Thursday, September 5, 2013

Speculation: Are bitcoin thieves revealing NSA back doors?

Bitcoin is rather unique in that everyone in the world has a direct financial incentive for finding weak ECDSA private keys.  Compromise a key, and you may steal those bitcoins.

Now, recall a recent security incident:  "Concern mounts as Google confirms Android cryptographic vulnerability"

While there is zero evidence to support the following speculation, let us reconsider this Android SecureRandom bug in light of today's revelations about NSA decryption on the Internet (bullrun).

Is it possible that SecureRandom() was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?

Even entirely innocent engineering bugs are likely to be discovered by anyone with the time to iterate across all known weaknesses and platforms.  Random number generators are a known vector for weaknesses in the past, after all.

By extension, will bitcoin -- and the financial incentive to break bitcoin crypto -- reveal other NSA backdoors in ECDSA, SHA256, RIPEMD160, and other algorithms and libraries used by bitcoin?

Thieves are likely to exploit any flaws immediately, and move stolen loot to another private key.  The NSA, on the other hand, is likely to avoid exploiting any weaknesses until key moments.

Thus, ironically, thieves are playing a role in securing bitcoin and associated algorithms from NSA, Chinese, Russian or mafia tampering.

Was the SecureRandom() bug a now-revealed NSA backdoor?  It can never be known.  But you can thank bitcoin for exposing the problem and leading to immediate fixes, and drawing attention to weak RNG issues.


  1. Good insight Jeff. I don't find convincing evidence that bitcoin's cryptography has been compromised, but the protocol have the potential to adapt its cryptographic standards in the future anyway?