ECDSA Private Keys Study of Security

A Formal Treatment of Hardware Wallets

Cryptology ePrint Archive: Report 2019/034
Date: 2019-01-14
Author(s): Myrto Arapinis, Andriana Gkaniatsou, Dimitris Karakostas, Aggelos Kiayias

Link to Paper


Abstract
Bitcoin, being the most successful cryptocurrency, has been repeatedly attacked with many users losing their funds. The industry's response to securing the user's assets is to offer tamper-resistant hardware wallets. Although such wallets are considered to be the most secure means for managing an account, no formal attempt has been previously done to identify, model and formally verify their properties. This paper provides the first formal model of the Bitcoin hardware wallet operations. We identify the properties and security parameters of a Bitcoin wallet and formally define them in the Universal Composition (UC) Framework. We present a modular treatment of a hardware wallet ecosystem, by realizing the wallet functionality in a hybrid setting defined by a set of protocols. This approach allows us to capture in detail the wallet's components, their interaction and the potential threats. We deduce the wallet's security by proving that it is secure under common cryptographic assumptions, provided that there is no deviation in the protocol execution. Finally, we define the attacks that are successful under a protocol deviation, and analyze the security of commercially available wallets.

References
  1. KeepKey. https://keepkey.com/ (2018), [Online; accessed 1-Sep-2018]
  2. Ledger Receive Attack. https://www.docdroid.net/Jug5LX3/ledger-receive-address-attack.pdf (2018), [Online; accessed 19-Sep-2018]
  3. Trezor. https://trezor.io/ (2018), [Online; accessed 1-Sep-2018]
  4. Alois, J.: Ethereum parity hack may impact eth 500.000 or 146 million (2017)
  5. Atzei, N., Bartoletti, M., Lande, S., Zunino, R.: A formal model of bitcoin transactions. Financial Cryptography and Data Security. LNCS, Springer (2018)
  6. Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: A composable treatment. pp. 324–356 (2017)
  7. Bamert, T., Decker, C., Wattenhofer, R., Welten, S.: Bluewallet: The secure bitcoin wallet. In: International Workshop on Security and Trust Management. pp. 65–80. Springer (2014)
  8. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In: Security and Privacy (SP), 2015 IEEE Symposium on. pp. 104–121. IEEE (2015)
  9. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. pp. 136–145 (2001)
  10. Canetti, R.: Universally composable signatures, certification and authentication. Cryptology ePrint Archive, Report 2003/239 (2003), http://eprint.iacr.org/2003/239
  11. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. Cryptology ePrint Archive, Report 2002/059 (2002), http://eprint.iacr.org/2002/059
  12. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: Analysis and applications. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 281–310. Springer (2015)
  13. Gentilal, M., Martins, P., Sousa, L.: Trustzone-backed bitcoin wallet. In: Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems. pp. 25–28. ACM (2017)
  14. Gkaniatsou, A., Arapinis, M., Kiayias, A.: Low-level attacks in bitcoin wallets. In: International Conference on Information Security. pp. 233–253. Springer (2017)
  15. Heilman, E., Kendler, A., Zohar, A.: Eclipse attacks on bitcoin’s peer-to-peer network.
  16. Hsiao, H.C., Lin, Y.H., Studer, A., Studer, C., Wang, K.H., Kikuchi, H., Perrig, A., Sun, H.M., Yang, B.Y.: A study of user-friendly hash comparison schemes. In: Computer Security Applications Conference, 2009. ACSAC’09. Annual. pp. 105–114. IEEE (2009)
  17. Huang, D.Y., Dharmdasani, H., Meiklejohn, S., Dave, V., Grier, C., McCoy, D., Savage, S., Weaver, N., Snoeren, A.C., Levchenko, K.: Botcoin: Monetizing stolen cycles. In: NDSS. Citeseer (2014)
  18. Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ecdsa). International journal of information security 1(1), 36–63 (2001)
  19. Lim, I.K., Kim, Y.H., Lee, J.G., Lee, J.P., Nam-Gung, H., Lee, J.K.: The analysis and countermeasures on security breach of bitcoin. In: International Conference on Computational Science and Its Applications. pp. 720–732. Springer (2014)
  20. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
  21. Parker, L.: Bitcoin stealing malware evolves again. https://bravenewcoin.com/news/bitcoin-stealing-malware-evolves-again/ (2016), [Online; accessed 1-Sep-2018]
  22. Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 643–673. Springer (2017)
  23. Penard, W., van Werkhoven, T.: On the secure hash algorithm family. Cryptography in Context pp. 1–18 (2008)
  24. Tan, J., Bauer, L., Bonneau, J., Cranor, L.F., Thomas, J., Ur, B.: Can unicorns help users compare crypto key fingerprints? In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. pp. 3787–3798. ACM (2017)
  25. Uzun, E., Karvonen, K., Asokan, N.: Usability analysis of secure pairing methods. In: International Conference on Financial Cryptography and Data Security. pp. 307–324. Springer (2007)
  26. Vasek, M., Bonneau, J., Ryan Castellucci, C.K., Moore, T.: The bitcoin brain drain: a short paper on the use and abuse of bitcoin brain wallets. Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer (2016)
  27. Volotikin, S.: Software attacks on hardware wallets. Black Hat USA 2018 (2018)
  28. Wuille, P.: Hierarchical Deterministic Wallets. https://en.bitcoin.it/wiki/BIP_0032 (2018), [Online; accessed 1-Sep-2018]
submitted by dj-gutz to myrXiv [link] [comments]

HAPPY TEACHERS DAY  VENN DIAGRAM - CASELETS  3 PARAMETERS Think Or Swim - YouTube Is Bitcoin in a Super Bubble? BACKTESTing Bitcoin Millionaire Mindset & Investing Advice

Currently Bitcoin uses secp256k1 with the ECDSA algorithm, though the same curve with the same public/private keys can be used in some other algorithms such as Schnorr. secp256k1 was almost never used before Bitcoin became popular, but it is now gaining in popularity due to its several nice properties. Most commonly-used curves have a random structure, but secp256k1 was constructed in a ... ECDSA Security in Bitcoin and Ethereum: a Research Survey Hartwig Mayer {hartwig.mayer}@coinfabrik.com CoinFabrik Revised June 28, 2016 Abstract ... Bitcoin security draws more and more attention recently. One of Bitcoin vulnerabilities is caused by ECDSA weak randomness. A random number is not cryptographically secure, which leads to private key leakage and even fund theft. This security problem has been well known in Bitcoin community and fixed by applying RFC 6979 update in 2013. Secondly, we describe how the ECDSA is used in Bitcoin technology. Bitcoin is a type of crypto-currency that has been in existence since 2009. It was introduced by Satoshi Nakamoto (possibly a pseudonym) in their much cited paper [8]. Its design and distribution is not controlled by any central organization. Despite this, Bitcoin has de ed all odds to become a phenomenal currency widely ... Bitcoin uses the ECDSA algorithm to produce the above-mentioned keys. The purpose of our work is to present some useful motifs for the domain parameters of base point (P) and the order (n) of the subgroup produced by it, while choosing the elliptic curve and the Galois field on which we formulate the algorithm, in order to obtain safer private ...

[index] [5837] [17767] [33034] [35115] [45117] [25674] [28047] [15447] [5576] [50685]

HAPPY TEACHERS DAY VENN DIAGRAM - CASELETS 3 PARAMETERS

Bitcoin Volume Signal? Yesterday's Swing Trading Setups Reviewed - BTCUSD + Crypto by Easycators. 18:26. Stock Market Day Trading Recap 4/29 - Thinkorswim Tutorial by Easycators. 14:38. Stock ... In the above video, I set some parameters that I use to define investment bubbles, and super bubbles. I then discuss my view on Bitcoin and where it falls among my definitions. The other video I ... Click Here for Platinum Mock Test Pack Valid for 12 Months @ Rs.399: https://crackwithjack.com/plan Banking Awareness Free E-book - https://crackwithjack.com... Bitcoin millionaire Simon Dixon on mindset and investing advice when it comes to bitcoin and cryptocurrencies. Simon Dixon is the CEO & co-founder of online investment platform Bank To The Future ... Bangabandhu Satellite Parameter: Satellite: BS1 Orbital Position: 119.1 ͦ East Polarization: Horizontal Frequency: 4600MHz Modulation: 8PSK FEC: 2/3 Symbol Rate: 30,000 DVB-S2 ===== *WARNING ANTI ...

#