Nadia Heninger: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies

Speaker: Nadia Heninger

Date: Friday, May 31, 2019

Time: 10:30 AM to 12:00 PM

Public: Yes

Location: Hewlett, G882

Event Type: Seminar

Room Description:

Host: Vinod Vaikuntanathan

Contact: Deborah Goodwin, 617.324.7303, dlehto@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:
Nadia head

Reminders to: seminars@csail.mit.edu, cis-seminars@csail.mit.edu

Reminder Subject: TALK: Nadia Heninger: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies

Abstract

We compute hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys by carrying out cryptanalytic attacks against digital signatures contained in public blockchains and Internet-wide scans. The ECDSA signature algorithm requires the generation of a per-message secret nonce. This nonce must be generated perfectly uniformly, or else an attacker can exploit the nonce biases to compute the long-term signing key. We use a lattice-based algorithm for solving the hidden number problem to efficiently compute private ECDSA keys that were used with biased signature nonces due to multiple apparent implementation vulnerabilities.

Research Areas:

Impact Areas:

See other events that are part of the Cryptography and Information Security (CIS) Seminar 2019.

Created by Deborah Goodwin Email at Monday, February 04, 2019 at 2:59 PM.