Lattice Attacks on Ethereum, Bitcoin, and HTTPS

Joachim Breitner

Playlists: 'gpn20' videos starting here / audio

The ECDSA signature scheme, which is used in Bitcoin, Ethereum and others, requires a fresh secret number, the 'nonce', for each signature. When this number is not generated uniformly at random, the security of the signature is in danger, and the private key may be recovered from the signatures, using a lattice-based algorithm.

In this talk, we have a brief look at the math behind elliptic curve signatures and how to break the encryption when the “random nonce” isn't really random. Nadia Heninger and Joachim Breitner ran ran these attacks against some blockchains and not only found vulnerable implementations, but could even find traces of bad programming by malicious parties out there.

The talk has some brief section of serious math (lattice reduction), but the rest is accessible and hopefully entertaining to all.