In the modern financial sector, interest in providing financial services that employ blockchain technology has increased. Blockchain technology is efficient and can operate without a trusted party to store all transaction information; additionally, it provides transparency and prevents the tampering of transaction information. However, new security threats can occur because blockchain technology shares all the transaction information. Furthermore, studies have reported that the private keys of users who use the same signature value two or more times can be recovered. Because private keys of blockchain identify users, private key leaks can result in attackers stealing the ownership rights to users' property. Therefore, as more financial services use blockchain technology, actions to counteract the threat of private key recovery must be continually investigated. Private key recovery studies are presented here. Based on these studies, duplicated signatures generated by blockchain users are defined. Additionally, scenarios that generate and use duplicated signatures are applied in an actual bitcoin environment to demonstrate that actual bitcoin users' private keys can be recovered.
This research was supported by the MSIT(Ministry of Science and ICT), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2019-2016-0-00304) supervised by the IITP(Institute for Information & communications Technology Planning & Evaluation)
