Interesting report at upcoming RSA cryptographic conference

Discussion of issues in cryptography, mathematics, economy and subject technology news

Interesting report at upcoming RSA cryptographic conference

Postby wex » Wed Apr 01, 2015 4:29 pm

http://users.ics.aalto.fi/knyberg/program.txt

15
> - Title: Just A Little Bit More

> - Authors:
Nigel Smart (University of Bristol)
Yuval Yarom (University of Adelaide)
Joop van de Pol (University of Bristol)

> - Quick abstract (200 characters including spaces)
We exploit a property of many standard elliptic curves to reduce the number of signatures
needed to be observed and demonstrate how we break ECDSA on a secp256k1 curve using only 25 signatures.

As far as I know ECDSA on a secp256k1 curve is used in Bitcoin (https://en.bitcoin.it/wiki/Secp256k1). So the question is, Bitcoin is getting hacked?
wex
 
Posts: 3
Joined: Wed Apr 01, 2015 4:03 pm

Re: Interesting report at upcoming RSA cryptographic confere

Postby Catherine_Erwin » Fri Apr 10, 2015 3:30 pm

Hello, wex. Thank you for your question.

The first time CryptoNote team heard about this issue was in 2014. It was described in the previous version of an article: https://eprint.iacr.org/2014/161.pdf

It is said there: “We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve.”

But the point is, at this moment Bitcoin is using its’ own realization and not OpenSSL so this small vulnerability is not present in Bitcoin protocol anymore.

On the side note, CryptoNote uses Ed25519 algorithm on Curve25519 which is resistant to this vulnerability and CryptoNote users won’t be affected by it in any way.
Catherine_Erwin
 
Posts: 102
Joined: Wed Mar 26, 2014 3:28 pm

Re: Interesting report at upcoming RSA cryptographic confere

Postby Masniff.Hurricane » Sun Apr 12, 2015 3:45 pm

wex wrote:http://users.ics.aalto.fi/knyberg/program.txt

15
> - Title: Just A Little Bit More

> - Authors:
Nigel Smart (University of Bristol)
Yuval Yarom (University of Adelaide)
Joop van de Pol (University of Bristol)

> - Quick abstract (200 characters including spaces)
We exploit a property of many standard elliptic curves to reduce the number of signatures
needed to be observed and demonstrate how we break ECDSA on a secp256k1 curve using only 25 signatures.

As far as I know ECDSA on a secp256k1 curve is used in Bitcoin (https://en.bitcoin.it/wiki/Secp256k1). So the question is, Bitcoin is getting hacked?


Wex, have you already seen this http://www.reddit.com/r/Bitcoin/comment ... em/cq4b52u ?
User avatar
Masniff.Hurricane
 
Posts: 8
Joined: Fri Mar 28, 2014 9:36 am
Location: Finland, Tampere

Re: Interesting report at upcoming RSA cryptographic confere

Postby wex » Fri Apr 17, 2015 11:44 am

Masniff.Hurricane wrote:
wex wrote:http://users.ics.aalto.fi/knyberg/program.txt

15
> - Title: Just A Little Bit More

> - Authors:
Nigel Smart (University of Bristol)
Yuval Yarom (University of Adelaide)
Joop van de Pol (University of Bristol)

> - Quick abstract (200 characters including spaces)
We exploit a property of many standard elliptic curves to reduce the number of signatures
needed to be observed and demonstrate how we break ECDSA on a secp256k1 curve using only 25 signatures.

As far as I know ECDSA on a secp256k1 curve is used in Bitcoin (https://en.bitcoin.it/wiki/Secp256k1). So the question is, Bitcoin is getting hacked?


Wex, have you already seen this http://www.reddit.com/r/Bitcoin/comment ... em/cq4b52u ?


Thanks. But still I don't understand why can't Bitcoin and CryptoNote be hacked with this kind of attacks?
wex
 
Posts: 3
Joined: Wed Apr 01, 2015 4:03 pm

Re: Interesting report at upcoming RSA cryptographic confere

Postby Masniff.Hurricane » Fri Apr 17, 2015 12:06 pm

I mean, it is not generic attacks. These attack's algorithm was designed for specific elliptic curves. Bitcoin's Koblitz curve secp256k1 and CryptoNote's curve25519 are other than curves described in both papers, so it wouldn't work for them.
User avatar
Masniff.Hurricane
 
Posts: 8
Joined: Fri Mar 28, 2014 9:36 am
Location: Finland, Tampere

Hello guys

Postby Richardrida » Sun Apr 24, 2016 11:22 pm

Thanks!
Richardrida
 
Posts: 1
Joined: Thu Apr 21, 2016 2:53 pm
Location: Switzerland


Return to General Discussions

Who is online

Users browsing this forum: No registered users and 1 guest