Exploiting ECDSA Failures in the Bitcoin Blockchain

After 6 years of community pressure, RedHat legal approves Elliptical Curve algorithms to be enabled in distributed packages. This makes compiling Bitcoin related software much easier!

submitted by AgentZeroM to Bitcoin [link] [comments]

"By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user's data or financial transactions."

This is an automatic summary, original reduced by 71%.
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
"An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone's USB cable, and a USB sound card," the researchers wrote in a blog post published Wednesday.
While the researchers stopped short of fully extracting the key on a Sony-Ericsson Xperia x10 Phone running Android, they said they believe such an attack is feasible.
CoreBitcoin developers told the researchers they plan to replace their current crypto library with one that's not susceptible to the attack.
The researchers said they reported the vulnerability to OpenSSL maintainers, and the maintainers said that hardware side-channel attacks aren't a part of their threat model.
At the moment, the attack would require a hacker to have physical possession of-or at least have a cable or probe in close physical proximity to-a vulnerable mobile device while it performed enough operations to measure "a few thousand ECDSA signatures." The length of time required would depend on the specific application being targeted.
Summary Source | FAQ | Theory | Feedback | Top five keywords: attack#1 research#2 vulnerable#3 key#4 version#5
NOTICE: This thread is for discussing the submission topic only. Do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

New attack steals secret crypto keys from Android and iOS phones

This is an automatic summary, original reduced by 71%.
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
"An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone's USB cable, and a USB sound card," the researchers wrote in a blog post published Wednesday.
While the researchers stopped short of fully extracting the key on a Sony-Ericsson Xperia x10 Phone running Android, they said they believe such an attack is feasible.
CoreBitcoin developers told the researchers they plan to replace their current crypto library with one that's not susceptible to the attack.
The researchers said they reported the vulnerability to OpenSSL maintainers, and the maintainers said that hardware side-channel attacks aren't a part of their threat model.
At the moment, the attack would require a hacker to have physical possession of-or at least have a cable or probe in close physical proximity to-a vulnerable mobile device while it performed enough operations to measure "a few thousand ECDSA signatures." The length of time required would depend on the specific application being targeted.
Summary Source | FAQ | Theory | Feedback | Top five keywords: attack#1 research#2 vulnerable#3 key#4 version#5
NOTICE: This thread is for discussing the submission topic only. Do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

The Elliptic Curve Digital Signature Algorithm and raw transactions on Bitcoin What is digital signature? - YouTube

Openssl seems to use these values for DER encoding rules, and it doesn't seem to have anything to do with secp256k1 or Bitcoin specifically. Is this a correct assumption? They have nothing to do with Bitcoin, but I believe that those bytes contain a reference to secp256k1 (probably through its OID 1.3.132.0.10). Bitcoin core unsafe: openssl patch by AGL waiting on master . electrum safe since v1.9 correct use of python-ecdsa. Multibit / bitcoinj safe correct use of bouncycastle. Blockchain.info Unsafe relies on the browser RNG (if any!) bitrated / bitcoinjs-lib Safe Hashes privkey, message and random. Armory unsafe (? - 90%) crypto++ seems to use a random value. Trezor Safe Implements RFC 6979. Q&A ... value: an integer value: Param: signature: an (r, s) pair of integers representing an ecdsa signature of value: Param: y_parity: (optional) for a given value and signature, there are either two points that sign it, or none if the signature is invalid. One of the points has an even y value, the other an odd. If this parameter is set, only points ... Eric Rykwalder is a software engineer and one of Chain.com s founders. Here, he gives an overview of the mathematical foundations of the bitcoin protocol. One reason bitcoin can be confusing for beginners is that the technology behind it redefines the concept of ownership. To own something in the traditional sense, be Bitcoin core unsafe: openssl patch by AGL waiting on master; None; electrum safe since v1.9 correct use of python-ecdsa; Multibit / bitcoinj safe correct use of bouncycastle; Blockchain.info Unsafe relies on the browser RNG (if any!) None; bitrated / bitcoinjs-lib Safe Hashes privkey, message and random; Armory unsafe (? - 90%) crypto++ seems ...

[index] [10226] [38975] [847] [923] [45449] [37995] [14577] [8385] [10325] [17290]

The Elliptic Curve Digital Signature Algorithm and raw transactions on Bitcoin

Skip navigation Sign in. Search A digital signature is equivalent to a handwritten signature in paper, and a digital signature serves three basic purposes. Digital signature is commonly use...

#