Score:2

Short Nonces in ECDSA signature generation

in flag

Recently I noticed that my device generates short-sized Nonces.

Approximately $2 ^ {243} - 2^{244}$.

Could it turn out that there will be a small leak of information about the first 3 bits of Nonces?

Accordingly, if Nonces is short, then it must contain null at the beginning. That is, the first 3 bits of Nonces contain null at the beginning.

Hence, for the sake of safety:

When creating an ECDSA signature, the value of signatures $[R, S, H (e)]$ that in this Nonces signature is short in size can be disclosed to an attacker?

kelalaka avatar
in flag
[How does the "biased-k attack" on (EC)DSA work?](https://crypto.stackexchange.com/q/44644/18298)
Derick Swodnick avatar
in flag
@kelalaka Please show me an example of how with signatures `[R, S, H (e)]` can tell that `Nonces` is short-sized?
kelalaka avatar
in flag
https://eprint.iacr.org/2019/023.pdf
Derick Swodnick avatar
in flag
@kelalaka On which page is this information written?
kelalaka avatar
in flag
Look at the second page.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.