ECDSA private key recovery

Nightbird

9/10/23, 6:50 PM

I have a bunch of signatures (1000) signed with ECDSA secp256k1 curve. I can verify all of them with the same public key.

I have studied attacks are performed against ECDSA signatures using known MSB or LSB of the nonce.

Is private key recovery possible if nonce $k$ value is of unknown length? None of the signatures have the same $k$ value.

Without private key knowledge can I alter valid signatures to sign my own messages?

0 + 0

public-key

dsa

secp256k1

Maarten Bodewes

9/10/23, 7:44 PM

What has *length* got to do with it? Usually $k$ is in a specified range, right? There would not be that many bit lengths possible if I'm not mistaken.

kelalaka

9/10/23, 8:59 PM

The attack's based on the bias on the nonce $k$. Even tiny bias is exploitable. My advice ( your second question's base) drop your key and start to use [Deterministic ECDSA](https://www.rfc-editor.org/rfc/rfc6979.txt) by our Thomas Pornin as many coins migrated.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ECDSA private key recovery

TH: การกู้คืนคีย์ส่วนตัว ECDSA

RO: Recuperarea cheii private ECDSA

RU: Восстановление закрытого ключа ECDSA

VI: Phục hồi khóa riêng ECDSA

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.