DeserializeSignature vulnerability in Bitcoin protocol: deep cryptanalysis and risks of forging ECDSA signatures and how to protect against fake signatures in the Bitcoin network that exploit this vulnerability

This paper presents a detailed study of the DeserializeSignature vulnerability discovered in the Bitcoin network in 2023, which allows attackers to create invalid but accepted ECDSA signatures. The principles of the signature deserialization mechanism, potential methods of exploiting the vulnerability, and their implications for the security of the cryptocurrency network are considered. Key recommendations for eliminating this problem are proposed, with an emphasis on improving data validation.

A digital signature based on the ECDSA (Elliptic Curve Digital Signature Algorithm) algorithm is a fundamental mechanism for confirming the authenticity and consent of the Bitcoin cryptocurrency owner to perform transactions. Within the Bitcoin protocol, the DeserializeSignature function is responsible for converting the signature byte sequence into an object suitable for verification. However, an identified vulnerability associated with incorrect verification of some signature parameters allowed the creation of fake signatures that could pass verification, which seriously threatened the security of transactions.

How the DeserializeSignature function works
The DeserializeSignature function deserializes a digital signature from the DER (Distinguished Encoding Rules) format into a data structure required for verification. This process includes:

• Reading and interpreting the signature byte sequence;
• Checking the signature format for compliance with the DER standard, including checking the length and structure;
• Extraction of the values of the signature components rrr and sss, which are integers used in the ECDSA algorithm;
• Validation of rrr and sss values to ensure they are within the acceptable range.

The key flaw in the function was that there was no check to see if the rrr or sss values were zero. This allowed attackers to create signatures with zero components that did not conform to a valid format, but were accepted as valid by individual clients of the network.

Potential Impact and Exploitation Scenarios
Exploitation of the DeserializeSignature vulnerability could result in the following threats:

• Unauthorized transfer of assets : generating falsified signatures to conduct transactions with bitcoins belonging to other people.
• Double spending : The creation of two or more transactions with the same coins due to the acceptability of incorrect signatures.
• Blockchain data tampering : Entering false transactions into the blockchain, resulting in distorted account balances.
• Transaction verification breach : introducing signatures into the system that are accepted as valid by network nodes, which can break consensus and transaction integrity.

Vulnerabilities and technical aspects
The main vulnerabilities of the deserialization process include:

Impact on the Security of Digital Currencies
The DeserializeSignature vulnerability compromises a wide range of Bitcoin security aspects:

• Material losses of users due to illegal transfer of funds;
• Undermining confidence in the cryptosystem , slowing its adoption by the general public;
• Difficulty in detecting attacks caused by invalid signatures not matching the valid format.

Recommendations for protection
To neutralize this vulnerability, it is necessary:

• Implementation of strict data validation algorithms at the deserialization stage, including checking the rrr and sss values for validity (mandatory exclusion of zero values);
• Regular updating of crypto clients and libraries to eliminate known vulnerabilities;
• Conducting comprehensive security audits using emulation of various attack scenarios;
• Training developers and security specialists in the implementation features of the ECDSA algorithm and the specifics of the deserialization process.

Comparative analysis with previous studies
Unlike classic Signature Malleability issues and Bitcoin P2P protocol vulnerabilities, which are based on network interactions and cryptographic implementation faults, the DeserializeSignature error concerns the signature data processing and verification procedure. This makes the vulnerability more localized and at the same time more quickly correctable at the client software level.

Conclusion
The growing role of Bitcoin in the financial ecosystem requires constant monitoring and improvement of cryptographic mechanisms. The DeserializeSignature vulnerability demonstrates how important it is to pay attention to the correct implementation of all stages of signature processing, which is critical to maintaining the security and integrity of transactions.

Example of practical implementation and tools
To demonstrate the exploitation of the vulnerability and analysis of forged signatures, the software “ATTACKSAFE ULTRA” with support for the mathematical package “SAGE MATH” was used. Example of installing the necessary packages in the Linux environment:

sudo apt-get update
sudo apt-get install -y python3-gmpy2
sudo apt-get install sagemath
sage -v

Loading the repository of attack scripts:

wget https://attacksafe.ru/REPOSITORY/DC66398E76DBCD8193134381D7838A02/ATTACKSAFE_ULTRA.zip

These tools allow you to construct vulnerable transactions and explore the possibilities of creating invalid ECDSA signatures, which helps in the development of security mechanisms.

The material was prepared for the CRYPTO DEEP TECH portal with the aim of increasing financial security and protecting cryptographic operations on elliptic curves secp256k1. The authors of the software and research are not responsible for abuses based on the material provided.

New cryptanalysis techniques related to the DeserializeSignature vulnerability in the Bitcoin protocol are mainly based on deep analysis of the deserialization process and the use of modern testing and machine learning techniques. Key approaches include:

• Static and dynamic analysis of the function code DeserializeSignatureto detect missing checks and incorrect signature data validation conditions, especially the lack of checking for null values of the r and s 1 2 parameters .
• Fuzz testing is a method of automated generation of large numbers of random and specially crafted signature variants to detect incorrect handling of deserialization errors and valid value boundaries. In Bitcoin cryptographic libraries, this method allows detecting undocumented cases of invalid signature acceptance 4 .
• Using machine learning and specialized utilities such as the BitcoinChatGPT module and ATTACKSAFE ULTRA software to model vulnerable Raw transactions, automate the search for invalid signature patterns, and speed up cryptanalysis based on large datasets of transactions with deserialization errors 1 5.
• Timing attacks are an assessment of the dependence of the execution time of the deserialization procedure on the signature parameters, in order to identify leaks of information about private keys, which expands the possibilities of attacks on privacy and key compromise 1 .
• Updating and strengthening deserialization algorithms with strict validations (e.g. mandatory range checking of r and s parameters, refusal to accept zero values) and regular testing for possible format distortions, which reduces the attack surface 2 .
• Educate and raise awareness among developers to prevent implementation errors and the introduction of vulnerabilities early in the writing and updating of Bitcoin client software 1 2 .

Thus, modern methods of cryptanalysis of the DeserializeSignature vulnerability implement a comprehensive approach: from automated tests and machine learning to enhanced control of signature formats and parameters, which allows to significantly increase the security of the Bitcoin network and reduce the risks of exploitation of invalid ECDSA signatures. The emphasis is on continuous improvement of deserialization processes and adaptation of new technologies in cryptographic protection 1 2 4 .

The Essence of the DeserializeSignature Vulnerability in Bitcoin and Its Discovery

The DeserializeSignature vulnerability is related to incorrect processing of digital signatures used in the Bitcoin network, namely, insufficient validation of signature parameters during deserialization (conversion of a signature from a byte format to a data structure for verification). The function DeserializeSignatureexpected signatures in DER format and had to check two key components of the signature – the rrr and sss values, which, according to the ECDSA algorithm, must lie in certain acceptable ranges.

The main problem was that the function did not fully check these values, in particular, it did not exclude the situation when rrr or sss takes the value of zero. This allowed attackers to create signatures with incorrect parameters, which, despite being cryptographically invalid, could be accepted as valid by some Bitcoin clients. The result was the possibility of conducting transactions with forged signatures, which jeopardized the integrity and security of the network.

The vulnerability was discovered during the analysis of the signature deserialization process, when the researchers found that the signature format and parameter values were not strictly checked. Particular attention was paid to the fact that the lack of checking for zero values of signature components allowed the creation of “invalid” signatures that bypassed filters and passed verification for some Bitcoin network users. This detection was based on both a theoretical analysis of the ECDSA algorithm and DER format specifications, as well as experimental testing, including using fuzzing and cryptanalysis methods, which revealed exploitation scenarios and potential risks.

Thus, the essence of the DeserializeSignature vulnerability is the incomplete verification of the components of a digital signature at the stage of its deserialization, which provides the possibility of creating invalid signatures that are partially accepted by the Bitcoin network. The discovery of this vulnerability has increased attention to the need for strict verification of the structure and values of signatures to maintain the security of the cryptocurrency system 4 1 2 .

The Bitcoin function DeserializeSignaturedid not check all signature parameters before deserialization, primarily due to incomplete validation of the format and values of the signature components, the r and s parameters . In particular, it did not track cases where these values could be zero, which is contrary to the requirements of the ECDSA algorithm. The lack of this check allowed attackers to create signatures with zero or other invalid values that, despite being invalid, were accepted as valid in some Bitcoin client implementations 1 4 .

The main reasons for such incomplete verification are:

• Implementation errors or simplifications : The function was designed to quickly convert a byte sequence into a signature structure, but did not provide strict validation of all cryptographic constraints. This could be due to optimization purposes or incomplete consideration of all cases.
• Insufficient edge case testing : DER signature formats and parameter ranges should have been tested more thoroughly, but some implementations did not cover all possible incorrect cases.
• Vulnerability in used libraries : Some third-party deserialization libraries may not provide robust validation, which exacerbates the issue and allows validation to be bypassed.
• Protocol features and historical reasons : In early versions of the Bitcoin implementation, there was no complete validation of all parameters, and updates and patches were introduced gradually.

Thus, the key vulnerability factor is the lack of strict parameter checking rduring sthe deserialization process, especially the lack of a ban on zero values, which allowed attackers to use falsified signatures, bypassing the network’s protective mechanisms 1 4 .

Sources:

1 Research of DeserializeSignature vulnerability in Bitcoin, PCNEWS.ru (2024).
4 Article on Habr.com, “DeserializeSignature vulnerability in the Bitcoin network”, 2024.

The Polynonce attack is a modern type of quantum and cryptographic attack aimed at the Bitcoin network, based on the vulnerabilities of the ECDSA algorithm and the features of signature processing in the protocol. Its main aspects and dangers are as follows:

What is the danger of the Polynonce attack?

• Stealing funds before a transaction is confirmed
  The attack allows an attacker to calculate a private key from a transaction’s public key during the time the transaction is broadcast to the network but not yet committed to the blockchain. This gives a chance to create a new transaction on behalf of the victim and steal their bitcoins 2 .
• Using quantum algorithms
  Polynonce exploits the potential of quantum computers (based on Shor’s algorithm) to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP), which underlies the security of ECDSA. This theoretically makes the signature system vulnerable to large universal quantum computers.
• Impact on Mining Pools
  The attack allows some mining pools to manipulate proof of work and rewards, resulting in a 10% reduction in other participants’ income and undermining trust in mining 2 .

How is Polynonce attack implemented?

• The attacker monitors transactions on the Bitcoin network before they are included in the blockchain.
• Using Shor’s quantum algorithm, attempts to compute a private key from the available public signing key.
• The resulting key allows for counterfeit transactions and fraudulent transfers to be inserted into the blockchain first.
• To implement the attack, specialized computing power can be used in conjunction with network and cryptographic exploits.
• In certain cases, the use of smart contracts and control over mining pools can further enhance the effect of an attack (for example, by hiding found blocks and manipulating rewards) 2 4 .

Additional risks

• The attack undermines trust in the Bitcoin cryptosystem because it calls into question the reliability of the underlying ECDSA cryptographic algorithm as it moves to a new computing level.
• The possibility of conducting similar quantum attacks on other cryptocurrencies using similar digital signature algorithms.

Sources:

• Quantum attacks on Bitcoin — «POLYNONCE», cryptodeep.ru and polynonce.ru 2
• Overview of the attack and its consequences for mining pools, cryptodeep.ru 4
• Analysis of vulnerabilities of cryptographic functions in the Bitcoin network, cryptodeep.ru 1

To effectively protect against forged signatures in the Bitcoin network due to the DeserializeSignature vulnerability, it is recommended to use a comprehensive set of measures:

• Strict signature validation at deserialization stage : Strict validation of signature parameters (in particular, excluding zero values of r and s and checking for compliance with DER format) should be implemented to prevent invalid signatures from being accepted 2 4 .
• Regular software updates : Users and node operators should promptly install updates that fix known vulnerabilities, including improvements to the signature deserialization mechanism 2 5 .
• Increasing the number of transaction confirmations : It is recommended to wait at least 6 confirmations for a transaction to be finally accepted, which reduces the risks of successful attacks using invalid signatures 1 5 .
• Analysis and filtering of transactions and blocks on nodes : mining software and full nodes in the network must check transactions for anomalies, correctness of signatures and absence of conflicts, allowing to promptly discard suspicious transactions 1 5 .
• Implementation of anomaly analysis and monitoring systems : The use of tools based on machine learning and behavioral analysis helps to identify atypical behavior in the network, which may indicate attempts to forge signatures 5 .
• Implementing multi-level transaction checks and using additional verification tools, such as companion browser extensions that warn of suspicious transactions 3 5 .
• Conducting regular security audits of crypto clients and infrastructure to detect and eliminate vulnerabilities in deserialization processes and working with signatures 2 .
• Educate users and developers about the risks of counterfeit signatures and industrial security practices, which helps reduce the human factor in security.

The implementation of these measures will significantly minimize the threats associated with the DeserializeSignature vulnerability and increase the overall resilience of the Bitcoin network to attacks based on the creation and acceptance of invalid ECDSA signatures.

1. https://pikabu.ru/story/issledovanie_uyazvimosti_signature_malleability_i_komprometatsii_privatnogo_klyucha_v_podpisi_bitcoin_chast_3_12055413
2. https://pikabu.ru/story/uyazvimost_deserializesignature_v_seti_bitkoin_kriptoanaliz_posledstviya_i_vozmozhnost_sozdaniya_nedeystvitelnyikh_podpisey_ecdsa_11454555
3. https://www.kaspersky.ru/blog/what-is-a-crypto-wallet-drainer/36920/
4. https://habr.com/ru/articles/817237/
5. https://cryptodeep.ru/signature-malleability/
6. https://hashtelegraph.com/kak-ne-otdat-svoju-kriptovaljutu-scammers-anatomija-socialnoj-inzhenerii/
7. https://www.osp.ru/os/2025/02/13059629
8. https://www.anti-malware.ru/analytics/Technology_Analysis/How-to-protect-digital-assets-from-fraud
9. https://securitymedia.org/info/bezopasnost-blokcheyna-uyazvimosti-ataki-i-budushchee-zashchity.html
10. https://www.ssldragon.com/ru/blog/what-is-ecdsa/

1. https://cryptodeep.ru/deserialize-signature-vulnerability-bitcoin/
2. https://polynonce.ru/%D0%BA%D0%B2%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%D1%8B%D0%B5-%D0%B0%D1%82%D0%B0%D0%BA%D0%B8-%D0%BD%D0%B0-%D0%B1%D0%B8%D1%82%D0%BA%D0%BE%D0%B8%D0%BD/
3. https://polynonce.ru/timejacking-attack-%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B0%D1%82%D0%B0%D0%BA%D0%B0-%D0%BD%D0%B0-%D1%81%D0%B5%D1%82%D1%8C-bitcoin/
4. https://cryptodeep.ru/page/3/
5. https://forklog.com/cryptorium/chto-takoe-ataka-51

1. https://pcnews.ru/blogs/uazvimost_deserializesignature_v_seti_bitkoin_kriptoanaliz_i_nedejstvitelnye_podpisi_ecdsa-1449836.html
2. https://learn.microsoft.com/ru-ru/dotnet/fundamentals/code-analysis/quality-rules/ca2311
3. https://learn.microsoft.com/ru-ru/dotnet/framework/wcf/feature-details/serialization-and-deserialization
4. https://habr.com/ru/articles/817237/
5. https://pikabu.ru/tag/%D0%90%D1%80%D0%B1%D0%B8%D1%82%D1%80%D0%B0%D0%B6%20%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D1%8B,%D0%A5%D0%B0%D0%BA%D0%B5%D1%80%D1%8B?page=2
6. https://cryptodeep.ru/signature-malleability/
7. https://pvs-studio.ru/ru/blog/posts/java/1190/
8. https://javarush.com/groups/posts/2022-serializacija-i-deserializacija-v-java
9. https://pikabu.ru/tag/%D0%94%D0%BB%D0%B8%D0%BD%D0%BD%D0%BE%D0%BF%D0%BE%D1%81%D1%82,%D0%A5%D0%B0%D0%BA%D0%B5%D1%80%D1%8B?page=14&mv=2&page=9

1. https://cryptodeep.ru/signature-malleability/
2. https://pikabu.ru/story/issledovanie_uyazvimosti_signature_malleability_i_komprometatsii_privatnogo_klyucha_v_podpisi_bitcoin_chast_1_12055351
3. https://support.usergate.com/idps-signatures?label=&order=release_date&sort=desc&page=397
4. https://habr.com/ru/articles/817237/
5. https://www.securitylab.ru/news/561317.php
6. https://rt-solar.ru/solar-4rays/blog/4527/
7. https://bdu.fstec.ru/vul/2023-01694
8. https://cyberleninka.ru/article/n/issledovanie-vstrechaemosti-nebezopasno-serializovannyh-programmnyh-obektov-v-klientskom-kode-veb-prilozheniy
9. https://habr.com/ru/companies/pt/articles/758036/
10. https://support.usergate.com/idps-signatures?label=&order=label&sort=asc&page=150

1. https://habr.com/ru/articles/817237/
2. https://cryptodeep.ru/deserialize-signature-vulnerability-bitcoin/
3. https://infosecportal.ru/agregator-runeta/agregator-statej/uyazvimost-deserializesignature-v-seti-bitkoin-kriptoanaliz-i-nedejstvitelnye-podpisi-ecdsa/
4. https://cryptodeep.ru
5. https://www.youtube.com/watch?v=8E2KJeWu4XA
6. https://infosecportal.ru/category/agregator-runeta/agregator-statej/page/106/
7. https://pikabu.ru/tag/%D0%90%D1%80%D0%B1%D0%B8%D1%82%D1%80%D0%B0%D0%B6%20%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D1%8B,%D0%A5%D0%B0%D0%BA%D0%B5%D1%80%D1%8B?page=2
8. https://vk.com/@cryptodeeptech-signature-malleability
9. https://habr.com/ru/articles/817237/comments/
10. https://pcnews.ru/blogs/habrahabr/656.html

1. https://habr.com/ru/articles/817237/
2. https://forum.guns.ru/forum_light_message/151/2139090.html
3. https://github.com/demining/Deserialize-Signature-Vulnerability-in-Bitcoin-Network
4. https://habr.com/ru/articles/600113/comments/
5. https://pikabu.ru/story/issledovanie_uyazvimosti_signature_malleability_i_komprometatsii_privatnogo_klyucha_v_podpisi_bitcoin_chast_1_12055351
6. http://sch56-ngo.ru/main/content/safety/06_%D0%98%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F%20%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C/%D0%A1.%20%D0%9C%D0%B0%D0%BA%D0%B0%D1% 80%D0%BE%D0%B2%20%D0%9F%D1%80%D0%B5%D0%BA%D1%80%D0%B0%D1%81% D0%BD%D1%8B%D0%B9,%20%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D1%8B%D0% B9,%20%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D1%8B%D0%B9%20%D0%BC%D0%B8%D1%80.pdf
7. https://cryptodeeptech.ru/deserialize-signature-vulnerability-bitcoin.html
8. https://news.scienceland.ru/wp-content/uploads/2019/08/%D0%91%D0%BE%D1%81%D0%BE%D0%B2%D0%B0-%D0%9F%D0%B0%D0%B2%D0%BB%D0%BE%D0%B2_%D0%90%D0%BA%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5-%D0%BF%D1%80%D0%BE%D0%B1%D0%BB%D0%B5% D0%BC%D1%8B-%D0%BC%D0%B5%D1%82%D0%BE%D0%B4%D0%B8%D0%BA%D0%B8-%D0%BE%D0%B1%D1%83%D1%87%D0%B5%D0%BD%D0%B8%D1%8F-2019 -%D0%AD%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B8%D0%B7%D0%B4%D0%B0%D0%BD%D0%B8%D0%B5.pdf
9. https://pikabu.ru/tag/Cryptocurrency,%D0%A5%D0%B0%D0%BA%D0%B5%D1%80%D1%8B?mv=2&page=3
10. https://habr.com/ru/articles/417161/comments/