[ANN] vusi - ECDSA Signature Vulnerability Analysis (Rust, Open Source)

[Redni]

What is vusi?

vusi is a Rust library and CLI for detecting ECDSA signature vulnerabilities and recovering private keys from flawed signatures. If two signatures share a nonce (same r value), the private key is mathematically recoverable - vusi automates this detection and extraction.

Attack Types

Nonce Reuse (default)
The classic ECDSA failure. When two signatures use the same nonce k, the private key can be recovered using:
- k = (z1 - z2) / (s1 - s2)
- privkey = (s * k - z) / r

vusi groups signatures by (r, pubkey), detects reuse, and recovers the key.

Polynonce (feature-gated)
Detects polynomial relationships between nonces across multiple signatures. Requires --features polynonce.

Biased Nonce (feature-gated)
Lattice-based attack for nonces with known bit bias. Uses LLL reduction via rug. Requires --features biased-nonce.

Planned Attacks
More attack types are tracked on GitHub and in active development:
- LCG nonce detection - predictable nonces from linear congruential generators
- Related nonce attack - exploiting algebraic relationships between nonces
- Half-half attack - single-signature key recovery under specific conditions
- Side-channel timing detection - identifying timing leaks in signature generation
See open issues: https://github.com/oritwoen/vusi/issues

How It Works

1. Feed signatures as JSON or CSV (auto-detected)
2. Each signature needs: r, s, z (message hash) as decimal strings, optional pubkey
3. vusi groups by shared r values and runs the selected attack
4. Outputs recovered private keys with confidence score (1.0 if pubkey known, 0.8 otherwise)

Usage

Code:

# Analyze from file
vusi analyze signatures.json

# Analyze from stdin
echo '[{"r":"...","s":"...","z":"..."}]' | vusi analyze

# JSON output
vusi --json analyze signatures.json

Input format (JSON):

Code:

[
  {
    "r": "6819641642398...",
    "s": "5111069398017...",
    "z": "4834837306435...",
    "pubkey": null
  }
]

Exit codes: 0 = clean, 1 = vulnerabilities found, 2 = error.

Validation

All input values are strictly validated - no leading zeros, no values >= secp256k1 order n, decimal strings only. Test vectors use real Bitcoin transaction 89380c9fb072cbb5... with mathematically verified key recovery.

Part of unsek ecosystem

vusi is part of unsek - a cryptographic security research framework:

- vuke - Vulnerable key generation research (brainwallet, PRNG, derivation bugs)
- kangaroo - Pollard's Kangaroo ECDLP solver (GPU)
- boha - Crypto puzzle & bounty data library
- shaha - Hash database builder + reverse lookup
- vgen - Vanity address generator (GPU)

Links

- GitHub: https://github.com/oritwoen/vusi
- crates.io: https://crates.io/crates/vusi
- Docs: https://docs.rs/vusi
- DeepWiki: https://deepwiki.com/oritwoen/vusi

Feedback, issues and PRs welcome.