Article

ECDSA weak randomness in Bitcoin

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Due to insufficient randomness in ECDSA, the report found that there was 158 such public address that used a nonce for more than one sign generation [48]. Wang et al. [83] analysed bitcoin transactions from the start date to July 2017. They noticed 0.48 per cent of transactions involve the reuse of nonce more than once. ...
... Because of observing the pattern, it is predicted that the user may experience the same problem in the future. Analysis over it shows an awful pattern: the number of ECDSA reuse nonce values in transactions increases over time [66,70,83]. Wuille [103] identifies many ways to modify the signature and then exploit malleability attacks in his bitcoin improvement proposal (BIP). ...
... RFC 6979 plays a vital role in Bitcoin wallet security. Since Bitcoin is decentralized in nature, it is difficult to follow the update by all Bitcoin users and developers [83,104]. Also, Mollajafari talks about two preventive techniques for weak randomness but remains an issue that can lead to centralisation risks [105]. ...
Research
Full-text available
This study systematically reviews the literature to bring about the state-of-the-art to determine the possible factors, aspects, and causes of the endpoint vulnerabilities with some mitigation countermeasures. Several recent studies were selected to mine the endpoint vulnerability information and focus on the pertinent issues. The major revelation is the lack of user knowledge, insufficient security mechanism, no security layer other than authentication, keylogger malware behind endpoint vulnerability exploitation. It explains the various factors and root causes of endpoint vulnerabilities and provides a relation between the endpoint and its attribute/components.
... Wang et al. [11] Securing bitcoin block additions through random seed ...
... Choi et al. [9] proposed a system to generate random [10] proposed a random lotterybased smart contract scheme that ensures winning sequences for game players to be generated fairly. Wang et al. [11] reviewed the bitcoin transaction having vulnerability because of weak randomness.To overcome the same, Datta et al. [12] proposed a secure pseudo-random generation scheme on pointbased GF(p) encryption for collusion attacks. However, the time-complexity of determining a set of GF(p) over arbitrary polynomial curves is exponential, rendering the approach nonscalable. ...
... Extract (v w ,M g ab ) 11: ...
Article
In modern decentralized Internet-of-Things (IoT)-based sensor communications, pseudo noise-diffusion oracles are heavily investigated as random oracles for data exchange among peer nodes. As these oracles are generated through algorithmic processes, they pass the standard random tests for finite and bounded intervals only. This ensures a false sense of privacy and confidentiality in exchange through open protocol IoT-stacks in public channels i.e. Internet. Recently, blockchain (BC)-envisioned random sequences as input oracles are proposed about financial applications, and windfall games like roulette, poker, and lottery. These random inputs exhibit fairness, and non-determinism in SC executions termed as probabilistic smart contracts (PSC). However, the IoT-enabled PSC process might be controlled and forged through humans, machines, and bot-nodes through physical and computational methods. Moreover, dishonest entities like contract owners, players, and miners can coordinate together to form collusion attacks during consensus to propagate false updates, which ensures forged block additions by miners in BC. Motivated by these facts, in this paper, we propose a BC-envisioned IoT-enabled PSC scheme, SaNkhyA, which is executed in three phases. In the first phase, the scheme eliminates colluding dishonest miners through the proposed miner selection algorithm. Then, in the second phase, the elected miners agree through the proposed consensus protocol to generate a stream of random bits. In the third phase, the generated random bit-stream is split through random splitters and fed as input oracles to the proposed PSC among participating entities. In simulation, the scheme ensures a trust probability of 0.38 even at 85% collusion among miners and has an average block processing delay of 1.3 seconds compared to serial approaches, where the block processing delay is 5.6 seconds, thereby exhibiting improved scalability. The overall computation and communication cost is 28.48 milliseconds , and 101 bytes, respectively that indicates the efficacy of the proposed scheme compared to the traditional schemes.
... 110 Bos et al. 111 found that 158 public addresses used nonce more than once for signature. Wang et al. 112 analyzed bitcoin transactions from Jan 2009 to July 2017 to reveal that 0.48 percent of transaction involved reusability of nonce value. As a result, 1331 private keys were cracked. ...
... The number of ECDSA nonce value reuse in transactions has increased over time. 5,112,113 Therefore, the insufficient randomness in ECDSA leads to the reuse of nonce value, vulnerable signature and flawed key generation. These factors lead to the compromise of the private key and hence the wallet. ...
Research
Blockchain technology has gained significant attention and adoption due to its decentralized nature, and promising secure and immutable transactions. The interpretation of Blockchain's components has been presented in an innovative manner, illustrating the features they enable or manage. However, its networks do not appear so immune to vulnerabilities like any other technological system. Among the typical weaknesses, endpoint vulnerabilities refer to weaknesses in the endpoints that interact with the blockchain network. They pose a significant risk to the security and integrity of the entire system. These vulnerabilities can affect blockchain networks including smart contract vulnerabilities, wallet vulnerabilities, and communication vulnerabilities. In view of the absence of any viable taxonomic description and associated value, we attempted a novel comprehensive classification of endpoint vulnerabilities. The proposed taxonomy is designed to logically categorize and classify the various endpoint vulnerabilities through a pictorial representation. It encompasses wallet vulnerabilities, malware, cryptojacking and human negligence. Additionally, this paper proposes a novel approach to mapping endpoint vulnerabilities to the blockchain abstract layer. It gives a unique way to study the vulnerabilities and layers' relation. Finally, the corresponding violated principles behind the vulnerabilities have been identified and indicated. By providing a structured taxonomy of endpoint vulnerabilities, this paper aims to enhance the understanding of the security challenges associated with blockchain applications. By understanding and addressing the taxonomy of endpoint vulnerabilities, blockchain practitioners and researchers can enhance blockchain networks' overall security and trustworthiness, paving the way for broader adoption and utilization of this transformative technology. It may have implications in terms of identifying, linking, developing control, and finally mitigating endpoint vulnerabilities in the rapidly changing environment.
... Since reusing random numbers is not cryptographically secure, it belongs to ECDSA weak randomness. ECDSA weak randomness exploitations can reveal a user's private key [4]. The leakage of user's private key leads to money theft on Bitcoin wallet [5]. ...
... (2020), by using RFC 6979, the possibility of reusing random numbers still exists. It implies that ECDSA weak randomness exploitations cannot be avoided completely [4]. Therefore, it is needed to modify the ECDSA algorithm. ...
... After calculating (r, s), you need to use the DER international encoding scheme to serialize it into a hexadecimal format. 4. Parse the DER string to get s, r, v in the signature. ...
... Bitcoin's weak random number problem was discovered and solved in 2013, but it has not received enough attention. For example, an affected address leaked in April 2014 was still in use in August 2017 [4] . Therefore, regarding the use of ECDSA on the Bitcoin blockchain, developers still need to pay attention to real-time technology and make more secure products. ...
Article
Full-text available
p>This paper mainly discusses the use of signature in the transaction process under the background of Bitcoin blockchain. At the beginning, the paper presents the way and principle of Bitcoin transaction. In order for receiver B to trust the source of the transaction, the message needs to be signed. ECDSA algorithm is applied to the signature in the process of transaction. Then it describes the introduction of ECDSA signature, the process of signature generation and verification, and the application of ECDSA in Bitcoin blockchain. Finally, the advantages of ECDSA are analysed. The weak random number problem of ECDSA still exists in the current blockchain development, which needs the attention of developers.</p
... Blockchain is essentially a new type of distributed database that integrates a series of emerging information technologies (Lin, 2023), including consensus mechanisms, encryption algorithms, network communication, and smart contracts. These technologies also contribute to the decentralization, transparency, traceability, and immutability of blockchain, which plays a significant role in finance (Puthiyidam et al., 2023;Wang et al., 2020), electronic cash (Jiarui et al., 2023), and the Internet of Things (IoT) (Mahajan and Junnarkar, 2023). In particular, the development of blockchain in cryptocurrency has made it a modern network technology (Zhang et al., 2022). ...
Article
Full-text available
Introduction Blockchain technology has attracted much attention due to its decentralization, transparency and security. Initially applied in the financial field, it has now expanded to various fields such as Internet of Things (IoT), electronic cash and healthcare. However, the open nature of blockchain has raised potential security concerns about sensitive transaction data, and the increasing number of transactions requires low-latency solutions. Most blockchain applications still rely on the lightweight Elliptic Curve Digital Signature Algorithm (ECDSA). Due to complex operations such as vectorized multiplication and modular inversion, this may introduce significant additional overhead. Methods To address these issues, a new scheme named KTP-ECDSA is proposed. This scheme is based on the improved two-parameter Elliptic Curve Digital Signature Algorithm (TP-ECDSA) and the KGLP algorithm. In both the signing and verification processes, this scheme eliminates modular inverse operations and reduces scalar multiplications during the verification stage by using batch verification. Result The experimental results show that, compared with the traditional ECDSA, KTP-ECDSA has achieved a speed increase of over 50% in both independent verification and batch verification, significantly improving the efficiency of signature verification. Discussion By adopting the KTP-ECDSA algorithm and using the digital signature batch verification method, multiple signatures can be verified simultaneously, thus reducing the computational burden of the traditional single-verification method. This greatly increases the overall transaction throughput and improves resource utilization efficiency.
... These generators are typically classified into two categories: pseudo-random number generators (PRNGs), which produce pseudo-random numbers using deterministic algorithms, and true random number generators (TRNGs), which derive randomness from non-deterministic physical processes. While PRNGs rely on a fixed algorithm and seed to generate pseudo-random numbers with favorable statistical properties, their vulnerability arises from the potential exposure of the algorithm and seed, which may lead to security risks and information leakage [2][3][4][5]. In contrast, TRNGs generate random numbers based on non-deterministic factors such as thermal noise, quantum fluctuations, or chaotic circuit behaviors [6][7][8]. ...
Article
Full-text available
Traditional entropy source evaluation methods rely on statistical analysis and are hard to deploy on-chip or online. However, online detection of entropy source quality is necessary in some applications with high encryption levels. To address these issues, our experimental results demonstrate a significant negative correlation between minimum entropy values and prediction accuracy, with a Pearson correlation coefficient of −0.925 (p-value = 1.07 × 10−7). This finding offers a novel approach for assessing entropy source quality, achieving an accurate rate in predicting the next bit of a random sequence using neural networks. To further improve prediction capabilities, we also propose a novel deep learning architecture, Fast Fourier Transform-Attention Mechanism-Long Short-Term Memory Network (FFT-ATT-LSTM), that integrates a simplified soft attention mechanism with Fast Fourier Transform (FFT), enabling effective fusion of time-domain and frequency-domain features. The FFT-ATT-LSTM improves prediction accuracy by 4.46% and 8% over baseline networks when predicting random numbers. Additionally, FFT-ATT-LSTM maintains a compact parameter size of 33.90 KB, significantly smaller than Temporal Convolutional Networks (TCN) at 41.51 KB and Transformers at 61.51 KB, while retaining comparable prediction performance. This optimal balance between accuracy and resource efficiency makes FFT-ATT-LSTM suitable for online deployment, demonstrating considerable application potential.
... The authors in [13] examines the vulnerability in Bitcoin caused by weak randomness in ECDSA (elliptic curve digital signature algorithm), which can result in private key leakage and fund theft. After analyzing transaction data, the authors find that the vulnerability still exists in about 0.48% of transactions, compromising 1331 private keys. ...
Article
Full-text available
Blockchain wallets use two primary key generation schemes: non-deterministic (ND) and hierarchical deterministic (HD). ND key generation scheme provides better fund distribution but has issues with backup complexity and memory utilization. HD key generation scheme simplifies the backup process but is vulnerable to privilege escalation and brute-force attacks. In addition, deterministic pseudo-random algorithms used in these key generation schemes are predictable, which makes Quantum Random Number Generators (QRNGs) a promising alternative. This paper proposes QaaS: a hybrid wallet based on user behavior that utilizes both HD and ND key generation architectures while leveraging QRNG to generate the keys. The wallet is optimized through deep learning, which trains on user behavior to select the optimal key generation scheme for maximum efficiency in blockchain wallet usage. We implemented and evaluated our proposed solution to support Ethereum transactions. Our results show that QaaS reduces risk by up to 98% compared to traditional HD wallets, while consuming similar memory resources.
... The literature provided on endpoint vulnerabilities reveals that it has various components like wallet, malware, keys etc [16]. These components have been addressed with specific countermeasures and suggestions, like [44] suggested BlueWallet, [45] suggested a group key management (GKM) mechanism, [46] suggested two methods against brute force attacks on private keys, [33] suggested not to share wallet keys, [30] suggested multilevel authentication, [28] suggested HSM (hardware security models), [47] suggested a request for comments (RFC) 6979, [1] suggested biometric, [48] suggested steganography, [49] suggested knowledge awareness and [3] and [1] suggested using TEE. However, none of these resolved the endpoint vulnerability issue and the question remains as it was. ...
... They have also discussed the attacks due to protocol design, cryptographic vulnerabilities, malicious miners, criminal behavior, and smart contracts applications. Wang et al. 84 have studied how random numbers are used in ECDSA and can lead to the leakage of private keys. The authors 85 provide systematic studies for long-range attacks of PoS protocols and discusses the mitigation techniques proposed in the literature. ...
Article
Full-text available
Blockchain technology has gained enormous interest from industry and academia recently. Technology enthusiasts are exploring its use case beyond cryptocurrencies and claim that blockchain technology can overcome the inefficiencies of centralized systems. In this study, we continue the work of previous authors, aiming to provide a more comprehensive understanding of the technical aspects of blockchain. This study is the first of its kind to review and analyze the current status of different technical aspects of blockchain technology influencing its adoption. We performed an extensive multivocal review to (i) demonstrate the progress of blockchain, (ii) discuss the challenges related to the wide‐scale adoption of the technology, (iii) present a detailed analysis of blockchain platforms, (iv) highlight security and interoperability issues followed by the solutions proposed in the literature. We have considered 259 peer‐reviewed research papers and the gray literature related to 40 blockchain platforms to provide an in‐depth analysis of blockchain technology. In conclusion, this comprehensive survey provides a holistic view of blockchain technology's progress. It identifies challenges, trends, and future research directions, serving as a valuable resource for researchers and practitioners seeking to navigate the dynamic blockchain landscape.
... A transaction output can be locked by any equation defined by the Script language of bitcoin [15], but most of them (i.e. Pay-to-Public-Key (P2PK), Pay-to-Public-Key-Hash (P2PKH), Multi-Signature (multisig), and Pay-to-Script-Hash (P2SH) [15]) use an Elliptic Curve Digital Signature Algorithm (ECDSA) as proof of ownership [18]. ...
Preprint
Blockchain has received attention for its potential use in business. Bitcoin is powered by blockchain, and interest in it has surged in the past few years. It has many uses that need to be modeled. Modeling is used in many walks of life to share ideas, reduce complexity, achieve close alignment of one person viewpoint with another and provide abstractions of a system at some level of precision and detail. Software modeling is used in Model Driven Engineering (MDE), and Domain Specific Languages (DSLs) ease model development and provide intuitive syntax for domain experts. The present study has designed and evaluated a meta-model for the bitcoin application domain to facilitate application development and help in truly understanding bitcoin. The proposed meta-model, including stereotypes, tagged values, enumerations and a set of constraints defined by Object Constraint Language (OCL), was defined as a Unified Modeling Language (UML) profile and was implemented in the Sparx Enterprise Architect (Sparx EA) modeling tool. A case study developed by our meta-model is also presented.
... The elliptic curve digital signature algorithm (ECDSA) employs the elliptic curve (computed using (1)) and a finite field to create a signature such that the other party can verify it [45]. However, the user who verifies the transaction using signatures needs to verify it again. ...
Article
Full-text available
The Internet of Medical Things (IoMT) connects a huge amount of smart sensors with the Internet for healthcare service provisioning. IoMT’s privacy-preserving becomes a challenge considering the life-saving data collected and transferred through IoMT. Traditional privacy protection techniques use centralized management strategies, which lead to a single point of failure, lack of trust, state modification, information disclosure, and identity theft. Edge computing enables local computation of IoMT data, which reduces traffic to the cloud and also helps in accomplishing latency-sensitive healthcare applications and services. This paper proposes a novel framework (i.e., SecureMed) that uses blockchain-based distributed authentication implemented at the edge cloudlets to enforce privacy protection. In SecureMed, IoMT devices interact with edge cloudlets using smart contracts. It uses trusted edge nodes to implement an authentication algorithm that uses public/private key matching to authenticate IoMT. Experimental evaluation performed using the Pythereum blockchain shows that SecureMed outperforms the traditional blockchain scheme based on latency, bandwidth consumption, deployment time, scalability, and accuracy. Therefore, it can be used to protect the edge-enabled IoMT from privacy attacks and to ensure end-to-end healthcare service provisioning.
... Keaslian dan integritas data dalam blockchain dijamin oleh kriptografi yang digunakan dalam penghubungan antar blok, serta penggunaan tanda waktu digital (digital timestamp) yang mencatat waktu pencatatan transaksi [11]. Transparansi juga menjadi salah satu karakteristik penting dalam teknologi blockchain, karena setiap transaksi dalam blockchain dapat dilihat oleh seluruh partisipan jaringan [12], [13]. ...
Research Proposal
Full-text available
Perkembangan pesat teknologi informasi dan komunikasi (TIK) telah mengubah cara kita bekerja, berkomunikasi, dan bertransaksi. Namun, kemajuan ini juga diikuti oleh meningkatnya ancaman terhadap keamanan data dan informasi, termasuk serangan cyber yang kompleks dan serius. Serangan cyber dapat mengakibatkan kerugian finansial, kerugian reputasi, pencurian data pribadi, serta ancaman terhadap infrastruktur kritis seperti sistem keuangan, kelistrikan, dan pelayanan publik[1]. Dalam era digital yang semakin maju, keamanan siber (cybersecurity) menjadi isu kritis yang perlu diperhatikan oleh organisasi, perusahaan, pemerintah, dan individu. Ancaman terhadap keamanan data dan informasi pribadi semakin kompleks, seperti serangan malware, serangan DDoS (Distributed Denial of Service), pencurian identitas, dan lain-lain. Oleh karena itu, diperlukan solusi yang aman dan efektif untuk melindungi data dan informasi dari ancaman-ancaman ini[2].
... This asymmetric encryption has two uses in blockchains: data encryption and digital signatures. Data encryption in the blockchain ensures transaction data security and reduces the risk of losing or falsifying transaction data [20]. Credibility: blockchain data exchange entirely depends on each node to form robust computations to defend against external attacks without human intervention [21]. ...
Article
Full-text available
Kampus Merdeka is an evolution of education in Indonesia that accommodates various changes. The existence of a mechanism that includes various actors in it makes Kampus Merdeka have many new outcomes which must be recognized by all stakeholders who need it. Blockchain technology and smart contract offer the ability to build trust between all actors in the Kampus Merdeka activities with their transparent nature and reliable, immutable data storage capabilities. Every stage that occurs in it can be traced from upstream to downstream. This study aims to design an architectural model of a blockchain system for the learning recognition system Kampus Merdeka. It uses the analytical study to identify the possible problems and the stakeholders involved and design the model solution proposed. As a result, it proposed the type of blockchain and the most suitable architecture for use in the learning recognition system Kampus Merdeka. In this study, the blockchain model is proposed as a mechanism for identifying and recognizing learning outcomes in the Kampus Merdeka environment more securely, challenging to modify, and traceable by all parties to ensure the authenticity of the learning outcomes. Furthermore, it can be recognized by all parties in it.
... With nonnegligible probability, an honest user will not choose the same pseudorandom number multiple times or there will be no multiple signatures in a transaction with the same random number. Literature [26] analyzes Bitcoin transactions dataset over the past 20 years, they found that there were still approximately 0.48 percent of transactions involving this vulnerability and there were 1331 private keys that been compromised. Due to the widespread use of Bitcoin, insufficient protection of user funds will cause huge economic losses. ...
Article
Full-text available
The classic Elliptic curve digital Signature Algorithm (ECDSA) uses one inversion operation in the process of signature and verification, which greatly reduces the efficiency of digital signatures. Up to now, most research schemes improve efficiency by reducing reverse operations, but they fail to attach importance to such issues as forgery signature attack. At the same time, in the blockchain, the weak randomness of ECDSA will lead to the attack of forging random numbers, which is a potential problem of digital currency transactions. In consideration of this reason, in this article, an improved provably secure elliptic curve digital signature scheme is constructed. First, the new scheme introduces double parameters in the signature process, that can effectively resist the weak randomness attack of ECDSA in Bitcoin, and can be applied to blockchain digital currency trading systems. Second, in the random oracle model, it is provably indistinguishable against Elliptic Curve Discrete Logarithm Problem (ECDLP) under the super type I and type II adversary. Third, the new scheme avoids the inverse operation in the signature and verification phase. Compared with the ECDSA, the running speed is optimized by 50.1%. Similarly, the proposed scheme has higher computational efficiency than other existing algorithms.
... Moreover, the attacker can exploit weak or vulnerable hash functions and digital signatures. For example, IOTA insecure Curl hash function [61] and low entropy ECDSA [62]. The group of researchers exploited Nano S Ledger wallet vulnerability [63]. ...
Article
Full-text available
The first step to realise the true potential of blockchain systems is to explain the associated security risks and vulnerabilities. These risks and vulnerabilities, exploited by the threat agent to affect the valuable assets and services. In this work, we use a security risk management (SRM) domain model and develop a framework to explore two security risks – Sybil and Double-spending – that are observed and considered most concerning security risks within blockchain systems. The framework illustrates the protected assets or assets to secure, the classification of threats that the attacker can trigger using Sybil attack, the identification of threats that cause Double-spending, the vulnerabilities of identified threats, and their countermeasures. We evaluated a newly built framework by exploring Sybil and Double-spending risks in Ethereum-based healthcare applications. We also recognise the various other security and implementation challenges of blockchain that hinder the acceptance of blockchain-enabled solutions. Furthermore, we discuss the permissioned blockchain systems making an appearance in industry-level enterprises and how permissioned blockchain systems control these challenges. We conclude the paper and outline the future work that aims to build an ontology-based blockchain security reference model. The results of this work could help blockchain developers, practitioners, and other associated stakeholders to communicate about Sybil and Double-spending risks, what security countermeasures should be introduced, and what security and implementation challenges are emerging in blockchain systems.
... The Blockchain explorer can be used to analyze Ethereum or Bitcoin Cash.Chang and Svetinovic [115] uses Blockchain explorer to identifies 2509 Bitcoin addresses which belong to 515 entities. Wang et al. [116] uses Bitcoin blockchain to collect transactions from January 3, 2009 (the genesis block) to June 30, 2017 (block 473,592), which they observe that about 0.48% of transactions still involve the vulnerability "ECDSA weak randomness" and that 1331 private keys are affected. ...
Article
This paper presents research challenges and a tutorial on performance evaluation of blockchain-based security and privacy systems for the internet of things (IoT). We start by summarizing the existing surveys that deal with blockchain security for IoT networks. Then, we review the blockchain-based security and privacy systems for seventeen types of IoT applications, e.g., Industry 4.0, Software Defined Networking, Edge computing, Internet of Drones, Internet of Cloud, Internet of Energy, Internet of Vehicles, etc. We also review various consensus algorithms and provide a comparison with respect to the nine properties such as latency, throughput, computation, storage, and communication costs, scalability, attack model, advantage, and disadvantage...etc. Moreover, we present the security analysis techniques and provide a classification into four categories, including, BAN logic, game theory, theory analysis, and AVISPA tool. In addition, we analyze the performance metrics, blockchain testbeds, and cryptography libraries used in the performance evaluation of blockchain-based security and privacy systems for the IoT networks. Based on the current survey, we discuss the major steps to follow for building and evaluating blockchain-based security and privacy systems. Finally, we discuss and highlight open challenges and future research opportunities.
... RSA is vulnerable to multiplicative attacks. ECDSA [55,56] Elliptic Curve Cryptography (ECC) is an alternative to RSA for digital signature development based on elliptic curve theory that produces quicker, smaller, and more powerful cryptographic keys. The algorithm's strength levels derive from the problem of solving the discrete logarithm in the elliptic curve point group. ...
Article
Full-text available
Conventional IoT ecosystems involve data streaming from sensors, through Fog devices to a centralized Cloud server. Issues that arise include privacy concerns due to third party management of Cloud servers, single points of failure, a bottleneck in data flows and difficulties in regularly updating firmware for millions of smart devices from a point of security and maintenance perspective. Blockchain technologies avoid trusted third parties and safeguard against a single point of failure and other issues. This has inspired researchers to investigate Blockchain's adoption into IoT ecosystem. In this paper, recent state-of-the-arts advances in Blockchain for IoT, Blockchain for Cloud IoT and Blockchain for Fog IoT in the context of eHealth, smart cities, intelligent transport and other applications are analyzed. Obstacles, research gaps and potential solutions are also presented.
... The output sequence of a DRNG is generated with a deterministic algorithm and a provided seed. Despite its good statistical characteristic, the DRNG is not suitable for information security applications, because the deterministic pattern of the DRNG may be identified by adversaries, which incurs malicious attacks and causes the destruction of security system, as in [2][3][4][5]. On the contrary, a NRNG produces the random sequence by using physical entropy sources, such as electrical noise [6][7][8], quantum fluctuations [9][10][11][12] and chaotic semiconductor lasers [13][14][15]. ...
Article
Full-text available
In this paper, a deep learning (DL)-based predictive analysis is proposed to analyze the security of a non-deterministic random number generator (NRNG) using white chaos. In particular, the temporal pattern attention (TPA)-based DL model is employed to learn and analyze the data from both stages of the NRNG: the output data of a chaotic external-cavity semiconductor laser (ECL) and the final output data of the NRNG. For the ECL stage, the results show that the model successfully detects inherent correlations caused by the time-delay signature. After optical heterodyning of two chaotic ECLs and minimal post-processing are introduced, the model detects no patterns among corresponding data. It demonstrates that the NRNG has the strong resistance against the predictive model. Prior to these works, the powerful predictive capability of the model is investigated and demonstrated by applying it to a random number generator (RNG) using linear congruential algorithm. Our research shows that the DL-based predictive model is expected to provide an efficient supplement for evaluating the security and quality of RNGs.
Article
In the field of information security, the unpredictability of random numbers plays determinant role according to the security of cryptographic systems. However, limited by the capability of pattern recognition and data mining, statistical-based methods for random number security assessment can only detect whether there are obvious statistical flaws in random sequences. In recent years, some machine learning-based techniques such as deep neural networks and prediction-based methods applied to random number security have exhibited superior performance. Concurrently, the proposed deep learning models bring out issues of large number of parameters, high storage space occupation and complex computation. In this paper, for the challenge of random number security analysis: building high-performance predictive models, we propose an effective analysis method based on pruning and quantized deep neural network. Firstly, we train a temporal pattern attention-based long short-term memory (TPA-LSTM) model with complex structure and good prediction performance. Secondly, through pruning and quantization operations, the complexity and storage space occupation of the TPA-LSTM model were reduced. Finally, we retrain the network to find the best model and evaluate the effectiveness of this method using various simulated data sets with known min-entropy values. By comparing with related work, the TPA-LSTM model provides more accurate estimates: the relative error is less than 0.43%. In addition, the model weight parameters are reduced by more than 98% and quantized to 2 bits (compression over 175x) without accuracy loss.
Chapter
Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a quantum-future cryptographic protocol deployment. We aim to show that our approach is practical through an instantiation of a trusted execution environment supported by runtime verification and any hardware security module compatible with commodity hardware. In particular, we provide: (i) A group chat application case study which uses the quantum-future group key establishment protocol from González Vasco et al., (ii) An implementation of the protocol from González Vasco et al. employing a resource-constrained hardware security module, (iii) The runtime verification setup tailored for the protocol’s properties, (iv) An empirical evaluation of the setup focusing on the user experience of the chat application.
Article
Blockchain is a publicly distributed ledger used to record transactions in Bitcoin-like cryptocurrencies. In recent years, the successful integrations of Public-Key Cryptographic (PKC) algorithms with cryptocurrencies have driven researchers to pursue the study of PKC. However, it is challenging to technically integrate PKC algorithms with blockchain properly in that the studies of blockchain leverage to broad domains and each existing problem can lead to diverse solutions. For cryptographically-solvable problems, it is important to find a secure and practical integration of PKC algorithm with blockchain. We systematically review three major topics in cryptocurrencies, including security, privacy and scalability. We conduct a case analysis which demonstrates how to integrate PKC with blockchains. As an illustration, we propose mutable blockchain which incorporates multiple PKC schemes and show how to use it to remove double-spending transactions via redaction. We then give a concrete construction. As suggested by our performance evaluation, the adopted PKC algorithms can run scalably and efficiently and avoid bottlenecks in the system.
Article
Full-text available
Blockchain technology has already changed industry and commercial enterprises remarkably. It is the underlying mechanism of a very well-known cryptocurrencies such as Bitcoin and Ethereum, and many other business applications. Therefore, its security draws the researchers' attention more and more recently. One of Blockchain vulnerabilities is caused by weak randomness in ECDSA. A random number is not secure, cryptographically, which leads to a leakage in private key and even the user's fund theft. As well the spam transaction attack may exploit the ECDSA weak randomness. This problem in security has been well known in cryptocurrencies community such as Bitcoin and fixed by applying RFC 6979 update in 2013. However, the problem is not entirely solved. The elliptic curve digital signature algorithm (ECDSA) was the first successful algorithm based on elliptic curve. This algorithm security depends on complexity of elliptic curve discrete logarithm problem (ECDLP). This algorithm applied in blockchain mechanism as a result of its low computational cost and short key. In this paper, we analyze the ECDSA weakness in blockchain and enhance its scheme by generating the signature with two secret keys. Using two secret keys will reduce the risk probability of revealing the secret key by knowing two messages. Therefore, the improved scheme can improve the security of the ECDSA.
Article
The increasing popularity of blockchain and cryptocurrency reinforces the importance of accountability and privacy. Privacy is a fundamental human right, yet, malevolent or criminal should be held accountable, which mitigates the severity of malicious and criminal exploitation even with privacy protections in place. This editorial reports on the findings from seven accepted papers (acceptance rate of 30.44%).
Conference Paper
Full-text available
An Improvement of ECDSA Weak Randomness in Blockchain ”
Conference Paper
We study how to construct secure digital signature schemes in the presence of kleptographic attacks. Our work utilizes an offline watchdog to clip the power of subversions via only one-time black-box testing of the implementation. Previous results essentially rely on an online watchdog which requires the collection of all communicating transcripts (or active re-randomization of messages). We first give a simple but generic construction, without random oracles, in the partial-subversion model in which key generation and signing algorithms can be subverted. Then, we give the first digital signature scheme in the complete-subversion model in which all cryptographic algorithms can be subverted. This construction is based on the full-domain hash. Along the way, we enhance the recent result of Russell et al. (CRYPTO 2018) about correcting a subverted random oracle.
Article
IF YOU HAVE read about bitcoin in the press and have some familiarity with academic research in the field of cryptography, you might reasonably come away with the following impression: Several decades' worth of research on digital cash, beginning with David Chaum,10,12 did not lead to commercial success because it required a centralized, bank-like server controlling the system, and no banks wanted to sign on. Along came bitcoin, a radically different proposal for a decentralized cryptocurrency that did not need the banks, and digital cash finally succeeded. Its inventor, the mysterious Satoshi Nakamoto, was an academic outsider, and bitcoin bears no resemblance to earlier academic proposals.
Conference Paper
Digital currencies like Bitcoin rely on cryptographic primitives to operate. However, past experience shows that cryptographic primitives do not last forever: increased computational power and advanced cryptanalysis cause primitives to break frequently, and motivate the development of new ones. It is therefore crucial for maintaining trust in a cryptocurrency to anticipate such breakage. We present the first systematic analysis of the effect of broken primitives on Bitcoin. We identify the core cryptographic building blocks and analyze the ways in which they can break, and the subsequent effect on the main Bitcoin security guarantees. Our analysis reveals a wide range of possible effects depending on the primitive and type of breakage, ranging from minor privacy violations to a complete breakdown of the currency. Our results lead to several observations on, and suggestions for, the Bitcoin migration plans in case of broken or weakened cryptographic primitives.
Conference Paper
In this paper, we present an empirical study of a recent spam campaign (a “stress test”) that resulted in a DoS attack on Bitcoin. The goal of our investigation being to understand the methods spammers used and impact on Bitcoin users. To this end, we used a clustering based method to detect spam transactions. We then validate the clustering results and generate a conservative estimate that 385,256 (23.41 %) out of 1,645,667 total transactions were spam during the 10 day period at the peak of the campaign. We show the impact of increasing non-spam transaction fees from 45 to 68 Satoshis/byte (from 0.11to0.11 to 0.17 USD per kilobyte of transaction) on average, and increasing delays in processing non-spam transactions from 0.33 to 2.67 h on average, as well as estimate the cost of this spam attack at 201 BTC (or $49,000 USD). We conclude by pointing out changes that could be made to Bitcoin transaction fees that would mitigate some of the spam techniques used to effectively DoS Bitcoin.
Conference Paper
RSA and DSA can fail catastrophically when used with malfunctioning random number generators, but the extent to which these problems arise in practice has never been comprehensively studied at Internet scale. We perform the largest ever network survey of TLS and SSH servers and present evidence that vulnerable keys are surprisingly widespread. We find that 0.75% of TLS certificates share keys due to insufficient entropy during key generation, and we suspect that another 1.70% come from the same faulty implementations and may be susceptible to compromise. Even more alarmingly, we are able to obtain RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their public keys shared nontrivial common factors due to entropy problems, and DSA private keys for 1.03% of SSH hosts, because of insufficient signature randomness. We cluster and investigate the vulnerable hosts, finding that the vast majority appear to be headless or embedded devices. In experiments with three software components commonly used by these devices, we are able to reproduce the vulnerabilities and identify specific software behaviors that induce them, including a boot-time entropy hole in the Linux random number generator. Finally, we suggest defenses and draw lessons for developers, users, and the security community.
Article
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Conference Paper
The DSS signature algorithm requires the signer to generate a new random number with every signature. We show that if random numbers for DSS are generated using a linear congruential pseudorandom number generator (LCG) then the secret key can be quickly recovered after seeing a few signatures. This illustrates the high vulnerability of the DSS to weaknesses in the underlying random number generation process. It also confirms, that a sequence produced by LCG is not only predictable as has been known before, but should be used with extreme caution even within cryptographic applications that would appear to protect this sequence. The attack we present applies to truncated linear congruential generators as well, and can be extended to any pseudo random generator that can be described via modular linear equations.
Article
In this article we presented a little introduction to the elliptic curves and it use in the cryptography. We described the concepts of digital signature, we presented the algorithm ECDSA (Elliptic Curves Digital Signature Algorithm) and we make a parallel of this with DSA (Digital Signature Algorithm). Follow we presented an application developed with the purpose of using ECDSA. Finally we presented our conclusions about this algorithm. Resumo. Neste artigo apresentamos uma breve introdução às curvas elípticas e sua utilização na criptografia. Descrevemos os conceitos de assinatura digital, apresentamos o algoritmo ECDSA (Elliptic Curve Digital Signature Algorithm) e fazemos um paralelo deste com o DSA (Digital Signature Algorithm). Em seguida apresentamos uma aplicação desenvolvida com o propósito de utilizar o ECDSA. Finalmente apresentamos nossas conclusões sobre este algoritmo.
Conference Paper
DSA and ECDSA are well established standards for digital signature based on the discrete logarithmp roblem. In this paper we survey known properties, certification issues regarding the public parameters, and security proofs. ECDSA also includes a standard certification scheme for elliptic curve which is assumed to guarantee that the elliptic curve was randomly selected, preventing from any potential malicious choice. In this paper we show how to bypass this scheme and certify any elliptic curve in characteristic two. The prime field case is also studied. Although this does not lead to any attack at this time since all possible malicious choices which are known at this time are specifically checked, this demonstrates that some part of the standard is not well designed. We finally propose a tweak.
Recovering Bitcoin private keys using weak signatures from the blockchain
  • N Schneider
N. Schneider, Recovering Bitcoin private keys using weak signatures from the blockchain, 2013, http://www.nilsschneider.net/2013/01/28/ recovering-bitcoin-private-keys.html.
Private key recovery combination attacks: On extreme fragility of popular bitcoin key management, wallet and cold storage solutions in presence of poor RNG Events, IACR Cryptology ePrint Archive
  • N T Courtois
  • P Emirdag
  • F Valsorda
N.T. Courtois, P. Emirdag, F. Valsorda, Private key recovery combination attacks: On extreme fragility of popular bitcoin key management, wallet and cold storage solutions in presence of poor RNG Events, IACR Cryptology ePrint Archive 2014, 2014, 848.