InfoSec Seminar: Bad randoms, key management and how to steal bitcoins

Speaker: Dr Nicolas Courtois

Date/Time: 26-Feb-2015, 16:00 UTC

Venue:

Details

Abstract

In this talk we study new "combination" attacks which occur in bitcoin system which use the main bitcoin BIP032 key management standard AND when bad randoms are generated by users during the ECDSA signature generation process. We show a number of attack scenarios where private keys can be easily recovered for potentially much larger number of accounts than any previously known attack, typically leading to recovery of ALL private keys in one security domain, regardless whether they have been involved with any bad random events. In some cases it is also possible to recover private keys from domains where BIP032 is not used at all, and it is also possible to recover keys when no identical randoms occur at all, however random numbers are shifted by an offset. Maths in this talk are elementary: prime numbers and modulo.

This page was last modified on 27 Mar 2014.