Researchers recently identified vulnerabilities in cryptographic signatures for Bitcoin, Ethereum, and Ripple, that allowed attackers to calculate private keys and, consequently, steal any crypto in that wallet. In total, the researchers calculated hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys using this unique form of cryptanalytic attack.
In the paper Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies, researchers utilize a method to calculate private keys by analyzing Bitcoin signatures. The researchers were also able to apply these techniques to Ethereum and Ripple.
That said, these vulnerabilities only occur in edge cases where code is not implemented by developers properly, or likely occurred because of faulty multi-signature hardware. The research emphasizes the resiliency of the cryptographic schemes used by cryptocurrencies, as well as highlights the importance of proper implementation.
Background on Research
Whenever crypto holders make a transaction, they are required to create a cryptographic signature using an elliptic curve digital signature algorithm (ECDSA). In this algorithm, the software comes up with an arbitrary number that is used just once for communication—this number is called a nonce.
It is critical that the software signs each transaction with a different nonce, otherwise hackers can (rather easily) find and calculate the signers’ private key. There is even evidence that hackers continuously monitor the blockchain for these kinds of repeated nonces, extracting money from compromised keys.
What’s less well-known is that attackers can calculate keys from signatures that use different, but similar nonces. For example, if nonces have characters that are similar at the beginning of the signature, or if the nonce has characters that are similar at the end of a signature, then some big bad terrible thing will happen.
What the Researchers Say
CryptoSlate contacted both authors of the paper: Dr. Nadia Heninger is an associate professor of computer science at the University of California. Joachim Breitner, is a senior researcher at DFINITY. According to Dr. Heninger, the vulnerability was described as follows:
“The ECDSA digital signature algorithm requires generating a random number for each signature, which is often called a “nonce” (This is different from the nonces used in cryptocurrency mining). If these random values used in the signatures are not generated properly, in some cases, an attacker can compute the private signing keys. The types of nonce vulnerabilities that we exploited were implementations that generated values that were much shorter than they should have been, or values that shared most or least significant bits.”
And, using some advance math called lattices, the two were able to crack some of these wallet addresses and find the private keys:
“For the nerds in the audience, lattice algorithms allow us to find small solutions to underconstrained systems of linear equations. There are a number of crypotanalytic techniques that use lattice algorithms as a building block.”
As stated in the paper, any non-uniformity in the generation of these signature nonces can reveal private key information. Given a sufficient number of signatures, hackers can compute private keys and gain access to a user’s wallet and drain its funds.
Do Crypto Users Need to Worry?
According to Dr. Heninger and Breitner, the vast majority of cryptocurrency users need not worry:
“The only reason this would happen is if there is some type of bug in the digital signature code.”
Furthermore, as long as developers use the proper techniques and documented methods to ensure user security, the signature scheme is considered secure:
“As far as we know, ECDSA is a secure digital signature algorithm if implemented correctly. We concluded that these were not common implementations based on the fact that we only found a few thousand vulnerable signatures out of nearly a billion Bitcoin signatures that we examined.”
Furthermore, these vulnerabilities are only “specific to distinct implementations. Furthermore, the authors speculate that the faulty implementationn could possibly be a result of a few multifactor security devices:
“The mention of multifactor security is specific to the case of the signatures we found with 64-bit nonces on the Bitcoin blockchain. Nearly all of them were part of multisig addresses, which is not the usual case on the blockchain, hence our guess of the source. There has since been some further speculation about the specific implementation.”
Now, there are ways for developers to implement ECDSA without the vulnerabilities described in the paper, even for hardware devices. According to Breitner:
“The official blockchain clients get their crypto right… since 2016, the Bitcoin client uses deterministic signatures (RFC6979) which completely removes the need for randomness in the process [eliminating the possibility of the kind of attack employed by the researchers]. If you are using non-standard libraries, or if you write your own crypto routines… you should make sure that these use RFC6979. This is even more important on embedded devices or hardware tokens where a good source of randomness might be hard to come by.”
Profitable for Attackers?
Ultimately, these kinds of attacks are not cost-effective given the amount of time, electricity, and computational power needed to conduct them—even with this new tool added to their arsenal:
“Given that attackers are already exploiting other cryptographic vulnerabilities to compromise wallets, it seems likely that this will be added to their arsenal. However, if one has to pay for the computing time to do the computation, it is probably not a cost-effective attack given the balances that we found associated with vulnerable keys.”
At the end of the day, the research reassures cryptocurrency users that the cryptography underlining Bitcoin and other digital currencies is sound. With tens of thousands of people scrutinizing the underlying code for these systems, it is a testimony that the core security schemes, if used properly, still adequately protect the user—for now.
Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.
Libra branded ‘delusional’ as Senate Banking Committee unleashes hell on Facebook’s David Marcus
Libra seems to be the new cuss word in Washington D.C.
After unveiling Libra and setting up the association to oversee its governance in Switzerland, Facebook probably thought they’d be taking more flights across the Atlantic. However, it looks like the layover in the US Captial is longer than expected.
On July 16, David Marcus, lead of the Libra project and VP of Messaging Products at Facebook, sat before the US Senate Banking Committee to discuss Facebook’s cryptocurrency project, and it wasn’t pretty. Senators from both parties unified with pressing questions about the privacy, security, and global concerns associated with Libra.
This is certainly not the first rodeo for Facebook executives in front of US Congressmen. But, the way the latest hearing went, it certainly won’t be the last.
Senators likened Facebook’s plan of entering the payments realm to a toddler burning the house down, calling Libra a “delusional” goal, and revisiting Facebook’s privacy problems. Arson comments and snide remarks aside, there were genuine concerns that the wide reach of the social media giant, coupled with its entry into the payments realm via a digital asset, would be a sovereign problem and not a case of a private company merely expanding its operations.
Senator Sherrod Brown, who during the Fed Chairman’s appearance before the House Finance Committee on Libra mulled big tech’s efforts to rival big banks, questioned the trust customers had in Facebook after its previous debacles and PR disasters. He opened his address by stating, “Facebook is dangerous,” and called out the social media company.
“Do you really think people should trust Facebook with their hard-earned money?…I just think that is delusional.”
He spoke out against not just Facebook’s payment plans, but also its nefarious advertisement algorithm, its ability to betray journalistic principles and create a facade of news stories. Brown also spoke of the Menlo Park company “manipulating our emotions.” The business model of Facebook, according to Sen. Brown, is to ‘intensify hate’ by the dichotomy of connecting people and making a buck. In short, the motto of Facebook is “Move Fast and Break Thing.”
Senator Brown added,
“We’d be crazy to give them a chance to experiment with people’s bank accounts, to use powerful tools they don’t understand like monetary policy to jeopardize hard-working Americans ability to provide for their family. This is a recipe for more corporate power over markets and consumers.”
Other Senators also reigned down on Marcus, visibly angry about last year’s privacy issues. Chairman of the Committee, Senator Mike Crapo, questioned the 2 billion strong “reach and influence” Facebook has, equating this to a global cause for concern. However, he appreciated Facebook’s endeavor to build a credit system that was cheaper and faster, despite criticizing the means.
The concept of cryptocurrencies coupled with a private company of Facebook’s reputation has made the Senators even more displeased. Senator Thom Tillis said that digital assets are still in the “wild wild west” phase due to a lack of regulations, while still maintaining that Libra could be a “good idea for us to explore.”
Other Senators including Senator Pat Toomey and Senator Mark Warner lauded the idea of blockchain-based payment system, adding that the regulatory backlash against Facebook and Project Libra was a bit “premature” and “misguided,” to some extent.
Throughout the accusations, Marcus maintained a pro-regulatory stance and added that Facebook would work with any governing body, both at home and overseas, to ensure that everything is by the book. Libra will not see the light of day, unless the “regulatory concerns” are addressed, stated Marcus after the hearing.
His post-hearing tweet reiterated the above sentiment,
The conversation was thoughtful and highlighted important issues we, and the @Libra_ Founding Members, will need to address. I want to reiterate here what I said before the Committee: We will take the time to get this right.
— David Marcus (@davidmarcus) July 16, 2019
Marcus is certainly adhering to the lawmakers’ repeated concerns; from the Fed Chair, to POTUS, to the Treasury Secretary and now the Committee, the Libra main-man seems to have his hands full at the moment. With the Senate hearing done, Marcus will sit before the US Financial Services Committee soon. And by the looks of things, his stint in Washington D.C. will go on for a while now. If I were Marcus, I wouldn’t book my flight to California just yet.
Stellar, EOS and Binance Coin Price Prediction and Analysis for July 17th; XLM, EOS, BNB
STELLAR PRICE ANALYSIS (XLM/USD)
On an hourly chart, XML/USD pair continues the downwards pressure. The downtrend was buttressed by the 21 day MA that gravitated above the 7 day MA that signaled a bearish outlook. XLM has down surged by 4.6%, having begun trading at $0.08982 and is currently at $0.08572 over the last 24hrs.
The pair’s price experienced sideways price movements after a price fall that placed new resistance level at $0.08986 and support level at $0.08572. Presence of a four-price Doji was also seen repeatedly. This showed that the market dealt with a small number of transactions.
The Relative Strength Index was also touching below level 30 at several instances that indicated an oversold market condition. This also showed that the bears had dominated the market momentum in the last 24hrs.
The market is at the moment recovering as reflected by the RSI indicator that has upped from level 29 to level 42. This also indicated the reluctance of traders to go short in anticipation of better prices.
STELLAR PRICE PREDICTION
The 21 day MA is still trading above the 7 day MA that indicated a strong bearish signal. This shows incoming bearish momentum in the next few hours. New targets should be set at $0.08200. The support level is imminent to be broken.
EOS PRICE ANALYSIS (EOS/USD)
Like XLM, EOS/USD pair has also undergone a bearish outlook over the last 24hrs. EOS is down by 3.7% with a circulating supply of 923,253,298 coins. It started the sell-off at $4.4622 and is currently at $4.3032. The pair’s price faced a slight dip yesterday. The RSI X indicator that was seen trading below level 30, the oversold territory reflected this.
A sideways momentum that placed resistance level at $0.31635 and support level at $0.29914 followed the bearish momentum. Notably, both levels were tested severally. The RSI indicator was later seen heading upwards as it had moved from a low of 20.13 to a high of 49.75 that reflected an increase in buyouts.
Like XLM, the pair’s price RSI indicator is currently heading north which shows the unwillingness of traders to go short hoping for better prices.
EOS PRICE PREDICTION
At the press time, the 7 day has crossed over the 21 day MA. This indicates incoming bullish momentum. The resistance level is likely to be breached while the new target should be set at $4.5000.
BINANCE COIN PRICE ANALYSIS (BNB/USD)
BNB, on the other hand, is down by 5.7% over the last 24hrs. It began trading yesterday at $29.36 and is currently at $27.70, which showed a significant fall. The bearish pressure was supported by the 21 day MA that was seen gravitating above the 7 day MA.
BNB/USD pair saw a short-term period of consolidation below $28.73 level that was later dropped below $27.35 that confirmed the downtrend. The RSI indicator was also seen at 15:00 and at 0000h below level 30 that indicated the oversold market condition.
The dip in BNB price has affected investors sentiments negatively that led to lack of confidence in the coin as reflected by the RSI indicator that is currently trading flat. This also showed a lack of momentum in the market. Additionally, neither the bulls nor the bears have currently the upper hand.
BINANCE COIN PRICE PREDICTION
The 21 day MA is still above the 7 day MA that indicates a bearish signal. A further downtrend is to be expected. New targets should be set at $26.1860.
Altcoin Season Is Coming, What Does This Mean For XRP, Tron, Ethereum and Others?
According to Coin Market Cap, Bitcoin dominance is currently 66.6%. This hasn’t gone well for altcoins that bleed daily. Some analysts believe that altcoin season is coming to take back a chunk of the market cap from bitcoin. Alt season happens when all other cryptos except bitcoin grow exponentially. It is a season that many crypto traders look forward to. During this alt season, many coins rise by twice their value and may even go as high as a hundred times their value. It looks farfetched but it has happened before and now, analysts believe it will happen again.
When will the altcoin pump start? What is the fate of XRP, and other altcoins who desperately need a pump?
XRP (XRP) Price Today – XRP / USD
XRP Price Prediction 2019: Altcoins are Coming
One crypto trader predicts that the altcoins would pump soon. In a tweet that went viral, the trade, known as Paddy Stash, uses a video to show how things would change for altcoins.
The video has been viewed more than a hundred thousand times and highlights the past 6 years of rising and falling dominance of the altcoins. If the coins follow the same pattern, Stash believes that altcoins are poised for a rise to take back a large chunk of the cryptocurrency market cap from bitcoin.
it isn’t clear when this would kick in as Bitcoin is holding 66.6% off the entire market cap. Also, this is the highest it has recorded since April 2017.
How Will This Affect Top Altcoins?
Ethereum, the second cryptocurrency by market cap has had a terrible start of the week. The coin was in the red zone on Monday and was falling freely. The coin is presently traded at $225.60 at press time. This figure is a far cry from its all time high of $1,432.88 in January 2018. However, the token seems to be recovering slowly on 16, July 2019.
XRP is also trading at $0.314680 and has seen a growth of 0.57% in the past 24 hours. The coin successfully held its ground at the resistance level and seems to be making a recovery. Recently. Stark payments, popular crypto payment processor in London announced that it supports XRP. Also, Ethereum and Bitcoin are also a part of the supported currencies.
In other news, TRON is also seeing some growth. The token is presently traded at $0.024828 according to Coin Market Cap. It has a total market cap of $1,655,567,755 and a 24 hour volume of $534,512,097. CEO of Tron, Justin Sun says he hopes he can convince Warren Buffet to change his mind about the potential of digital currencies. He was interviewed by Forbes and he spoke about his plans for the impending meeting with Warren Buffet.
XRP may finally cross the psychological $1 level if the alt season starts. The XRP price prediction 2019 is also bullish even though the market isn’t impressive right now. Perhaps, it may be time for altcoins to take some parts of the total market cap of the crypto market.
How high can XRP go? Will Ethereum recover? Market trends would tell.