Exploiting ECDSA Failures in the Bitcoin Blockchain


Bitcoin transactions are basically public ECDSA signed statements.

As others have painfully verified, ECDSA is a dangerous scheme to implement, as failing to provide new randomness for each signature will directly leak the private key.

In this presentation, we will analyze the blockchain looking for such errors, use them to recover wallets’ private keys, try to link some cases to known implementations flaws and release the tools I used to do this. Finally, I’ll illustrate how and release patches to avoid these risks by performing safer deterministic ECDSA operations.

Location: Track 1 Date: October 15, 2014 Time: 10:30 am - 11:30 am Filippo Valsorda