Adrian Bednarek and his team (Independent Security Evaluators) were asked to look for vulnerabilities in one of the popular cryptocurrencies, Ethereum. The security experts tried to figure out some way to find the private key of an existing wallet.
Ethereum key generation is based on elliptical curve ecp256k1. A private key is 256-bit long and it is used to generate the public key. The corresponding Ethereum address is derived from the public key. It is hashed using keccak256 and the rightmost 20 bytes will be the wallet’s public address.
Due to the size of the private key, the chances of finding two identical keys in this system are incredibly low. This requires a properly selected private key, but what happens if something goes wrong in this process? The research team collected some common mistakes that could weaken the keys:
The Ethereum blockchain acts as a general ledger, containing all transactions, balances and transfers. If someone generates a private key, they can check the available wallets to see if one using the same private key already exists.
It is useless to have the required 256-bit key length if only a fraction of it is used, so based on this, the research group generated approximately 34 billion "small" keys. This may seem like a large number, but it represents a negligible amount of potential private keys. A surprising result was achieved, because with this small set of keys they were able to find several keys in use (732 instances).
None of the weak-key wallets contained any crypto money. The researchers found out that most of the weak-key wallets had the same outgoing transaction address. This address has a fairly high incoming transaction volume and it hasn’t got any outgoing transactions. Moreover millions of dollars’ worth of Ethereum had been collected there.
The research team tried putting a dollar's worth of Ethereum into a weak-key address and the money was transferred to that suspicious account within seconds. Another money upload was attempted on a different weak-key account and that time the amount was transferred to a different address which had similar properties except that its balance had just a couple of thousand dollars’ worth of Ether. It is unknown whether a person or a group is responsible for these fishing activities. The research team named the perpetrator(s) “blockchain bandits”. It seems that a serious competition evolved between the “blockchain bandits”: who can access the weak-key accounts the fastest?
In contrast, the trust service providers use special key generation devices, called Qualified Signature Creation Devices (QSCDs). These devices must meet a number of requirements and they are supervised by international audit companies as well. QSCDs are responsible for qualifying a digital signature with specific software and hardware that ensure that the signatory has the only control of the private key, also that the signature creation data is unique, confidential and protected from forgery. Finally, the generated signature creation data is managed by a qualified trust service provider which also has to meet numerous requirements and regulations. Many of Microsec's services and solutions are based on QSCDs: smart cards and HSMs (Hardware Security Modules).
Author: Pál CSUVARSZKI
© 2019 Microsec ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41