This Researcher Says Bitcoin’s Elliptic Curve Could Have a Secret Backdoor

Published at: July 1, 2020

One of the world’s top cryptographers believes that Satoshi Nakamoto chose Bitcoin’s (BTC) elliptic curve either for its efficiency or because it may offer a secret backdoor.

Elliptic curve is worth billions

A Bitcoin public key is created by applying elliptic-curve cryptography to the private key. One can easily create a public key from the private key, but it is impossible to go in the reverse direction. Unless, of course, Bitcoin’s elliptic curve is compromised.

Many crypto experts have noticed that Bitcoin’s choice of secp256k1 elliptic curve was unusual for its time, as it was not yet well researched. Cointelegraph asked one of the world’s leading cryptographers, Tatsuaki Okamoto, about this unusual choice. Okamoto currently serves as director of the Cryptography & Information Security Lab at NTT Research.

Efficiency or vulnerability?

According to Okamoto, there are two alternative explanations for this choice: Either Satoshi picked because it offers greater efficiency or because it may have offered a secret backdoor. Of course, Okamoto underlined that these are just two logical hypotheses, as he has no way of knowing what Satoshi was thinking at the time:

“(1) The Koblitz curve is specially designed for faster scalar multiplications. Hence the (signing, verifying and key generation) operations on Secp256k1 are faster than those on Secp256r1. (2) Although the Secp256r1 curve was announced to be randomly selected, there could still exist some suspicion that some backdoor might be secretly set up in the curve parameters. In contrast, the Koblitz curve parameters are mathematically determined, and there is little possibility for setting such a backdoor.”

Okamoto is impressed with the way the Bitcoin creator was able to combine several cryptographic techniques — such as hash chains, Merkle trees and elliptic curves — to create the world's first decentralized currency:

“I think it is a revolutionary invention, the first decentralized currency, and its core technology blockchain, is giving a great impact on our society.”

Bitcoin Core developer agrees

Bitcoin Core developer Wladimir van der Laan told Cointelegraph that he does not know why Satoshi chose this particular curve. He also noted that if someone has discovered a vulnerability, they have not stepped forward to announce it:

“I have no idea why Satoshi chose this particular curve, they have provided no rationale anywhere (it seems, in hindsight, to have been a fairly good choice though).”

Even if Secp256r1 has a vulnerability, no one has stepped forward yet to announce their discovery. On the other hand, keeping this discovery to themselves could yield a multi-billion dollar reward.

Tags
Bitcoin
Satoshi Nakamoto
Security
Cryptography
Related Posts
Did Satoshi choose to publish Bitcoin's whitepaper on Halloween as another Easter egg?
Satoshi Nakamoto announced the Bitcoin whitepaper on a cryptography mailing list on Halloween 2008. It could be the case that this was a meaningless coincidence, but when we take into account the meticulous planning behind Bitcoin’s launch party, the chosen date begins to take on more significance. Halloween is the carnival time, a ritual day when one can pretend to be someone or something else, whether a comic book superhero like Batman or Superman, or another eternally popular choice for Halloween, a Ghost — a spirit, much like Satoshi, that is neither dead nor alive. The carnival tradition goes back …
Bitcoin / Oct. 31, 2020
Renowned Cryptographer Says His Patent Was an Obstacle for Hal Finney
Tatsuaki Okamoto explains why his “electronic cash” patent might have presented an obstacle to Hal Finney in his ambition to create his own electronic currency. Six key patents Sometime before Dec. 6, 2004, Hal Finney did a search in a patent database on “blind-signature based cash systems”. On his site he posted a list of six such patents: “This might be useful for those considering implementing electronic cash.” Four of the patents are authored by David Chaum, the other two by Okamoto and his colleague at Nippon Telegraph Kazuo Ohta. Ecash patents by Dr. Okamoto & his Nippon Telegraph colleague …
Bitcoin / July 4, 2020
Experts Split on Practical Implications of Quantum Cryptography
Scientists in China were able to exchange an encryption key at a distance of 1,120 kilometers, this exceeds the previous best attempt by 1,000 kilometers. Crypto experts discuss whether this could have practical implications for the industry. Hackerproof cryptography? Quantum computers are scarecrows for the crypto industry for years, with some speculating that the advances in this technology will make all existing cryptography obsolete. This time quantum entanglement was used to exchange a secret key that could be used to encrypt and decrypt messages. One could imagine if this technology becomes a commodity it could make crypto hacking obsolete as …
Bitcoin / June 28, 2020
Israeli Startup That Allows Offline Crypto Transactions Secures $4M
Israeli cybersecurity startup GK8 has reportedly developed the world’s first offline system for transacting cryptocurrencies. The new system uses GK8’s proprietary cryptographic techniques that enable instant blockchain transactions of digital assets without any need for an internet connection, Israeli business news publication Globes reported on Sept. 18. The company raised $4 million in a funding round led by Discount Capital, a venture arm of one of Israel’s three largest banks, Discount Bank, and Marius Nacht, a co-founder of cybersecurity giant Checkpoint. Other investors reportedly included EdenBlock, iAngels, IDEAL-HLS, StratX and the Israel Innovation Authority. As reported by Globes, GK8’s new …
Bitcoin / Sept. 18, 2019
Tech’s good intentions and why Satoshi’s new ‘social order’ foundered
All revolutions have their dogmas, and the cryptocurrency/blockchain insurgency is no different. It’s an article of faith among crypto adherents that decentralization will solve many of society’s ills, including the problem of governance. Vili Lehdonvirta — an Oxford University social scientist, book author, and former software developer — disagrees. “The underlying technology will change and it’s already changing,” he told Cointelegraph last week. “It’s becoming less blockchain-like, less like the original idea of a trustless system,” especially after the Ethereum Merge, where corporate-like ‘staking’ entities will be needed to “uphold the integrity of the chain,” in his view. Indeed, crypto …
Decentralization / Oct. 18, 2022