ECDSA weak randomness in Bitcoin

Bitcoin security draws more and more attention recently. One of Bitcoin vulnerabilities is caused by ECDSA weak randomness. A random number is not cryptographically secure, which leads to private key leakage and even fund theft. This security problem has been well known in Bitcoin community and fixe...

Full description

Saved in:
Bibliographic Details
Published in:Future generation computer systems 2020-01, Vol.102, p.507-513
Main Authors: Wang, Ziyu, Yu, Hui, Zhang, Zongyang, Piao, Jiaming, Liu, Jianwei
Format: Article
Language:English
Subjects:
Bitcoin
Blockchain
ECDSA
Weak randomness
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Bitcoin security draws more and more attention recently. One of Bitcoin vulnerabilities is caused by ECDSA weak randomness. A random number is not cryptographically secure, which leads to private key leakage and even fund theft. This security problem has been well known in Bitcoin community and fixed by applying RFC 6979 update in 2013. In this paper, we systematically revisit the cases where random numbers are reused and evaluate them based on practical Bitcoin transactions. After analyzing Bitcoin transaction dataset from January 2009 to July 2017, we find that there are still approximately 0.48 percent of transactions involving this vulnerability, and 1331 private keys have been compromised. In addition, the transactions related to some involved addresses have a common pattern, which gives us a clue that a spam transaction attack may take advantage of ECDSA weak randomness. We also examine mainstream Bitcoin software wallets to check whether they are susceptible to ECDSA weak randomness. Even the result is quite optimistic, an example that one of the influenced addresses leaked in April 2014 is still in use again in August 2017 reflects that the severity of ECDSA weak randomness may not be paid enough attention even after its discovery and solution in 2013. •ECDSA weak randomness affects some Bitcoin transaction signatures and private keys.•Bitcoin ECDSA weak randomness may be related with spam transaction attacks.•A survey of mainstream Bitcoin wallets about ECDSA weak randomness problem.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2019.08.034