Ripple has declared that some private keys for its native digital asset XRP which signed multiple transactions in the past could potentially be vulnerable but that this vulnerability has been associated with software libraries which were published prior to August 2015.
The statement came after findings of recent research on cryptocurrencies were published by the DFINITY Foundation in collaboration with the University of California. Research findings revealed that some portions of Bitcoin (BTC), Ethereum (ETH) and Ripple (XRP) addresses were potentially vulnerable, although whether those addresses are currently in use is not clear.
The dependence of the security of Elliptic Curve Digital Signature Algorithms (ECDSAs) on random data is well known among cryptographers. The research explained that if ECDSA private key is utilized for signing two messages with the same signature nonce then it is expected that the long-term private key will likely crack.
It has been claimed by the researchers that they successfully hacked HTTPS, hundreds of Bitcoin, a few Ether, one XRP private key and SSH by utilizing so-called biased nonce. The researchers added that these vulnerabilities may have vast consequences.
They stated that when it comes to the cryptocurrencies, using these private keys, the attackers can claim funds in the respective accounts. On the other hand, in case of SSH or HTTPS, these keys enable attackers to impersonate the end hosts.
However, the research paper suggests that there are some ways to avoid these vulnerabilities. They claimed that using deterministic ECDSA nonce generation, these attacks can be avoided.
It is interesting to note that deterministic nonce generation has been implemented in Ethereum and Bitcoin libraries by default. On the other hand, Ripple also claims to already have a deterministic nonce generation in their software since August 2015.
Moreover, the research stated that exchanges and single computing systems (centralized systems) are attacked much more often and successfully than private keys. Furthermore, the paper states that the researchers got access to a mere USD 14 worth of XRP and USD 54 worth of BTC.
Hacking is a damaging phenomenon for the crypto sector but mostly involve centralized databanks. Recently, Cryptopia (New Zealand-based crypto exchange) suspended its services due to a major hack. In another event, Russian cybercriminals reportedly hacked BTC 705.08 (USD 2.5 million). The new research may help in finding solutions to avoid such attacks in the future.
Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: pexels.com