- Telecommunications Giant Vodafone Leaves the Libra Association
- Group of Central Banks Assesses Developing Central Bank Digital Currencies
- South Korea Might Impose 20 Percent Tax on Cryptocurrency Profits
- Report: Terrorists Increasingly Use Crypto to Raise Funds Anonymously
- Canadian Securities Administrators Subject Crypto Exchanges to Securities Laws
A recent viral research paper by Joachim Breitner and Nadia Heninger about the repeated use of insufficiently random ‘nonces’ or ‘k’ values in ECDSA digital signatures was picked up by Ripple. The paper by Breitner and Heninger talks about how the use of imperfect nonces to carry out an attack that has not been seen previously in the crypto world.
Security has always been a concern when talking about cryptocurrencies as there have been multiple instances in the past where cryptocurrencies were hacked out of millions of dollars. Addressing this paper promptly, Ripple released an article on their site that talks about the implications in the context of Ripple’s security.
In the paper titled, “Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies,” the authors talk about the inconsistent and repeated signature nonces that could create security problems for the users.
Hundreds of private keys were computed by Breitner and Heninger during their research of Bitcoins, Ethereum coins, Ripple and HTTPS and SSH through crypto-analytic attacks against signatures in public blockchains and Internet scans. They suggested that repeated nonce values can make the ECDSA keys insecure. “In fact, any nonuniformity in the ECDSA signature nonces can reveal the private key, given sufficiently many signatures,” the paper states.
In response to the paper, Ripple says in the article that the vulnerability is not present on the core software that runs the blockchains of Bitcoin, Ethereum, XRP Ledger etc. In the article, it says that vulnerability is a result of a software defect “that signs transactions that are subsequently submitted to systems that use secp256k1 signatures — including Bitcoin, Ethereum, XRP Ledger and dozens of other distributed ledger technologies.” The paper further argues that those using exclusively deterministic nonces will not be vulnerable to the attack mentioned in the paper.
One possible factor that prompted a response from Ripple regarding the paper is perhaps the fact that classic Ethereum was robbed of $1 million in a 51% attack mere days ago. Investors and other stakeholders are concerned once again regarding the security of their blockchains.
This response of Ripple can also be seen as reassurance for their investors that the security concerns raised in the research paper will not apply to the Ripple blockchain and hence there’s nothing to worry about. This is a good policy by Ripple as reassuring users and investors regarding such reports helps ease tensions and indirectly affects the market trend.