Join Log in
Score:2
Joe avatar Crypto

Forging an ECDSA signature for a random public key string

kp flag
Joe

An adversary is able to insert a random string (which he does not control: he can only randomly generate it and insert it). The random string is parsed by the victim as an ECDSA public key. This public key is used to verify a signature (the adversary can insert whatever signature he chooses). Is this a vulnerability? E.g. what are the chances the random string ends up corresponding to a low order curve where the adversary can brute force the signature?

125
0 + 3
fgrieu avatar
ng flag
fgrieu
That will depend heavily on details of the format of the public key, and the checks made by the signature verification software on that. The question specifies neither. Apparently the question assumes the public key specifies an elliptic curve and a point on the curve, rather than only a point on an implicitly defined curve in one of the [usual two formats](https://www.secg.org/sec1-v2.pdf#subsubsection.2.3.3): with or without point compression.
3
Reply
Joe avatar
kp flag
Joe
Could you clarify when it matters? Is there actually a format where it matters?
0
Reply
fgrieu avatar
ng flag
fgrieu
One several usual formats for ECDSA public keys is the one in [sec1v2, 2.3.3](https://www.secg.org/sec1-v2.pdf#subsubsection.2.3.3), _point compression is not being used_ (choice 3). That is a byte `04`, followed by $x$ then $y$ coordinates each as a 32-byte big-endian bytestring, for a point implicitly on elliptic curve [secp256r1](https://www.secg.org/sec2-v2.pdf#subsubsection.2.4.2). It's common that signature verification starts by verifying that the public key's $x$ and $y$ match the curve's equation. That has probability about $2^{-264}$ for random 65-byte public key.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.