Author

Topic: Why did repeated "R" values occur in Bitcoin translations before? (Read 249 times)

legendary
Activity: 1040
Merit: 2785
Bitcoin and C♯ Enthusiast
k is not the same private key, it is a number similar to private key in the same range of values chosen randomly.

I think the question you asked is a very special scenario (which I don't think has ever happened) where the wallet is using a horrible RNG (like blockchain.info using random.org!) in two different places, the new key generation for the wallet, and the random k selection for signing. Then yes, it would be possible to see that the private key "x" used for "k" in a transaction.
legendary
Activity: 1040
Merit: 2785
Bitcoin and C♯ Enthusiast
This is an implementation bug (from 2011).
When signing a message using Elliptic Curve Digital Signature Algorithm (ECDSA) the first step (after finding e) is to choose a random number k∈[0,n] then multiply that with curve's generator point (G). The r value in the signature is the x coordinate of the resulting point.
Now when an implementation of ECDSA is using a bad RNG it can produce the same k and as a result produce the same r and consequently let an attacker calculate the private key that was used to create this signature.

P.S. This is one of the reasons why RFC6979 is being used by most wallets nowadays.
newbie
Activity: 11
Merit: 3
Hello!!! Please explain why earlier the repeated values of "R" occurred in Bitcoin translations.

For example, this transaction has a repetition of the value "R":
https://www.blockchain.com/btc/tx/19d66411a5aa716a04b37197c11c93c9446a54694a2d2302093d8b0a93ed5d83

If you look at RawTX:
https://btc.com/19d66411a5aa716a04b37197c11c93c9446a54694a2d2302093d8b0a93ed5d83.rawhex

repeat value "R":

R = cabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5

What was the reason for this? Explain the reason for this error?
Jump to: