A Small Subgroup Attack on Bitcoin Address Generation

Massimiliano Sala; Domenica Sogiorno; Daniele Taufer

doi:10.3390/math8101645

Mathematics (Sep 2020)

A Small Subgroup Attack on Bitcoin Address Generation

Massimiliano Sala,
Domenica Sogiorno,
Daniele Taufer

Affiliations

Massimiliano Sala: Department of Mathematics, University of Trento, Via Sommarive 14, 38123 Povo (TN), Italy
Domenica Sogiorno: Department of Mathematics, University of Bari, 70121 Bari, Italy
Daniele Taufer: CISPA Helmholtz Center for Information Security, 66123 Saarbrücken, Germany

DOI: https://doi.org/10.3390/math8101645
Journal volume & issue: Vol. 8, no. 10
p. 1645

Abstract

Read online

We show how a small subgroup confinement-like attack may be mounted on the Bitcoin addresses generation protocol, by inspecting a special subgroup of the group associated to point multiplication. This approach does not undermine the system security but highlights the importance of using fair random sources during the private key selection.

Published in Mathematics

ISSN: 2227-7390 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Science: Mathematics
Website: http://www.mdpi.com/journal/mathematics

About the journal

Abstract

Keywords