Title: Why did repeated "R" values occur in Bitcoin translations before? Post by: Btceon on May 30, 2019, 09:42:13 AM Hello!!! Please explain why earlier the repeated values of "R" occurred in Bitcoin translations.
For example, this transaction has a repetition of the value "R": https://www.blockchain.com/btc/tx/19d66411a5aa716a04b37197c11c93c9446a54694a2d2302093d8b0a93ed5d83 If you look at RawTX: https://btc.com/19d66411a5aa716a04b37197c11c93c9446a54694a2d2302093d8b0a93ed5d83.rawhex repeat value "R": R = cabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5 What was the reason for this? Explain the reason for this error? Title: Re: Why did repeated "R" values occur in Bitcoin translations before? Post by: Coding Enthusiast on May 30, 2019, 11:19:03 AM This is an implementation bug (from 2011).
When signing a message using Elliptic Curve Digital Signature Algorithm (ECDSA) the first step (after finding e) is to choose a random number k∈[0,n] then multiply that with curve's generator point (G). The r value in the signature is the x coordinate of the resulting point. Now when an implementation of ECDSA is using a bad RNG it can produce the same k and as a result produce the same r and consequently let an attacker calculate the private key that was used to create this signature. P.S. This is one of the reasons why RFC6979 (https://tools.ietf.org/html/rfc6979) is being used by most wallets nowadays. |