Author

Topic: Please explain more about reused r values. Questions below. (Read 1086 times)

legendary
Activity: 2097
Merit: 1070
I might be reading this wrong but could someone please explain this in more detail.

Here's what I think's going on :

I believe the 'r' that's being referred to here is the first part (32 bytes 'r' value) of the signature and I believe it can only be duplicated if the random k used during signature generation is the same as in a previous transaction which uses the same private key and the same 'supposedly random' k value.

Is this correct ?
tjc
full member
Activity: 145
Merit: 100
1) What was the problem that blockchain.info had with its wallet software that caused it to reuse R values. Why does the core wallet not have that issue?

2) How do reused or poorly determined r values allow the private key to be knowable?

2) How can someone calculate the privatekey from the blockchain when there is a problem with R value generation (like joehoe and amaclin do)?

3) Do deterministic wallets have this issue since all the public and private keys are generated from the seed? For example, the Trezor wallet and its web wallet myTrezor?

Thanks
Jump to: