Vulnerabilities In Bitcoin, Ripple, And Ethereum Digital Signatures Discovered By Researchers


Some researchers have just reported vulnerabilities in cryptographic signatures for Ethereum, Bitcoin and Ripple. These vulnerabilities allow attackers to calculate private keys, and steal cryptocurrencies from a given wallet. The researchers were able to calculate hundreds of Bitcoin private keys but dozens of Ripple, Ethereum, HTTPS, and SSH private keys using this cryptanalytic attack.

Lattice Attacks Against Weak ECDSA Signatures

According to the paper published by the researchers, it is possible get private keys by analyzing Bitcoin, Ethereum and Ripple signatures. This vulnerabilities only occur in edge cases where the code isn’t implemented properly by developers. It can also occur when there is a fault in the multi-signature hardware.

The paper emphasizes on the resiliency of cryptographic schemes that are used by cryptocurrencies and also highlights the importance of proper implementation.
Each time a cryptocurrency holder makes a transaction, they will need to create a digital signature with an elliptic curve algorithm. The software pops up with an arbitrary number that can only be used once for communication. The arbitrary number is called a nonce.

The software will have to sign each transaction with a unique nonce. If not, hackers will be able to calculate the private key of the signer and steal as many tokens as possible. The researchers also found out that hackers can continue to monitor a blockchain for repeated nonces to extract money from compromised keys. They can calculate private keys from signatures that have similar nonces.

Bitcoin (BTC) Price Today – BTC / USD
NamePrice24H %

The authors of the paper are Dr. Nadia Heninger, an associate professor of computer science in the University of California and Joachim Breitner, a senior researcher at DFINITY. The vulnerability was as fellows:

“The ECDSA digital signature algorithm needs to generate a random number of each signature. The number is called nonce. Note that this nonce is different from the one used in cryptocurrency mining. We exploited nonce vulnerabilities that were implementations that generated values that are much shorter than they should be. Some values shared the least significant bits.”

Using lattices, an advanced form of mathematics, the researchers were able to crack some wallet addresses and find private keys:

“Lattice algorithms allow us to find solutions to systems that are under constrained of linear equations. There are many cryptanalytic techniques that already use lattice algorithms as a building block.”

The paper made it clear that any non-uniformity that occurs during the generation of these digital signature nonces can show the private key information. With enough signatures, hackers can compute private keys to drain the users wallet.

Is The Vulnerability A Cause For Concern?

According to the report, the majority of cryptocurrency users need not worry about the vulnerabilities. The vulnerabilities can only be exploited if the digital signature code is bugged. There will be no security breaches as long as developers use the right techniques. These vulnerabilities can only be exploited when specific implementations are made.

These kind of attacks will be difficult for hackers because they are not cost effective. They may not profit from launching such an attack because of the amount of time, computational power and electricity they need to move forward. This doesn’t mean they will not add this new method of attack to their arsenal.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.