Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

29.11.2024
Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

A vulnerability known as Signature Malleability poses a serious threat to Bitcoin and Ethereum cryptocurrencies that use the Elliptic Curve Digital Signature Algorithm (ECDSA). This vulnerability allows attackers to manipulate signatures, creating invalid but acceptable signatures for the system. This article discusses the mechanisms of exploitation of this vulnerability, its implications for the security of cryptocurrencies, and proposed measures to mitigate it. ECDSA (Elliptic Curve Digital Signature Algorithm) is an algorithm that is widely used to create digital signatures for a BTC or ETH coin transfer transaction in Bitcoin and Ethereum cryptocurrencies. The signature consists of two components:  r  and  s , which depend on a random nonce  k  (NONCE) and a private key x  (PrivKey) of the signatory.

How does Signature Malleability vulnerability occur in Bitcoin transaction?

Signature Malleability vulnerabilities  arise because it is possible to change the value  s  in a signature while maintaining the validity of the signature. This is possible because multiple equivalent values  ​​( r , s ′) can be obtained for the same signature :

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

(where  n  is the order of the elliptic curve group secp256k1 ). In this way, an attacker can create a new signature that will be accepted as valid by the system. Insufficient value checking : If the values ​​of  r  and  s  are not checked for valid ranges (e.g., must be between 1 and  n −1 ), this may allow attackers to use incorrect values ​​to create fake signatures.


CVE-2024-42461: Signature Malleability in Elliptic Library for ECDSA

One such vulnerability is CVE-2024-42461 , discovered in the Elliptic library used to implement the ECDSA (Elliptic Curve Digital Signature Algorithm) digital signature algorithm.  CVE-2024-42461 affects version 6.5.6 of the Elliptic library for Node.js and is classified as a low-severity vulnerability with a CVSS score of 5.3. The problem is that the library allows the use of signatures encoded in the BER (Basic Encoding Rules) format . This creates an opportunity for attackers to modify signatures without invalidating them, which opens the way for various attacks.


CVE-2024-42461 is a vulnerability found in the Elliptic library used to implement the Elliptic Curve Digital Signature Algorithm (ECDSA) in Node.js. This vulnerability is related to the Ricci Flow Hidden Number Problem (Ricci Flow HNP) , which makes it particularly important for the security of cryptographic applications. The Hidden Number Problem is a mathematical problem that consists of finding a hidden number used in the encryption process. In the context of ECDSA, if an attacker can solve the HNP, this can lead to the compromise of private keys. CVE-2024-42461 allows a potential attacker to extract information about private keys from signatures, which compromises the integrity of digital signatures and user authentication. This vulnerability opens up a wide range of attacks, as the vulnerability can be used in various attacks, including authentication and data integrity attacks. This could cause serious problems for systems that rely on ECDSA to secure Bitcoin and Ethereum cryptocurrency transactions.

Compromise of Private Keys : A successful Ricci Flow HNP solution could allow an attacker to gain access to private keys, leading to the ability to forge Bitcoin and Ethereum transaction signatures.



Ricci Flow HNP

The Ricci Flow Hidden Number Problem (HNP ) has become a key tool in proving theorems such as the Thurston elliptization conjecture ,  Geometrization conjecture , and  Poincaré conjecture , which concern the topology of manifolds. Hamilton and later Grigori Perelman used this approach to obtain deep results about the structure of manifolds, which can mean using flow to identify and analyze hidden geometric features of manifolds, allowing one to infer their topology and other properties.

The Ricci flow is closely related to curvature theory, since it uses the Ricci tensor to describe changes in the Riemannian metric on a manifold.

Basic Relationships Between Ricci Flow and Curvature

  • Ricci Tensor: The Ricci flow is based on the Ricci tensor, which is the average of sectional curvatures. It reflects how the shape of a manifold changes with its curvature, where it is formulated as the problem of finding a hidden number when the results of a function applied to combinations of that number with known elements are known. This can be useful in the context of cryptography, especially in public-key systems where it is important to minimize leakage of information about private keys.
  • Curvature dynamics: During the Ricci flow, the metric changes in such a way that the curvature can increase or decrease. This allows us to analyze how the geometric properties of the manifold affect its topology.
  • Singularities: The Ricci flow can lead to singularities, points where the curvature becomes infinite. Studying these singularities is key to understanding the long-term behavior of the flow and its application to topological problems such as the Poincaré conjecture.
  • Maximum principle: The Ricci flow preserves the positivity of the scalar curvature, which allows us to use maximum principles to analyze the geometric properties of manifolds under deformation.
Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

In the context of elliptic curves, Ricci flows can be used to analyze their geometric properties and understand the relationships between different structures on these curves . The indicatrix of curvature,  or  Dupin indicatrix , is constructed in the tangent plane at a given point on the surface according to the following rule. The coordinate axes in the tangent plane coincide with the principal directions. On the ray located in each direction, a segment is laid off equal to the reciprocal square root of the normal curvature of the surface in this direction


Classification of surface points

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

There are surfaces consisting of points of one, two or three types.

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

This quadratic equation may have one or two roots — asymptotic directions, or no roots. The presence of a root provides an ordinary differential equation of the first order, the indication of a point on the surface sets the initial conditions for its solution. The theorem of the existence and uniqueness of the solution of the Cauchy problem for an ordinary differential equation of the first order, proved in courses on mathematical analysis, leads to the following geometric result. On a surface consisting of elliptical points, there are no real asymptotic lines; on a surface consisting of hyperbolic points, there is an asymptotic network; on a surface consisting of parabolic points that are not flattening points, a unique asymptotic line passes through each point.


Optimization of algorithms

The methods developed in the framework of Ricci flow theory can be adapted to optimize computations in elliptic curve cryptography, especially in the context of operations on points on elliptic curves secp256k1. Thus, the Ricci flow not only serves as a tool for studying the evolution of metrics, but also provides a deep connection between geometry and topology through curvature analysis. Take for example the numbers “N” and “P” which are important parameters in the context of elliptic curve cryptography, especially in the secp256k1 standard, which is widely used in the Bitcoin and Ethereum blockchain and cryptocurrency.

The meaning of the number N

N is the order of the group of points on the elliptic curve. It determines the maximum number of points that can be used to generate keys in cryptographic algorithms. In the case of secp256k1 , the value of N is:

This number also indicates that when working with this curve, all operations must be performed within this order.


The meaning of the number P

P is a characteristic of the elliptic curve itself, a prime number that defines the field in which the work on the points on the curve occurs. The value of P for secp256k1 is:

This number specifies the size of the field, which is important for determining the range of possible values ​​of the coordinates of points on the curve.


Difference between N and P

  • Group Order (N) : Determines the number of points on the curve that can be used for cryptographic operations.
  • Prime Number (P) : Defines the field in which the curve operates. This number is important for mathematical operations on points on the curve.

Thus, although both numbers play a key role in ensuring the security and functionality of cryptographic systems, they perform different functions: N concerns the structure of a group of points , and P concerns the structure of a field .


Vertical position value of N and P

Python script: value_n.py

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Python script: value_p.py

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

How to exploit Signature Malleability in Bitcoin transaction?

To implement a full-fledged attack on Bitcoin using the Signature Malleability vulnerability, it is necessary to change the equivalent value  s ′) as shown in the second column of the table of components of the value (R, S, Z) of the digital signature in ECDSA .

For a successful attack on Bitcoin, 32 ECDSA signature transactions are enough , where by changing the two initial digits of HEX to the equivalent value  s ′) we build a table to determine the range of possible values ​​of the coordinates of points on the curve, as well as optimizing the mathematical algorithms developed within the framework of the Ricci flow theory. Since Ricci flows are closely related to the curvature theory, we can use the average value of the sectional curvature and solve the hidden number problem, where by applying the obtained data to 32 Bitcoin transactions we extract from the given values ​​​​(R, S, Z) the initial data for the secret keys : k ′) NONCE for 32 Bitcoin transactions and using the Ricci Flow HNP  (Ricci Flow Hidden Number Problem) tool  we find the hidden number: x ′) PrivKey – private key .


The R and S values ​​are the main components of a digital signature in ECDSA

The R value is the coordinate of a point on the elliptic curve that results from mathematical operations involving a private key and a random number (called a “cryptographic random number”). This value ensures that the signature is unique for each message, even if it is signed with the same private key.


The value of  S  is calculated based on the message digest (hash function) and the private key. It is related to how well the signature verifies the authenticity of the message. The value of  S  also depends on the value of R and the random number.


How R and S are formed (signature verification method)

The process of generating R and S values ​​involves the following steps:

  1. Generating a message digest : First, a hash of the message is created using an algorithm such as SHA-256.
  2. Random Number Selection : A random number is generated and used to create a point on the elliptic curve.
  3. Calculating R : Using this random number, the coordinate of a point on the curve is calculated, which becomes the R value.
  4. Calculation of S : The value of S is calculated given the message digest and the private key.

When verifying a signature, the recipient uses the R and S values ​​along with the sender’s public key and the message digest to verify the authenticity of the signature. If all calculations match, this means that the message was indeed signed by the owner of the corresponding private key.


How to get R, S, Z value from RawTX (Signature Decoding Method)

RawTX is an encoded representation of a Bitcoin transaction in hexadecimal format. It contains all the data needed to complete a Bitcoin transaction.

Extract R, S, Z:

  • A signature in ECDSA consists of two components: R and S . After decoding RawTX, find the field containing the signature (usually part of the transaction input).
  • The signature will be represented as DER encoding . You will need to extract the R and S values ​​from this signature. They are usually represented as two integers, which can be extracted using deserialization .
  • The Z value is a hash of the message being signed. To get Z, you have to hash the transaction data (usually using SHA-256) that was signed.

Decoding RawTX with decoderaw tool

First, let’s get RawTX, the encoded Bitcoin transaction in hexadecimal format. 1


Let’s open a new notebook in Google Colab


Command:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Command:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Command:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures


Practical part

From the theory of vulnerability CVE-2024-42461  it is known that attackers can use incorrect values ​​to create fake transaction signatures. Let’s move on to the practical part of the article and consider an example using a Bitcoin wallet:  1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw  , where there were lost coins in the amount of:  21.2529214 BTC  as of November 2024, this amount is:  1744572.51 USD

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Solution of differential equation

Solutions of differential equations help to model various processes, this formula allows us to understand and predict the behavior of various systems depending on the change in variables. 

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

General solution of a differential equation where the function  y  depends on the variable  x .

  1. Original equation :
    • The left side of the equation can be interpreted as the derivative of the function  y  with respect to  x , which is equal to the product of two functions:  g ( y ) , depending on  y , and  h ( x ) , depending on  x .
  2. Rewriting the equation :
    • The equation can be rewritten in a form that separates the variables:
Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures
This allows both sides to be integrated separately.

After separating the variables, we can integrate both sides exactly:

Left side relative to  y :

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Right side relative to  x :

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

We will explore the relationship between variables through integration [ frac{dy}{dx} = g(y)h(x) quad Rightarrow quad frac{1}{g(y)} dy = h(x) dx ]and apply a tool for mathematical analysis and solving differential equations.


Perelman Work


Example #1 using the DarkSignature tool:

Let’s go back to the root directory of the Broadcast Bitcoin Transaction repository

Command:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Command:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

To obtain the public key to the Bitcoin Address 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw, select the command:

Enter the Bitcoin address and get the public key :

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Result:


Example #2 using Dockeyhunt Lattice Attack tool:

We launch the Dockeyhunt Lattice Attack software and "Input date"enter the Bitcoin Address 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw in the field and receive the public key of the wallet:

Let’s use the DarkSignature tool to get fake data R, S, Z values ​​for the ECDSA algorithm transaction. In the field, "Input date"enter the public key of the Bitcoin Address 049b4069d8237fae8f2417c71c5512ec1b0547b5597474480cc28ea1bbfeecaab8b90fdec161ad6ef4378f274a60b900452431533596bf3bd23e01202ebf679461and get the data R, S, Z values ​​in the amount of 32 Bitcoin transactions .


Apply getting fake data value R, S, Z for ECDSA algorithm transaction in Google Colab

Let’s install the ECDSA module:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

To obtain coordinates (Gx, Gy)for the public key, we will use a Python script: darksignature/coordinates.py

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Let’s use the command:

We run the Python script code : darksignature/transactions.py and get the data values ​​R, S, Z in the amount will be 32 Bitcoin transactions .

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

After generation we get the file: SignatureRSZ.txt


Also in the root directory: c:\PerelmanWork\Dockeyhunt Lattice Attack\we get the file: Signatures.txt

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures


As we can see the first two digits the value of S is arranged as the Order of the group (N)

Python script: value_n.py

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

As a tool for mathematical analysis and solving differential equations, we will use the Perelman Work software . We will select the option from the Functions and Graphs section for a complete relationship between variables through the integration of First-order differential equations: [ frac{dy}{dx} = g(y)h(x) quad Rightarrow quad frac{1}{g(y)} dy = h(x) dx ]

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Ricci Flow Hidden Number Problem

We copy the values ​​from the file: Signatures.txt according to the list and paste them into the input field Ricci Flow HNPto build completely new transactions of the ECDSA algorithm .


Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Using Perelman Work and Dockeyhunt Lattice Attack, we arbitrarily change variables to Signature Malleability vulnerability as we wrote at the beginning of the article this vulnerability in Bitcoin transaction occurs due to the fact that it is possible to change the value of  S  in the signature, while maintaining the validity of the signature. As we reported in the arbitrary formula all this is possible due to the fact that for the same signature it is possible to obtain several equivalent values  ​​(r,s′) :

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

As a final result of the transformation of variables in the signature value R, S′, Z we see two digits the value S ′ is built as a field structure (P) :

This number defines the field in which the secp256k1 curve operates to perform mathematical operations on points on an elliptic curve .

Python script: value_p.py

Signature Malleability

Now we know the signatures of the difference between the numbers N and P . When reducing, we can get a hidden number X as we know when shifting the generation of one-time numbers (NONCES) , the value of the signature variables R, S′, Z will tend to one point. This point will be a hidden number, that is, a private key .

N  are  point group structures ,  P  are  field structures , X  is  a private key )

To obtain a private key, we will use the lattice reduction algorithm (theorem of large numbers) .



Lenstra-Lenstra-Lovasz (LLL) Lattice Reduction Algorithm

Let’s use the LLL source code from Darío Clavijo, a well-known developer on GitHub: daedalus

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Install SageMath in Google Colab:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Commands:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Run the Python script: latticereductions.py and get the private key to the Bitcoin Address: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Result:


Install the Bitcoin library 

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Let’s run  the code  to check the Bitcoin Address match:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Let’s open  bitaddress  and check:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Dockeyhunt Lattice Attack

Let’s consider obtaining a private key using the Dockeyhunt Lattice Attack software as an example

To start the lattice reduction algorithm, click on the button: Private Key


Next we need to make sure that we have received the required private key value in HEX format.

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Click on the button Bitcoin Addressand get the required value of the private key in HEX format

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

We also click on the button Balance BTCand get the result of the balance amount:


Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures


To search for the Signature Malleability vulnerability, as a threat prevention for your own Bitcoin and Ethereum cryptocurrency wallet, we can use and apply various machine learning methods to examples .

Let’s use the list from  “Tutorials Power AI”  a widely used category of artificial intelligence to introduce business in various fields of cryptanalysis and cryptography in general.


Installation command:


Signature Malleability: A study of the vulnerability of a forged signature using a decodable Bitcoin Wallet file

Signature Malleability: A study of the vulnerability of a forged signature using a decodable Bitcoin Wallet file

BitcoinChatGPT  is an innovative AI-powered chatbot that helps users find vulnerabilities in Bitcoin cryptocurrency transactions. BitcoinChatGPT benefits and classifications give you the ability to check your Bitcoin address for various crypto wallet attack schemes. Machine learning based on cryptanalysis gives us the full ability to investigate various attacks on the algorithms used in the Bitcoin ecosystem. Bitcoin Wallet private key extraction tools are widely popular, where BitcoinChatGPT serves as an important and useful resource for cybersecurity.


Exploiting the CVE-2024-42461: Signature Malleability vulnerability in the Elliptic library to create a Raw transaction using the BitcoinChatGPT machine learning process

Let’s consider the construction of the structure of a vulnerable  Raw  transaction in which the  BitcoinChatGPT module is used



Let’s open the Google Colab version:

https://colab.research.google.com/drive/1YGZiPtgY0vPQ3PwUvbAjQW8LcErVHRsT



Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Let’s combine all the output values ​​into one common string using the Python script combinex.py :


Let’s open the BlockCypher option “Decode A Transaction” :

https://live.blockcypher.com/btc/decodetx

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

After decoding the vulnerable Bitcoin Raw transaction we get the result:


Pay attention to Bitcoin HASH160: d77522a2b18e0064aba02ca7f864a5bb22998259

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

https://github.com/demining/CryptoDeepTools/blob/dfc7da9a6b41d72253bfcb6ae6da2718de7d9b87/36SignatureMalleability/DecodeRawTX.txt#L31


Transaction Script

The above script has been decoded

BitcoinChatGPT creates a transaction structure using HASHthe public key, where we see that Bitcoin address: 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw sends 1234 satoshito the same address within its network.

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Bitcoin HASH160 was generated using Python Script: wif_to_hash160.py

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

https://github.com/demining/CryptoDeepTools/blob/main/36SignatureMalleability/wif_to_hash160.py


Question – Answer:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

Finally, the BitcoinChatGPT module outputs the response to the file: KEYFOUND.privkey storing the private key in two most used formats HEX & WIF

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

https://github.com/demining/CryptoDeepTools/blob/main/36SignatureMalleability/KEYFOUND.privkey



BitcoinChatGPT №5 Signature Malleability Vulnerability Algorithm


Vulnerable Raw Transaction

Let’s create a vulnerable Raw transaction from the received data using the  Broadcast Bitcoin Transaction repository

Download and install the source code, open the terminal and run the command:

Catalog:

Let’s install three important libraries:

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures
requirements.txt

Let’s run the command:


Let’s open the main file in Notepad ++ and make a small change to the Python Script code: main.py



Let’s run the command:


Vulnerable transaction created !

Let’s open the RawTX file in the directory:


The order of actions in the video:


  1. It was this vulnerable RawTX that we looked at at the beginning of this article: ↩︎
This image has an empty alt attribute; its file name is image-19-1024x422.png
RawTX decoding process   using tool decoderaw

As we know from the prompt responses of the BitcoinChatGPT module , the Signature Malleability Vulnerability Algorithm can be used to solve complex cryptographic problems.


Conclusion

There are many methods to detect and prevent counterfeit signatures in the Bitcoin network. These methods range from simple solutions such as increasing the number of confirmations to more complex anomaly analysis systems and regular security protocol updates. Effective protection requires a comprehensive approach to network security and constant monitoring of new threats. Counterfeit signatures can lead to fraudulent transactions and loss of funds. The main methods used to detect and prevent such attacks are:

1. Increasing the number of confirmations

One of the simplest ways to protect against counterfeit signatures is to increase the number of confirmations of a transaction before it is finally accepted. It is recommended to wait for at least six confirmations to reduce the likelihood of a successful attack. This ensures that the transaction was included in the block and cannot be reversed.

2. Analysis of blocks and transactions

Mining software and network nodes analyze blocks and transactions for conflicts and anomalies. This includes checking the signature for compliance with the format, as well as checking the values ​​of  r  and  s  for acceptable ranges. If the values ​​are outside the acceptable ranges, the transaction may be rejected.

3. Implementation of anomaly analysis systems

Using anomaly analysis systems can identify suspicious transactions and blockchains. These systems can use machine learning algorithms to detect unusual behavior in the network, which may indicate attempts to forge signatures.

4. Network monitoring software

Tools such as Wireshark can be used to analyze network traffic and identify suspicious activity. Monitoring network traffic can help identify Sybil or Eclipse attacks that can be used to manipulate transactions.

5. Regularly update security protocols

Regularly updating software and security protocols helps to eliminate known vulnerabilities, such as the DeserializeSignature vulnerability , which allows attackers to create invalid signatures. Updates should include fixes for all known vulnerabilities and security improvements.

6. Multi-level confirmation

Using multiple levels of transaction confirmation can improve network security. This could include additional checks by nodes or using third-party services to verify signatures.


References:

  1. Odlyzko, Andrew; te Reile, Herman JJ «Disproving Mertens Conjecture» Journal for Pure and Applied Mathematics
  2. D. Simon (2007). «Selected applications of LLL in number theory» LLL+25 Conference. Caen, France.
  3. Regev, Oded. «Lattices in Computer Science: LLL Algorithm» New York University. Retrieved 1 February 2019.
  4. Silverman, Joseph. «Introduction to Mathematical Cryptography Errata» Brown University Mathematics Dept. Retrieved 5 May 2015.
  5. Bosma, Wieb. «4. LLL» Lecture notes. Retrieved 28 February 2010.
  6. Abderrahmane, Nitaj. Cryptanalysis of NTRU with two public keys // International Association for Cryptologic Research. — Caen, France.
  7. Bleichenbacher, Daniel and May, Alexander. New Attacks on RSA with Small Secret CRT-Exponents // International Association for Cryptologic Research. — Darmstadt, Germany.
  8. Xinyue, Deng. An Introduction to LLL Algorithm // Massachusetts Institute of Technology.
  9. Liu, Jiayang, Bi, Jingguo and Xu, Songyan. An Improved Attack on the Basic Merkle–Hellman Knapsack Cryptosystems // IEEE. — Beijing 100084, China.
  10. Lattice algorithms using floating-point arithmetic // The FPLLL development team. FPLLL, a lattice reduction library. — 2016.

Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures

This material was created for the  CRYPTO DEEP TECH portal  to ensure financial data security and cryptography on elliptic curves  secp256k1  against weak  ECDSA signatures  in the  BITCOIN cryptocurrency . The creators of the software are not responsible for the use of materials.


Source code

Google Colab

Telegram: https://t.me/cryptodeeptech

Video material: https://youtu.be/wf6QwCpP3oc

Video tutorial: https://dzen.ru/video/watch/674116440bddfa35d730ca7a

Source: https://cryptodeeptech.ru/signature-malleability


Research into Signature Malleability and Private Key Compromise in Bitcoin Signatures