Tweet
Polynonce: An ECDSA Attack and Polynomial Dance
Nils Amiet , Lead Prototyping Engineer at Kudelski Security, He/Him
Marco Macchetti, Principal Cryptographer at Kudelski Security, He/Him
Demo, Tool, Exploit
20 Minutes
ECDSA is a widely used digital signature algorithm. ECDSA signatures can be found everywhere since they are public. In this talk, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks.
Although we didn't recover Satoshi's private key (we’d be throwing a party on our private yacht instead of writing this abstract), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can identify and avoid this vulnerability in their systems. We've only scratched the surface, there's still plenty of room for exploration.
Nils is a Security Researcher on Kudelski Security’s research team performing research on various topics including privacy, authentication, big data analytics, and internet scanning. He also writes blog posts on various topics for Kudelski’s research blog. Nils likes open source software and has presented his research at DEF CON and Black Hat Arsenal. He was part of creating a massively distributed system for breaking RSA public keys.
@tmlxs
Marco works as Principal Cryptographer on Kudelski Security's research team. He has a long experience designing a wide range of HW and SW cryptographic modules, from silicon roots of trust through physically unclonable functions to side-channel resistant cryptographic libraries. Marco likes looking at crypto from different points of view, bridging theory and implementation, to find new paths of attack (and defense).
REFERENCES:
* https://eprint.iacr.org/2019/023
* https://eprint.iacr.org/2022/169.pdf
* https://github.com/gcarq/rusty-blockparser
* https://en.bitcoin.it/wiki/OP_CHECKSIG
* https://bitcointalk.org/index.php?topic=1431060.0
Nils Amiet , Lead Prototyping Engineer at Kudelski Security, He/Him
Marco Macchetti, Principal Cryptographer at Kudelski Security, He/Him
Demo, Tool, Exploit
20 Minutes
ECDSA is a widely used digital signature algorithm. ECDSA signatures can be found everywhere since they are public. In this talk, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks.
Although we didn't recover Satoshi's private key (we’d be throwing a party on our private yacht instead of writing this abstract), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can identify and avoid this vulnerability in their systems. We've only scratched the surface, there's still plenty of room for exploration.
Nils is a Security Researcher on Kudelski Security’s research team performing research on various topics including privacy, authentication, big data analytics, and internet scanning. He also writes blog posts on various topics for Kudelski’s research blog. Nils likes open source software and has presented his research at DEF CON and Black Hat Arsenal. He was part of creating a massively distributed system for breaking RSA public keys.
@tmlxs
Marco works as Principal Cryptographer on Kudelski Security's research team. He has a long experience designing a wide range of HW and SW cryptographic modules, from silicon roots of trust through physically unclonable functions to side-channel resistant cryptographic libraries. Marco likes looking at crypto from different points of view, bridging theory and implementation, to find new paths of attack (and defense).
REFERENCES:
* https://eprint.iacr.org/2019/023
* https://eprint.iacr.org/2022/169.pdf
* https://github.com/gcarq/rusty-blockparser
* https://en.bitcoin.it/wiki/OP_CHECKSIG
* https://bitcointalk.org/index.php?topic=1431060.0