1. Generating test data
The C++ script generates two types of data:
cpp// Основные параметры кривой
EC_GROUP *group = EC_GROUP_new_by_curve_name(714); // SECP256K1
BIGNUM *n = BN_new();
EC_POINT *P = EC_POINT_new(group);
// Генерация точек кривой
BN_rand(n, 256, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY);
for (int i = 0; i < NN; i++) {
EC_POINT_mul(group, P, n, NULL, NULL, ctx); // P = n*G
BN_add_word(n, 1L); // Линейное увеличение приватного ключа
}
The 1:8 ratio between the curve points and the random data is achieved through:
cppif ((rand() % 128) < 16) { // 16/128 = 1/8
// Генерация точки кривой
} else {
// Чтение случайных данных
}
2. Neural network architecture
A bidirectional GRU network with custom activation is used:
model = Sequential()
model.add(Bidirectional(GRU(1024, return_sequences=True), input_shape=(16,16)))
model.add(Bidirectional(GRU(1024)))
model.add(Dense(1024, activation='sigmoid'))
model.add(Dense(1024, activation=gaussian))
model.add(Dense(2, activation='softmax'))
3. Experimental results
After training, the model shows an accuracy of 87.8%:
textEpoch 2/2
50000/50000 [==============================] - 453s 9ms/step
loss: 0.3703 - acc: 0.8783
val_loss: 0.3706 - val_acc: 0.8783
Critical analysis of results
- Data generation method :
- Successive increments of the private key (
n += 1) create a deterministic sequence of points - Real cryptosystems use random values n ∈ [1, n-1]
- Successive increments of the private key (
- Patterns found :
- Linear dependence between adjacent points: P_i = P_{i-1} + G
- The additive structure allows predicting the next point
- Cryptographic implications :
- True ECDSA security requires unpredictability of the private key
- The experiment demonstrates vulnerability only for a specific use case
Recommendations for improvement
To correctly check cryptographic strength:
python# Генерация случайных приватных ключей
from cryptography.hazmat.primitives.asymmetric import ec
private_key = ec.generate_private_key(ec.SECP256K1())
public_key = private_key.public_key()
The experiment revealed patterns in the specifically generated sequence of points, but does not demonstrate weaknesses in the secp256k1 curve itself. The cryptographic security of the system is preserved when implemented correctly:
- Using a cryptographically secure RNG
- No linear dependencies between keys
- SECG and NIST compliance
The discovered patterns are characteristic of incorrect key generation, but do not compromise the basic properties of the elliptic curve 1 4 5 .
What other algorithms can be used to predict the behavior of elliptic curve properties
The following algorithms and methods are used to analyze the properties of elliptic curves and predict their behavior in cryptographic systems:
1. Discrete logarithm algorithms
The main methods for estimating the complexity of ECDLP (Elliptic Curve Discrete Logarithm Problem):
- Pollard’s ρ-algorithm :
Complexity is O(n)O(\sqrt{n})O(n), where nnn is the order of the base point. Uses random walks to detect collisions 1 4 . - Baby-step Giant-step :
Optimized brute force with complexity reduction to O(n)O(\sqrt{n})O(n) 1 5 .
Baby-step Giant-step для ECDLP
def baby_step_giant_step(P, Q, order):
m = int(math.ceil(math.sqrt(order)))
baby_steps = {j*P: j for j in range(m)}
giant_step = m * (-P)
current = Q
for i in range(m):
if current in baby_steps:
return i*m + baby_steps[current]
current += giant_step
return None
2. Cryptanalytic methods
Attacks on hash functions (ECOH) :
- Second pre-image attack :
Uses predictability of message structure to find collisions. For ECOH-256 the difficulty is 21432^{143}2143 2 . - Parametric analysis :
The choice of the B-283/B-409 curve affects attack resistance by controlling the field size and group order 2 6 .
3. Optimization of group operations
Methods to improve productivity :
- Edwards Projective Coordinates :
Reduction of the number of field operations from 18 to 11 for point addition 3 . - Isomorphic Transformations :
Transitioning Between Weierstrass and Edwards Forms to Take Advantage of Different Models 3 6 .
4. Analysis of statistical properties
Tests to assess pseudo-randomness :
- NIST STS/DIEHARDER :
Testing Bit Sequences for Consistency with Random Distributions. - Entropy analysis :
Estimation of uncertainty of sequences of points using Shannon entropy 7 .
5. Algorithms for curve parameterization
Criteria for selecting safe curves :
- Protection against MOV attacks (difficulty ≥ 21002^{100}2100)
- Absence of anomalous curves (order ≠ field characteristic)
- Checking for supersingular properties 4 8
Comparison of methods (cryptanalysis vs optimization)
| Criterion | Cryptanalytic methods | Optimization methods |
|---|---|---|
| Target | Vulnerability assessment | Acceleration of computing |
| Examples | ρ-Pollard, BSGS | Projective coordinates |
| Complexity | Exponential | Polynomial |
| Applicability | Durability Analysis | Implementation of protocols |
These methods allow us to predict the behavior of curves through:
- Estimated ECDLP hacking time 4 5
- Analysis of the effectiveness of group operations 3 6
- Testing statistical properties of generated sequences 7
For modern cryptosystems, it is recommended to combine several approaches, especially when working with non-standard curves or specialized protocols 8 .
What are the alternatives to neural networks for analyzing sequences of curve points?
In addition to neural networks, the following alternative methods can be used to analyze sequences of elliptic curve points:
1. Statistical methods
- Randomness tests : DIEHARDER, NIST SP 800-22 for assessing the randomness and predictability of sequences.
- Autocorrelation and spectral analysis : to identify periodic patterns.
2. Machine learning methods (without neural networks)
- Decision trees and random forests : for classification and pattern detection in data.
- Clustering methods : to group points by similarity.
3. Graph algorithms
- Graph models : If points can be represented as vertices of a graph, graph algorithms can be used to analyze the relationships between them.
- Graph clustering algorithms : to identify communities or groupings within a graph.
4. Methods of time series processing
- ARIMA, SARIMA : for predicting values in a sequence if it is temporal in nature.
- Wavelet analysis methods : to identify patterns at different scales.
5. Cryptanalytic methods
- Discrete logarithm analysis : for assessing the security of sequences in cryptographic applications.
- Curve Parameter Analysis : To check for abnormal curves and other vulnerabilities.
Example of implementation of statistical analysis
import numpy as np
from scipy.stats import kstest
# Генерация последовательности точек
# ...
# Тест Колмогорова-Смирнова для проверки нормальности
stat, p = kstest(sequence, 'norm')
if p < 0.05:
print("Последовательность не является нормальной")
An example of using machine learning methods
from sklearn.ensemble import RandomForestClassifier
from sklearn.model_selection import train_test_split
# Разделение данных на обучающую и тестовую выборки
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2)
# Обучение случайного леса
rf = RandomForestClassifier(n_estimators=100)
rf.fit(X_train, y_train)
# Оценка модели
accuracy = rf.score(X_test, y_test)
print(f"Точность: {accuracy}")
These methods can be used as alternatives or complements to neural networks for analyzing sequences of elliptic curve points.
What methods can be used to check the quality of a random sequence
There are various methods used to test the quality of a random sequence, which can be divided into two main categories: graphical tests and statistical tests .
Graphic tests
- Distribution histogram : allows you to visually assess the uniformity of the distribution of elements in a sequence.
- Planar Distribution : Checks whether points are distributed evenly across a plane, which helps identify correlations between adjacent values.
- Monotonicity test : analyzes non-increasing and non-decreasing subsequences to assess the uniformity of the distribution.
Statistical tests
- Kolmogorov-Smirnov test : tests whether the empirical distribution of a sequence matches a theoretical distribution (e.g. uniform).
- Pearson’s χ² test : Used to test whether the frequency distribution of occurrence of each symbol or value is uniform.
- DIEHARD tests : a set of rigorous tests for assessing the quality of random sequences.
- NIST tests : include various statistical tests for assessing the randomness of sequences, such as the approximate entropy test.
An example of the implementation of the Kolmogorov-Smirnov test
import numpy as np
from scipy.stats import kstest
# Генерация последовательности (например, случайной)
sequence = np.random.uniform(0, 1, size=1000)
# Тест Колмогорова-Смирнова для проверки нормальности
stat, p = kstest(sequence, 'uniform')
if p < 0.05:
print("Последовательность не следует равномерному распределению")
Example of using NIST tests
To use NIST tests, you need to download and install the NIST Statistical Test Suite. You can then run tests on sequences, for example, using the command line:
bashdieharder -f input.bin -g 201 -a
These methods allow us to evaluate the quality of random sequences and determine how well they match the expected statistical properties.
It is worth noting that the elliptic curve secp256k1 does not work as a pseudo-random number generator CSPRNG.
However, this does not mean that the secp256k1 elliptic curve can be used directly as a CSPRNG.
Unpredictability and uniformity
To use secp256k1 as a CSPRNG, you need to ensure that the output is unpredictable and uniform. This can be attempted by using the curve points as a source of randomness, but this requires additional processing to ensure uniformity and unpredictability.
Problems and limitations
- Discreteness : The points on an elliptic curve are discrete, which can lead to imperfect uniformity of distribution.
- Predictability : Without additional encryption or point mixing measures, the output can be predictable if the attacker has access to the initial conditions.
To create a cryptographically secure pseudorandom generator based on this curve, additional processing and modifications would be required to ensure the output is unpredictable and uniform. Thus, in its current form, secp256k1 cannot be classified as a CSPRNG.
Recommendations for future research
- Modifications for Uniformity : Explore methods that can ensure a uniform distribution of points on a curve.
- Unpredictability mechanisms : Design algorithms that can make output unpredictable without compromising cryptographic strength.
These studies may lead to the development of new pseudo-random number generators based on elliptic curves, but this will require significant theoretical and practical developments.
This material was created for the CRYPTO DEEP TECH portal to ensure financial data security and cryptography on elliptic curves secp256k1 against weak ECDSA signatures in the BITCOIN cryptocurrency. The creators of the software are not responsible for the use of materials.
Telegram: https://t.me/cryptodeeptech
Video material: https://youtu.be/p62orC7WDUE
Video tutorial: https://dzen.ru/video/watch/67c3e91abbfa683a745a0aea
Source: https://cryptodeeptech.ru/quantum-attacks-on-bitcoin
