share the post? I tried search, but all i found is suspicious against default recommended seed.

I didn't have time to find the post, but I remember gmaxwell posting something about a vulnerability in the (NIST recommended ) secp256r1 curve, and it may well have been a questionable seed value. Maybe someone could make a thread about this, it might be good to clarify this given the time elapsed since then.

[Kakmakr]

Let's ignore the fact that the author of this article is clueless for one moment and just look at the logic behind this. If there was some kind of vulnerability, would someone not have exploited it already? People would have reported this on social media and gmaxwell and those guys would have pulled it apart by now.

Do anyone else know what Alt coins are using secp256r1 random curve... if any? or are they all using the same protocol, just a different token?