====================================================================
Published: 6 March 2023
Tags: encryption, infosec
In this blog post, the Nils Amiet tells a tale of how they discovered a novel attack against ECDSA, how they applied it to datasets they found in the wild, including the Bitcoin and Ethereum networks, and how they found evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them.
Some highlights:
- "the attack looks at the fact that you can always define a recurrence relation among nonces used in different ECDSA signatures as a polynomial of arbitrarily high degree, with unknown coefficients, modulo the order of the curve’s generator point"
- Basically means whenever an ECSDA signature is generated, it gives a relation between nonce and the private key
- It's an issue because nonces are usually generated using weak pesudo-random number generators (PRNG)