Bitcoin Forum
June 20, 2019, 08:11:37 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Vulnerabilities in ECDSA  (Read 1085 times)
joecooin
Sr. Member
****
Offline Offline

Activity: 363
Merit: 250


View Profile WWW
April 25, 2014, 08:52:14 AM
 #1

Here may be the explanation for some of these cases of "My Bitcoins have dissappeared from my XXX-Wallet" for which no explanation has been found so far.

And maybe some devs want to analyse the claims made in this paper before it hits the media as I can already imagine the headlines it will create.

Quote
ECDSA, like DSA, has the property that poor randomness used
during signature generation can compromise the long-term signing key. We found several cases
of poor signature randomness used in Bitcoin, which can allow (and has allowed) attackers to
steal money from these clients.

From:
http://eprint.iacr.org/2013/734.pdf

Joe





1561061497
Hero Member
*
Offline Offline

Posts: 1561061497

View Profile Personal Message (Offline)

Ignore
1561061497
Reply with quote  #2

1561061497
Report to moderator
1561061497
Hero Member
*
Offline Offline

Posts: 1561061497

View Profile Personal Message (Offline)

Ignore
1561061497
Reply with quote  #2

1561061497
Report to moderator
1561061497
Hero Member
*
Offline Offline

Posts: 1561061497

View Profile Personal Message (Offline)

Ignore
1561061497
Reply with quote  #2

1561061497
Report to moderator

0% MINING FEES FOR THE NEXT MONTH. GET PAID IN BTC, ETH, XMR or RVN.

www.cudominer.com Learn More
Easily run CudoOS from a USB flash drive.
Designed for rigs. Manage your mining remotely from Cudo Console.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile WWW
April 25, 2014, 08:59:46 AM
 #2

Not news. Bitcoins have been stolen, but from completely broken random generators, and by people making their own private key with stupid algorithms.

Here's a thread with lots of conversation for you to read:
https://bitcointalk.org/index.php?topic=419259.0
Pente
Hero Member
*****
Offline Offline

Activity: 501
Merit: 500



View Profile WWW
April 25, 2014, 09:11:18 AM
 #3

If you are really worried about it, keep the majority of your coins in address(es) that has never been used before to send coins.

bitcatch
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
April 25, 2014, 09:16:38 AM
 #4

If you are really worried about it, keep the majority of your coins in address(es) that has never been used before to send coins.
That doesn't help if your priv key was generated with poor random numbers generator. The vulnerability isn't in ECDSA, it's in some random number generators.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile WWW
April 25, 2014, 09:48:09 AM
 #5

You will read that even with the stupidest random number generator, address reuse was required due to the dual-layer protection of both ECDSA and RIPEMD160 and SHA256 hashes. It appears you are here to troll rather than to learn though.
bitcatch
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
April 25, 2014, 07:21:33 PM
 #6

You will read that even with the stupidest random number generator, address reuse was required due to the dual-layer protection of both ECDSA and RIPEMD160 and SHA256 hashes. It appears you are here to troll rather than to learn though.
Hashing of public key can't protect you, if somebody accidentally generates one of your priv/pub keypairs due to poor randomness.
Avoiding address reuse protects you against potential vulnerabilities in ECDSA, but it can't protect you if somebody just finds one of your privkeys.
odolvlobo
Legendary
*
Offline Offline

Activity: 2534
Merit: 1328



View Profile
April 25, 2014, 11:38:18 PM
Last edit: April 26, 2014, 12:19:36 AM by odolvlobo
 #7

Here may be the explanation for some of these cases of "My Bitcoins have dissappeared from my XXX-Wallet" for which no explanation has been found so far.
And maybe some devs want to analyse the claims made in this paper before it hits the media as I can already imagine the headlines it will create.
Quote
ECDSA, like DSA, has the property that poor randomness used
during signature generation can compromise the long-term signing key. We found several cases
of poor signature randomness used in Bitcoin, which can allow (and has allowed) attackers to
steal money from these clients.
From:
http://eprint.iacr.org/2013/734.pdf
Joe

The flaw discussed in the paper was found and fixed many months ago. It was a flaw in the Android operating system and not in ECDSA, the Bitcoin protocol or any Bitcoin software.

Buy stuff on Amazon at a discount with bitcoins or convert Amazon points to bitcoins: Purse.io
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
p2pbucks
Hero Member
*****
Offline Offline

Activity: 654
Merit: 500


Evolution is the only way to survive


View Profile
April 26, 2014, 12:06:07 AM
 #8

Use unique btc address , problem solved  Grin
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!