Safe to sign multiple messages with Armory not using RFC6979

[donttrustverify1]

Hello,
Is it safe to sign multiple messages using the same bitcoin address with Armory? Each signature produced is different (i am assuming that RFC6979 is not enabled). Can we trust Armory's random k generation? If someone would know the signed messages, would it be possible to derive the private key? ty

[1715689598]

1715689598

[1715689598]

1715689598

[1715689598]

1715689598

[goatpig]

i am assuming that RFC6979 is not enabled

It's on by default in 0.96.5. You can turn it on with a command line argument in the versions that support it:

https://github.com/goatpig/BitcoinArmory/blob/master/armoryengine/ArmoryUtils.py#L125

Each signature produced is different

For the same transaction? A RFC6979 will only yield the same (R, S) when signing for the same message. When generating a "legacy" ECC signature, you have to make sure you never reuse the same R (regardless of the message).

Can we trust Armory's random k generation?

You already trust it to generate your wallets.

If someone would know the signed messages, would it be possible to derive the private key? ty

If you present someone with 2 validly signed messages, both of which have the same R but a different S, he can reveal your private key. That aside, I remember some talk ages ago where the claim was made that you can leak bits of the private key when analyzing several signatures, but we're talking hundreds or thousands of sigs to leak a single bit. You'd have to dig that one up on your own, can't remember much more.

To generally answer your question: no.

[donttrustverify1]

thank you for your reply.

About RFC6979 by default on windows, using the latest Armory version (0.96.5), each signature is different, using a newly generated wallet and also on an old wallet.

With the argument "--enable-detsign" added to the shortcut, this does not change the behavior of Armory and continues to generate new signatures each time.

Is there another way to do it? ty

[goatpig]

each signature is different

You need to elaborate on this.

[donttrustverify1]

each signature is different

You need to elaborate on this.

When signing with the same address, the same message, different signatures will appear, as below :

HMVYgVEWUrQBS3smivNZsNpvVvISDpd+R2diIDMH2oqJfKToo9IrkAkrdnAP3xEc2GRfkEjyWwkG6A+SB8JuLrY=

G7Yu0tzrcroQWcXYjCUZMPFH+5G5EvxhfNQHouSk2KjNYWbmU2yROb5x/trFxrhSNzSvlCCVJAUFLU1K/M8Ql0A=

HIRGOvcVxG1ebcl7hSXMh0U7A2+A9ywt2SM9mfgu9GXDDYNDVABjahnZIOiGFXpcF+7IRnyeXpgmlqMXHSjkLP0=

All of the signatures are shown as valid in the "verify bare signature" tab

[goatpig]

When signing with the same address, the same message,

Wait so you're not signing a transaction but a message? That algo is different and doesn't use the same code as tx signing.

It's all in jasvet.py (https://github.com/goatpig/BitcoinArmory/blob/master/jasvet.py)

This is some old code that neither etotheipi nor I had anything to do with, it was taken from another dev, we only replaced the RNG with CryptoPP's instead of Python's shitty one. It signs using some python routines and we didn't modify it to support deterministic k generation when that was done for tx sigs.

https://github.com/goatpig/BitcoinArmory/blob/master/jasvet.py#L45