Lack of Randomness: Why Hackers Love It

Published at: March 4, 2015

Random numbers, perhaps have different analogues among the humans and machines. Tossing a coin is assumed to be truly random for humans with the uniform distribution and probability of 0.5 to get heads or tails. However it’s a different story for machines.

Determinism vs. Randomness

Machines are created in a way to get an input, process the input and release the output. They only follow the patterns that are programmed.

“Machines are deterministic, which means that if you ask the same question you’ll get the same answer every time,” says Professor of Computer Science and Engineering at MIT’s Computer Science and Artificial Intelligence Laboratory, Steven Ward. “In fact, such machines are specifically and carefully programmed to eliminate randomness in results. They do this by following rules and relying on algorithms when they compute.”

Ward then raises a very important question:

 “So what happens to our random number then when it comes to a machine? In fact many things are built based on the idea of generating a random number. Consider casinos using old-fashioned slot machines. Can they work without generating a random number? How can these machines generate random numbers then?”

In fact, a simple answer to the latter question is that they do not. Machines do not generate truly random numbers yet. However, instead of taking an input (seed) from users to generate a random number, machines can get that from many other unpredictable processes such as thermal or atmospheric noise, rather than from human-defined patterns. That is why we always call any machine generated random number a pseudo random number. There are plenty of interesting random number generation techniques that can be used at the random.org website.

Unfortunately, having an element of randomness (entropy) might cause some problems. Elliptic curve digital signature algorithm (ECDSA), which is the core of cryptography in Bitcoin, suffers from this pseudo random number generation by its nature.

Every transaction in Bitcoin is required to be signed by the owner who owns the private keys. Apart from the private keys in each signature in ECDSA, the user should generate a random number k, which should really be generated randomly for every single transaction that the user makes. In fact, if the same private key of a user with the same random number k is used twice, anyone can calculate his private key and eventually spend his money. This applies to any wallets in Bitcoin including offline storages.

Security holes

This lack of randomness has caused the Bitcoin community a lot of loss. Bitcoin exchange Bitstamp confirms the loss 18,866 BTC earlier this year and Blockchain.info, one of the most reputable bitcoin wallet providers, has lost some of its customer’s money in December 14 due to this very simple issue.

Generally this issue has not only affected the Bitcoin users but also many other applications and certificates, which use ECDSA. In December 2010, Sony announced a hack to its PS3 users. Sony was actually using the same random number for each signature, which was a big failure in the implementation of ECDSA. The next year in 2011, OpenSSL suffered from the same issue by timing attacks.

Moreover, any linear relation between the two random number k1 and k2 in two different signatures compromises the user’s private key. Stephan Verbucheln in January of 2015 released his paper on how an unreliable service can make a random number generator, which generates random numbers that are indistinguishable where only the service provider can recover the random numbers.

Solution

So how does a user make sure that this number is generated randomly?

The answer is that as long as there is a random number generator in the process, user can’t trust any random number generator.

So does this mean that Bitcoin is not secure since it uses ECDSA?

I’m glad to say that there is a solution for this issue and it’s using the RFC 6979 standard to generate deterministic random numbers. A deterministic random number is created deterministically, just what a machine likes. Input goes through a function and gives you an output, generating the random number.

The reason that a hacker can’t generate this deterministic random number is that the input for generating this number consists of the user’s private key and the function is a hash function, which is irreversible. Therefore, we can say that the output k is random and this mechanism is safe.

Services such as Trezor and Mycelium have already implemented RFC 6979 standard into their systems, which makes them resistant against randomness attacks. Hopefully, with greater awareness of people, we are not going to see any more incidents caused by a careless random number generation of ECDSA in future.

Did you enjoy this article? You may also be interested in reading these ones:

Self-Owning Computers Can Beat ‘Skynet’ – Mike Hearn on the Internet of Things (Op-Ed) Blockchain Technology Could Have Prevented Louisiana’s Deadly Bacteria Leak
Tags
Hackers
Related Posts
Bison Trails launches Binance Smart Chain support
Bison Trails, an enterprise infrastructure provider for the blockchain and cryptocurrency industry, has extended support to developers of Binance Smart Chain — a move the company says will contribute to the health and security of the rapidly growing DeFi sector. Through Bison Trails, developers on Binance Smart Chain, also known as BSC, will have access to validor node infrastructure, which allows them to run nodes and contribute to the security of the network. Specifically, Bison Trails is providing BSC with Query & Transact infrastructure, which allows developers to build applications more easily. The partnership with BSC centers around the growth …
Blockchain / Aug. 19, 2021
Bitcoin Cash Faces ‘Slow Death’ After Alleged $30M Hack — Commentator
Altcoin Bitcoin Cash (BCH) has become the subject of intense speculation after a major investor claimed he lost $30 million in a wallet hack. In a now-deleted Reddit post from Feb. 22, the investor, who appears to be Dreamhost founder Josh Jones, said the attacker also stole 1,500 Bitcoin (BTC) worth $14.4 million. Hacker steals reported $45M The hack came in the form of Jones’ SIM card being compromised. So far, he has not confirmed whether this was a so-called “SIM swap,” or whether the funds were commandeered by other means. In the deleted post, Jones appealed to BCH miners …
Bitcoin / Feb. 22, 2020
Europol Arrests Six People Allegedly Behind $27 Million Bitcoin Theft
Europol, in conjunction with the United Kingdom’s South West Regional Cyber Crime Unit, the Dutch police, Eurojust, and the U.K.’s National Crime Agency (NCA), has coordinated the arrests of six people suspected of stealing over $27 million in cryptocurrency, according to a press release on June 25. The attackers reportedly were involved in typosquatting, a fraudulent means to steal credentials by setting up a scam website with a similar name to an established one—hence the “typo” in “typosquatting”—and then recording login data. In this case, the report notes that Europol believes the hackers were able to use typosquatting to steal …
Bitcoin / June 25, 2019
South Korea’s Telecom Giant KT Launches DLT-Powered 5G Brand to Prevent Hacks
KT Corporation, South Korea’s largest telecom firm, has launched its blockchain-powered fifth-generation (5G) network brand, local news agency The Korea Times reports on April 16. Called “GiGA Chain,” the brand intends to boost the security of Internet-of-Things (IoT) devices and to protect them from cyberattacks, the report says. As a part of the new brand, KT developed GiGA Stealth technology that prevents hacking attacks by hiding the IP addresses of the connected devices. According to the report, the blockchain-enabled tech makes IP addresses virtually invisible to hackers. Lee Dong-myeon, president of the future platform business group at KT, said that …
Adoption / April 16, 2019
PennyWise crypto-stealing malware spreads through YouTube
A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions. Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as PennyWise — likely named after the monster in Stephen King’s horror novel It — since it was first identified in May. “Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30: “In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications …
Bitcoin / July 6, 2022