-
Notifications
You must be signed in to change notification settings - Fork 36
Issues: bitlogik/lattice-attack
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
kp is the **known leaked part of the internal eHello!Please explain.I have generated a dummy data file.json 1500 signatures,MSB 4 bit and inserted my Pubkey x,y and r,s there. Should I leave the hash as it is?phemeral nonce** during ECDSA. As this is supposed to be an internal secret, it can be read using a side channel. As it is a protected secret, sometimes we don't get it fully, but only a part, the starting bits, or the last bits. That's the exact purpose of LatticeAttack. If you know the nonce in full, you don't need LatticeAttack, as a simple computation using one signature leads to the private key. But if you only know start (or end) of the nonce for a couple of signatures, then LatticeAttack can provide the secret key.
#29
opened Nov 23, 2024 by
dmitriy0342
ProTip!
Follow long discussions with comments:>50.