Bitcoin Security with a Twisted Edwards Curve

International audienceThe security of the Bitcoin cryptocurrency system depends on the Koblitz curve secp256k1 combined with the digital signature ECDSA and the hash function SHA-256. In this paper, we show that the security of Bitcoin with ECDSA and secp256k1 is not optimal and present a detailed study of the efficiency of Bitcoin with the digital signature algorithm Ed25519 combined with the twisted Edwards curve CurveEd25519 and the hash function SHA-512. We show that Bitcoin is more secure and more efficient with the digital signature algorithm Ed25519 and the twisted Edwards curve CurveEd25519. Subject Classifications: 94A6

Bitcoin Security with Post Quantum Cryptography

International audienceIn a future quantum world with a large quantum computer, the security of the digital signatures used for Bitcoin transactions will be broken by Shor's algorithm. Bitcoin has to switch to post-quantum cryptography. In this paper, we show that the post quantum signatures based on LWE and ring LWE are the most promising to use in the presence of large quantum computers running Shor's algorithm

Bitcoin Security with a Twisted Edwards Curve

International audienceThe security of the Bitcoin cryptocurrency system depends on the Koblitz curve secp256k1 combined with the digital signature ECDSA and the hash function SHA-256. In this paper, we show that the security of Bitcoin with ECDSA and secp256k1 is not optimal and present a detailed study of the efficiency of Bitcoin with the digital signature algorithm Ed25519 combined with the twisted Edwards curve CurveEd25519 and the hash function SHA-512. We show that Bitcoin is more secure and more efficient with the digital signature algorithm Ed25519 and the twisted Edwards curve CurveEd25519. Subject Classifications: 94A6

Cryptanalysis of RSA Variants with Primes Sharing Most Significant Bits

International audienceWe consider four variants of the RSA cryptosystem with an RSA modulus N = pq where the public exponent e and the private exponent d satisfy an equation of the form ed − k (p^2 − 1)( q^2 − 1 )= 1. We show that, if the prime numbers p and q share most significant bits, that is, if the prime difference |p − q| is sufficiently small, then one can solve the equation for larger values of d, and factor the RSA modulus, which makes the systems insecure

Cryptanalysis of RSA Variants with Primes Sharing Most Significant Bits

We consider four variants of the RSA cryptosystem with an RSA modulus N= pq where the public exponent e and the private exponent d satisfy an equation of the form ed- k(p2- 1 ) (q2- 1 ) = 1. We show that, if the prime numbers p and q share most significant bits, that is, if the prime difference | p- q| is sufficiently small, then one can solve the equation for larger values of d, and factor the RSA modulus, which makes the systems insecure