Score:0

ECDSA private key recovery

ke flag

I have a bunch of signatures (1000) signed with ECDSA secp256k1 curve. I can verify all of them with the same public key.

I have studied attacks are performed against ECDSA signatures using known MSB or LSB of the nonce.

Is private key recovery possible if nonce $k$ value is of unknown length? None of the signatures have the same $k$ value.

Without private key knowledge can I alter valid signatures to sign my own messages?

Maarten Bodewes avatar
in flag
What has *length* got to do with it? Usually $k$ is in a specified range, right? There would not be that many bit lengths possible if I'm not mistaken.
kelalaka avatar
in flag
The attack's based on the bias on the nonce $k$. Even tiny bias is exploitable. My advice ( your second question's base) drop your key and start to use [Deterministic ECDSA](https://www.rfc-editor.org/rfc/rfc6979.txt) by our Thomas Pornin as many coins migrated.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.