Author

Topic: Signature - rsz - private key - ECDSA - calc - public key (Read 261 times)

brand new
Activity: 0
Merit: 0
When two signatures are generated with the same private key and an attacker knows the difference between k-d of the 2 signatures, it can potentially lead to a private key recovery attack. This is because the attacker can use the knowledge of the difference between the two k-d values to compute the private key.

In ECDSA, the k-d value is used to generate the signature. It is a random nonce value that is used to prevent an attacker from being able to predict the signature. When the same private key is used to generate two signatures, it means that the same nonce value (k) was used to generate both signatures. This is a vulnerability because an attacker can use the knowledge of the nonce value to compute the private key.

It's important to note that this vulnerability is not easily exploitable and an attacker would need to have access to a significant amount of computational power. Nevertheless, it is important to ensure that signatures are generated using a unique nonce value to prevent this type of attack.

Therefore, it's recommended to use a cryptographically secure RNG (Random Number Generator) to generate the nonce value k, and to ensure that the nonce value is unique for every signature.

It's important to generate new private key and use it to sign the new messages, and consider the previous key as compromised.
jr. member
Activity: 51
Merit: 107
the question was: The attacker knows the difference between k-d of the 2 signatures.
if attacker does not have Access to signatures as you put inside your question: answer is NO,
but if he does: answer is Yes
newbie
Activity: 2
Merit: 0
Quote

Q: I have 2 signatures offline with the same private key and I would like to know if my private key is at risk

A: Yes



They were generated without internet access, the device was destroyed and the private key is encrypted

I don't think it's risky. RIGHT?
member
Activity: 73
Merit: 19
(s1*r2-s2*r1) %N = 0

these signatures have the same root so you can't break them.
newbie
Activity: 2
Merit: 0
Hello! I have 2 signatures offline with the same private key and I would like to know if my private key is at risk.
The attacker knows the difference between k-d of the 2 signatures

signature 1

k-d = 0x99efbe8ab7519fb46bf1f6dd4fedf30a7677ccec3c241e72fb2abff5313c779b

r   0x74fd78ede0ab694817af40f20d560ff9f6c87aa251e5c55970fef4e178d09caa
s   0x74fd78ede0ab694817af40f20d560ff9f6c87aa251e5c55970fef4e178d09caa
z   0x44770e65060202ece64ebe8e44f5d170495957b1e1d18cf7858ccf0e2875b6be

pk  02eca578ddd2489b985da93bd038d1f42a4be72095a6139ecd65bdd0a475e5f065



signature 2

k-d = 0xa2c7aa00be5ba8633bb3d8bbace336d4a64075b3365fbe72fb2abff5313c779b

r   0x4a4a0513337795fcce89cfb11f961cd8ff446cdb88a3f3767965ac8b9e8da8c4
s   0x4a4a0513337795fcce89cfb11f961cd8ff446cdb88a3f3767965ac8b9e8da8c4
z   0xc11ac33c48cf04f19be3c37326b09ca1878d1ac7378d6c57fdd6f2fd3b551b53

pk  02eca578ddd2489b985da93bd038d1f42a4be72095a6139ecd65bdd0a475e5f065
Jump to: