Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies
We compute hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys by carrying out cryptanalytic attacks against digital signatures contained in public blockchains and Internet-wide scans. The ECDSA signature algorithm requires the generation of a per-message secret nonce. This nonce must be generated perfectly uniformly, or else an attacker can exploit the nonce biases to compute the long-term signing key. We use a lattice-based algorithm for solving the hidden number problem to efficiently compute private ECDSA keys that were used with biased signature nonces due to multiple apparent implementation vulnerabilities.
Nadia Heninger is an associate professor in Computer Science and Engineering at the University of California, San Diego. Her research focuses on applied cryptography and security, particularly cryptanalysis of public-key cryptography in practice. She is the recipient of a 2017 NSF CAREER award, and her research has won best paper awards at CCS 2016, CCS 2015, Usenix Security 2012, and a best student paper award at Usenix Security 2008. Previously, she was an assistant professor at the University of Pennsylvania. She received her Ph.D. in computer science in 2011 from Princeton and spent time as a postdoc at UC San Diego and Microsoft Research New England.
Host: Professor Berk Sunar