More biased nonce attacks for ECDSA But in my mind the worst threat is Kleptogram for ECDSA (malicious random number generator, such as Dual EC DBRG ?)
biased nonce attack for ECDSA ========================= ] J. Breitner and N. Heninger, "Biased nonce sense: Lattice attacks against weak ECDSA signatures in cryptocurrencies", in Proceedings of Financial Cryptography and Data Security, September 2019, pp 3–20, doi.org/10.1007/978-3-030-32101-7_1 https://eprint.iacr.org/2019/023.pdf Kleptogram for ECDSA ================== Stephan Verbücheln,"How Perfect Offline Wallets Can Still Leak Bitcoin Private Keys", January 2, 2015 https://arxiv.org/pdf/1501.00447.pdf Pascal Le mar. 16 août 2022 à 02:00, Robert Moskowitz <[email protected]> a écrit : > I contact pointed me to the following: > > > https://medium.com/asecuritysite-when-bob-met-alice/the-state-of-tls-ecdsa-nonce-reuse-1489ab86e488 > > The article is unclear if this is a TLS 1.2 and/or 1.3 problem. It does > claim that 1.3 does not fix all problems with TLS. > > It also seems this is a libraries implementation problem. Lack of care > in nonce selection. > > So I do need to get back to the person that is wanting to know, and I > have come up empty in any other information on this problem. > > Thanks! > > Bob > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
