One of the most important rules of crypto transactions that are based on the Elliptic Curve Digital Signature Algorithm (BTC, ETH, lots of others) is that the nonce, a one-time random value that is included in the calculation of the signature, must be kept secret and it must be randomly generated. If you accidentally reuse the same nonce twice, you might as well have posted your private key to Twitter because it can be easily extracted by combining the two signatures. It also happens if you use a predictable nonce, like a sequence of increasing numbers.
This has been known for a long time, but it conflicts with the popular intuition that people (and developers) have about nonces, which is that they normally have to be different but it isn't important that they be random or secret.
This brings us to the newest version of this attack, called Polynonce, just released this week. The authors were able to show that you can do this key recovery attack not just against nonces that are repeated, or follow a simple pattern, but any nonces that are polynomially related to each other! This is a huge deal because one of the most common random number generators, if you aren't especially careful about the security of your code, is called a Linear Congruential Generator. As the name suggests, the outputs are linearly related.
They tested their attack against the Bitcoin and Ethereum blockchains and found almost 1000 wallets that were vulnerable to private key recovery. Fortunately, they were all actually the more dangerous and well-known form of nonce reuse, and not the new polynomially related nonces. They discovered that all of these wallets were already drained by hackers and they did some interesting analysis of where the funds ended up.
The takeaway, for me, is that generally the wallet software people are using seems to be pretty good, but also that malicious hackers are pretty sophisticated in their methods to be able to take advantage of a relatively obscure attack. Makes sense when there is potentially a lot of money at stake, but cool to see some analysis of things like this.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments