This Researcher Found a Secret Backdoor in Bitcoin’s Elliptic Curve
This Researcher Detected a Secret Backdoor in Bitcoin’s Elliptic Curve
One of the world’s top cryptographers believes that Satoshi Nakamoto chose Bitcoin’s (BTC) elliptic curve either for its efficiency or because it may have a secret backdoor.
Elliptic curve is worth $ billions
A Bitcoin public key is generated by applying elliptic curve cryptography to the private key. It is easy to create a public key from the private key, but it is impossible to go in the reverse direction. Unless, of course, Bitcoin’s elliptic curve is compromised.
Many crypto experts have noticed that Bitcoin’s choice of secp256k1 elliptic curve was unusual for its time because it was not yet well researched. One of the world’s best known cryptographers, Tatsuaki Okamoto, commented on this unusual choice. Okamoto currently serves as director of the Cryptography & Information Security Lab at NTT Research.
Efficiency or vulnerability?
According to Okamoto, there are two different explanations for this choice, either Satoshi used it because it is more efficient or because it may have offered a secret backdoor. Of course, Okamoto underlines that these are just two logical hypotheses, as he can’t know what Satoshi was thinking at the time:
“(1) The Koblitz curve is specially designed for faster scalar multiplications. Hence the (signing, verifying and key generation) operations on Secp256k1 are faster than those on Secp256r1. (2) Although the Secp256r1 curve was announced to be randomly selected, there could still exist some suspicion that some backdoor might be secretly set up in the curve parameters. In contrast, the Koblitz curve parameters are mathematically determined, and there is little possibility for setting such a backdoor.”
Okamoto is impressed with the way Satoshi was able to merge several cryptographic techniques (hash chains, Merkle trees and elliptic curves) to create the world’s first decentralized currency:
“I think it is a revolutionary invention, the first decentralized currency, and its core technology blockchain, is giving a great impact on our society.”
Bitcoin Core developer agrees
Bitcoin Core developer, Wladimir van der Laan, said that he does not know why Satoshi chose this particular curve. He also notes that if he or someone has discovered a vulnerability, they have not stepped forward to disclose it:
“I have no idea why Satoshi chose this particular curve, they have provided no rationale anywhere (it seems, in hindsight, to have been a fairly good choice though). Even if Secp256r1 has a vulnerability, no one has stepped forward yet to announce their discovery. On the other hand, keeping this discovery to themselves could yield a multi-billion dollar reward.”
