Asia-24-Beery-BadRandomness.pdf

《Asia-24-Beery-BadRandomness.pdf》由会员分享，可在线阅读，更多相关《Asia-24-Beery-BadRandomness.pdf（53页珍藏版）》请在三个皮匠报告上搜索。

1、#BHASIA BlackHatEventsBad Randomness:Protecting Against Cryptographys Perfect CrimeTal Beery,CTO&Co-Founder ZengoCo-Founder,CTO ZenGo20+years cyber security9th time BH Speaker1st time BHASIA speaker!talbeerysecHi,Im Tal BeeryAgenda The Perfect Crime:Why bad randomness is cryptos perfect crime?True C

2、rime(s)Bad private key:Bitcoin,gone in millisecondsBad Nonce:Ethereum,gone in millisecondsBad DH parameters:TLS malware,even more powerful than previously known SolutionsAvoiding single point of failure with MPC The perfect crimeRandomness in cryptographyThe perfect crime Lethal Undetectable”Randomn

3、ess in cryptography is like the air we breathe.You cant do anything without it,-Prof.Yevgeniy Dodis https:/cs.nyu.edu/dodis/courant-article.pdfRandomness is vital Kerckhoffs principle:the security of a cryptographic system should be based on the secrecy of the cryptographic key Keys values should be

4、 unguessablecreated in random But also other crypto items,e.g.Nonces,IVs Randomness is vital Lack thereof is lethal!Bad randomness is undetectableBad randomness is undetectable There are no random numbers,only numbers created by a random process In most cases,you cannot inspect a number and decide i

5、f it is random or not In most cases,the values of these random numbers are not stored as they are too secret not available for a statistical forensic analysisCryptos perfect crimeBad randomness is cryptos perfect crime Lethal UndetectableTrue crime,true detectiveBad Randomness in the wildTrue detect

6、iveSeason 1:Bitcoins dark forestFrom random to Bitcoin address:step 1 Generate a random 128 bit number Add 1 bit of checksum for each 32 bit(33 is divisible by 11)From random to Bitcoin address:step 2 Assign for each 11 bit group a word from BIP-39 to get the seed phraseFrom random to Bitcoin addres