Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 2268. (Read 26630760 times)

For a total layman like me it seems to boil down to the old "Every cryptographic algo is only as good as the RNG feeding random numbers into it".
One of the of (very few) takeaways I learned from Bruce's Applied Cryptography is:
1. Good randomness is key <- pardon the pun! (I think that's one of the ways the NSA subverted Crypto AGs cipher machines by making the RNG less random than customers expected and later they just went with broadcasting the private key along the ciphertext)
2. If you have a true random key that is equally long or longer than the data to encrypt, XOR is perfectly safe encryption (I am still astonished by that fact)

In the past the TLAs (and FLAs for the britons) employed brigades of ladies that ran bingo drums the whole day to create one time pads. It is said they only employed women because men were generally unable to follow the procedure correctly all day long and started to make up numbers from their head or whatever, while the ladies produced high quality OTPs.

So, when our ladies for once behave totally random and unexpected, that's a feature in them, not a bug.
^Couldn't resist, sorry gals. It is depressing and embarassing enough that men are apparently unable to operate a bingo drum reliably for more than a few minutes.

Edited to add: Apologies for the repeated use of the banned c-word, I was assuming it might be safe in this context (*ducks to evade the mandatory incoming batslap*)

Indeed. For anyone who wants to read up on this:

2014: https://bitcointalksearch.org/topic/reused-r-values-again-581411
2016: https://bitcointalksearch.org/topic/more-signatures-with-repeated-nonces-1431060

Definitely nothing new, just a research team providing further info.

It definitely is scary when you read the heading... But dive a little deeper and you realize it is an issue that has been discussed before.

Hence, most, and i hope most, bitcoin wallets are programmed to use different/random nonces with each signing, therefore eliminating the novel attack.

I've been studying/readying and trying to understand ECDSA (still learning, especially the mathematics) and Public/Private Key and how it all works... then you would really appreciate, that with proper implementation, ECDSA is secure.

I recommend everyone to at least understand the difference between Symmetric Encryption vs Asymmetric Encryption, if you don't already know it...

Interesting read. I'd say vroom is not correct here, exposing your public key does not mean quantum computers can crack private key. At least that's not what the article is about.

(Please provide source if this is the case).

vapourminer is closer to the truth here, but it's not just about exposing your public key. Exposing pub key with 1 signature isn't the risk described, based on trying to find a common demoninator to private key. The risk is about exposing pub key is related to nonces, in this case, nonce reuse. Because then determining the private key, based on two different signatures with same nonce, becomes a lot more straight forward.


Notably, they weren't able to hack any wallets with different nonces, or addresses that used a single nonce (they didn't even try) but this is somewhat besides the point based on the "mishap" of ECDSA implementations which creates this vulnerability of repeated nonce use. Somebody can no doubt explain it better and more accurately than me, but after reading the article in full, I get the jist of it.

Ultimately, this isn't really information that we didn't already know - hence it's always been recommended to use different addresses due to possibility of "reverse engineering" signatures (ie those with the common variable of nonces, when those variables become a constant due to implementation error). Even the first implementation of Bitcoin in 2019 protected against this with the use of change addresses it's worth noting.

It's only newer implementations that have encouraged (or forced) address reuse that becomes the problem here, combined with nonce reuse.

Explanation

i know that as long as no public key is exposed nothing, not even quantum stuff, can get it. but once the public key is known (watch for them in the mempool) its a race as to whether the attacker can crack your private key and take over that tx (rbf), before it gets mined into the blockchain.

thats my basic understanding. feel free to correct me.

I knew, that quantum computers can crack the private key, if the public key is known. With this attack they don't need quantum computers anymore.

doesnt that say what we already know? reusing addresses Bad because public key exposed etc. so what? always use new address. isnt that basically considered best practice already?

Explanation

Explanation

scary shit!

Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears

https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/

Time flies. LOL.


Source

Explanation

Explanation

JUST IN: 🇺🇸 SEC files emergency action against Miami investment adviser BKCoin for $100 million #crypto fraud scheme.

https://twitter.com/WatcherGuru/status/1632785169940639745?t=jJSoAvZKbxsPn8uKiBmqog&s=19

Explanation

Explanation

Explanation

Explanation

buddy is done for monday.

and so am i. nite all.