Generating Cryptographic Keys Using Weak Pseudo-Random Number Generators (PRNGs)

BY KEYHUNTER 13.03.2025

Cryptographic key generation using weak pseudorandom number generators (PRNGs) is a critical security vulnerability in blockchain systems. This analysis examines the architectural flaws of the function random_key, the mechanisms for exploiting them, and the implications for cryptocurrency wallets.

Theoretical Foundations of PRNG Vulnerabilities

Cryptographic requirements for PRNG :

  1. Statistical indistinguishability from true randomness 3
  2. Unable to restore previous states of generator 3
  3. Defense against future state prediction 3

In the ECDSA algorithm used in Bitcoin, the random number kplays a key role in the signature formation. Its reuse or predictability allows the private key to be calculated using the formula:
s=k−1(H(m)+rd)mod Ns = k^{-1}(H(m) + rd) \mod Ns=k−1(H(m)+rd)modN
where the leak kmakes the equation solvable with respect to d(the private key) 2 .

Analysis of typical vulnerabilities

Attack TypeImplementation mechanismExample from practice
Weak entropy seedUsing time as an initial valueCakewallet (2018-2021)1
Algorithmic bookmarksDeliberate leakage of PRNG statesThe Case of BitcoinJS 6 Library
Restoring the stateOutput Sequence AnalysisWindows XP PRNG 3 attack

In the case of the BitcoinJS library, which used Math.random()browsers, predictability was enhanced by:

  • Limited entropy pool (48 bits instead of 128) 6
  • Deterministic Algorithms in Chrome 2011-2015 6
  • Cascading errors in JSBN and SecureRandom 6

Practical implications

  1. Cakewallet Incident (2021):
    Generation of 95 million potentially vulnerable addresses over 3 years, with the possibility of brute-force testing on average equipment in a few months 1 .
  2. Randstorm Vulnerability :
    21,000 BTC (~$750M as of 2023) discovered in wallets with keys generated via vulnerable PRNG 6 .
  3. kBitcoin Duplication Statistics :
    • 447 million signatures analyzed 2
    • 0.03% of transactions with repeat k2
    • Average Damage Per Incident: $45,000 2

Recommendations for improvement

  1. Hardware entropy sources :
    Using TRNG (Thermal Noise RNG) with a minimum speed of 2 bits/sec 5 .
  2. Cryptographic protocols :
    Implementation of BKRNG type algorithms with a cyclobyte performance of 277.96 cycles/byte versus 546.72 for CTR_DRBG 5 .
  3. Implementation verification :
    • NIST SP 800-22 Testing 5
    • Audit of the chain of entropy transformations
    • Hashing the PRNG output with SHA-3 3

Experimental data show that switching to deterministic BIP-32 key generation schemes with HMAC-SHA512 reduces the predictability risk by 3 orders of magnitude compared to legacy solutions 4 . Modern implementations such as FIPS 140-3 Level 3 provide protection even when the generator state is compromised through continuous test verification mechanisms 5 .

Citations:

  1. https://dzen.ru/a/ZZ7rl5jhoGyK-Bsj
  2. https://habr.com/ru/articles/430240/
  3. https://kiwibyrd.org/2013/06/06/0712/
  4. https://phemex.com/ru/academy/public-key-vs-private-key
  5. https://www.oaepublish.com/articles/jsss.2023.45
  6. https://www.kaspersky.ru/blog/vulnerability-in-hot-cryptowallets-from-2011-2015/36592/
  7. https://www.itsec.ru/articles/upravlenie-uyazvimostyami-v-kriptokoshelkah
  8. https://vc.ru/education/1575030-pochemu-ne-sushestvuet-sluchainosti-v-kompyuterah-i-blokcheine
  9. https://habr.com/ru/articles/773412/
  10. https://tangem.com/ru/blog/post/entropy/
  11. https://cryptomus.com/ru/blog/how-to-secure-your-crypto-wallet
  12. https://habr.com/ru/articles/771980/
  13. https://ru.tradingview.com/news/forklog:3031939c867b8:0/
  14. https://wiki.pztrn.name/software/qemu/not_enough_entropy/
  15. https://www.computerra.ru/183451/prng/
  16. https://crypto.stackexchange.com/questions/113456/can-we-construct-a-cpa-secure-scheme-with-a-prng-and-a-random-key
  17. https://ru.wikipedia.org/wiki/%D0%9A%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B3%D1%80%D0%B0%D1%84%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8_%D1%81%D1%82%D0%BE%D0%B9%D0%BA%D0%B8%D0%B9_%D0%B3%D0%B5%D0%BD%D0%B5%D1%80%D0%B0%D1%82%D0%BE%D1%80_%D0%BF%D1%81%D0%B5%D0%B2%D0%B4%D0%BE%D1%81%D0%BB%D1%83%D1%87%D0%B0%D0%B9%D0%BD%D1%8B%D1%85_%D1%87%D0%B8%D1%81%D0%B5%D0%BB
  18. https://blog.whitebit.com/what-is-a-private-key-in-crypto/
  19. https://www.h-x.technology/ru/blog-ru/top-blockchain-security-threats-in-2024-ru
  20. https://intuit.ru/studies/courses/3520/762/lecture/32518
  21. https://www.smart-soft.ru/blog/informatsionnaja-bezopasnost/
  22. https://ru.stackoverflow.com/questions/523929/%D0%93%D0%B5%D0%BD%D0%B5%D1%80%D0%B0%D1%86%D0%B8%D1%8F-%D0%BA%D0%BB%D1%8E%D1%87%D0%B0-%D0%BF%D0%BE%D1%81%D1%80%D0%B5%D0%B4%D1%81%D1%82%D0%B2%D0%BE%D0%BC-securerandom-getinstancestrong
  23. https://vc.ru/dev/62779-generatory-sluchainyh-chisel-v-smart-kontraktah
  24. https://encyclopedia.pub/entry/30451
  25. https://firstvds.ru/technology/kak-sozdat-klyuch-dlya-avtorizacii-po-ssh-i-dobavit-ego-na-server
  26. https://habr.com/ru/companies/distributedlab/articles/413627/
  27. https://tangem.com/ru/blog/post/how-to-create-a-private-key-for-a-crypto-wallet-with-and-without-a-seed-phrase/
  28. https://ru.wikipedia.org/wiki/%D0%91%D0%B8%D1%82%D0%BA%D0%BE%D0%B9%D0%BD

Post navigation