Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: krashfire on September 30, 2022, 07:04:31 PM



Title: Leaked Nonce Part in Lattice attack
Post by: krashfire on September 30, 2022, 07:04:31 PM
Dearest Experts...


How do I know if any of my transactions have a weak/leaked nonce in the signatures?
How do I spot a weak or leaked nonce? In lattice attack, it requires us to give the kp. What are the known bits in a signature??








Title: Re: Leaked Nonce Part in Lattice attack
Post by: citb0in on October 09, 2022, 06:37:31 PM
ehm, excuse me ?


Title: Re: Leaked Nonce Part in Lattice attack
Post by: HeRetiK on October 10, 2022, 09:21:59 PM
If you're a regular user and use one of the many established wallets (e.g. Bitcoin Core, Electrum or hardware wallets like Trezor or Ledger) without trying anything weird like handcrafting a Bitcoin transaction you don't need to worry about lattice attacks. The last time such attacks have happened to regular users was (afaik) in 2013 when one of the Android wallets didn't use a proper RNG leading to a predictable k which in turn made the private key derivable. All other cases seem to be mostly companies and developers either rolling their own crypto or working with signature generation in an unsecure manner that a regular user usually does not get in touch with.

For reference:
https://media.ccc.de/v/gpn20-66-lattice-attacks-on-ethereum-bitcoin-and-https


Title: Re: Leaked Nonce Part in Lattice attack
Post by: krashfire on October 11, 2022, 04:25:02 AM
It sounds like XY problem. If you don't want your Bitcoin stolen, it's suggested to use popular open source software/hardware which likely already audited by security/cryptography expert.

Dearest Experts...


How do I know if any of my transactions have a weak/leaked nonce in the signatures?
How do I spot a weak or leaked nonce? In lattice attack, it requires us to give the kp. What are the known bits in a signature??

Lazy answer: Study/learn to be an expert or hire an expert.

U studied. U still are no expert. Stop responding and act you know the answer to this.,😂😂


Title: Re: Leaked Nonce Part in Lattice attack
Post by: NotATether on October 11, 2022, 05:43:08 AM
I don't know of a way to detect RFC6979 nonces in your transactions because it is using irreversible SHA256 many times, but I talk about how to find the use of a constant nonce here (https://notatether.com/talk-cryptography/ecdsa-and-schnorr-signatures-from-the-same-private-key/).