I apologize for my naivete, but I'm trying to understand the attack. My algorithm sends the short version of the nonce point (x plus parity) so the attacker sending an invalid nonce means the attacker sends an x that's past p but less than 2^256. Say the receiver has a broken program that doesn't check the nonce and gets a garbage message. What would the receiver do at this point to inform the attacker? Here is the message I got?
Right, imagine the receiver that takes the form of network reachable service, and you can send it messages and it tells you what it decoded or just tells you if the checksum passed. You can now blast candidate messages (e.g. sweeping the checksum) at it and learn data derived from secret*(twist point), with all that indirection actually compromising something that would be impressive, but its clearly gone far outside of the realm of being able to make solid statements about the security by that point.
If I'm not mistaken, this is an attack that can be performed on any elliptical curve, not just secp256k1. And obviously, other elliptical curves use the same mechanism to do secure messaging. Is the fact that the private exponent is also used to sign messages somehow related to this attack? Or is it the curve itself? 2^256 - p = 4294968273 or roughly 4.3 trillion maximum possible attempts that will give back different data. Is that enough data to find something?
Also if sweeping the checksum is the strategy, wouldn't having a longer checksum (say 2^256 bits) solve that problem?
Again, just trying to understand the attack here. Thanks for engaging an elliptical curve newb.
