GPN20:Lattice Attacks on Ethereum, Bitcoin, and HTTPS

aus dem Wiki des Entropia e.V., CCC Karlsruhe
Zur Navigation springenZur Suche springen

Ein Vortrag von Joachim Breitner auf der GPN20.

The ECDSA signature scheme, which is used in Bitcoin, Ethereum and others, requires a fresh secret number, the 'nonce', for each signature. When this number is not generated uniformly at random, the security of the signature is in danger, and the private key may be recovered from the signatures, using a lattice-based algorithm.

In this talk, we have a brief look at the math behind elliptic curve signatures and how to break the encryption when the “random nonce” isn't really random. Nadia Heninger and Joachim Breitner ran ran these attacks against some blockchains and not only found vulnerable implementations, but could even find traces of bad programming by malicious parties out there.

To make the talk suitable for Friday night, we'll skip all the math and go directly to the entertaining facepalm stories.