Proof of concept and explainers to ECC vulnerabilities. It doesn't just tell you "Don't do this, it is exploitable. Do this rather', it also shows you how exactly it's exploitable and how the formula is derived.
- Nonce reuse: Covers how, given two signatures
s1
ands2
of messagesm1
andm2
respectively, signed by a private keyp
whose public key isq
, a malicious actor can calculate and getp
using justs1
,s2
,m1
andm2
- Nonce Leak: Covers how, given a signature
s
of messagem
, signed using noncek
by a private keyp
whose public key isq
, a malicious actor can calculate and getp
using justs
,m
, andk
- Fake signatures : Covers how, given a private key
p
and a public keyq
, a malicious actor can generate a signature and message pair that recovers toq
without the exploiter knowing or having access top
- Signature malleability: Covers how given a signature (
v
,r
ands
) of messagem
signed by private keyp
whose public key isq
, a malicious actor can subtracts
from the order of the curve and flipv
to 27 if it's 28 or 28 if it's 27 to get a new signature that recovers toq
(no need to have access top
)