Ripple software libraries published before August 2015 potentially rendered private keys which signed multiple transactions vulnerable, Ripple announced in a statement released on Jan 16.
Recent research jointly conducted by the DFINITY Foundation and the University of California revealed that a portion of Bitcoin, Ethereum and Ripple addresses are vulnerable.
As is known among cryptographers, the security of Elliptic Curve Digital Signature Algorithms employed by the aforementioned cryptocurrencies is highly dependent on random data, which are known as nonces.
"It is well known that if an ECDSA private key is ever used to sign two messages with the same signature nonce, the long-term private key is trivial to compute [crack]."
"In the case of cryptocurrencies, these keys give us, or any other attacker, the ability to claim the funds in the associated accounts. In the case of SSH or HTTPS, these keys would give us, or any other attacker, the ability to impersonate the end hosts."
"All of the attacks we discuss in this paper can be prevented by using deterministic ECDSA nonce generation, which is already implemented in the default Bitcoin and Ethereum libraries."
According to Ripple, deterministic nonce generation has also been part of their software since August 2015.
This feature also makes addresses that interacted with the blockchain employing newer software libraries safe from this vulnerability.
While cryptography is far from perfect, centralized systems like exchanges and single computing systems are successfully attacked with success much more often than private keys, the research states.
Recently news broke that a recent spate of ransomware attacks estimated to have earned hackers 705.08 Bitcoin likely came from Russian cybercriminals, not North Korean state-sponsored actors as initially thought.
Ripple: Only XRP Private Keys That Used Software From Before August 2015 Are Vulnerable
Published on Jan 16, 2019
by Cointele | Published on Coinage
Coinage
Mentioned in this article
Recent News
View All
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.