[Resource Topic] 2023/841: The curious case of the half-half Bitcoin ECDSA nonces

Welcome to the resource topic for 2023/841

Title:
The curious case of the half-half Bitcoin ECDSA nonces

Authors: Dylan Rowe, Joachim Breitner, Nadia Heninger

Abstract:

We report on a new class of ECDSA signature vulnerability observed in the wild on the Bitcoin blockchain that results from a signature nonce generated by concatenating half of the bits of the message hash together with half of the bits of the secret signing key. We give a lattice-based attack for efficiently recovering the secret key from a single signature of this form. We then search the entire Bitcoin blockchain for such signatures, and identify and track the activities of an apparently custom ECDSA/Bitcoin implementation that has been used to empty hundreds of compromised Bitcoin addresses for many years.

ePrint: https://eprint.iacr.org/2023/841

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .