This collection comprises proof of concept demonstrations and explanatory content on vulnerabilities associated with Elliptic Curve Cryptography (ECC). Instead of merely advising against certain practices with a generic warning, it goes further to illustrate precisely how vulnerabilities can be exploited and outlines the derivation of the underlying formulas.
- Nonce Reuse: Explores the scenario where, given two signatures (
s1ands2) of messages (m1andm2) respectively, signed by a private key (p) with the corresponding public key (q), a malicious actor can calculate and obtainpusing onlys1,s2,m1, andm2. - Nonce Leak: Examines the situation where, with a signature
sof messagemsigned using noncekby a private key (p) with the corresponding public key (q), a malicious actor can calculate and obtainpusing justs,m, andk. - Fake Signatures: Explores how, with knowledge of a private key (
p) and its corresponding public key (q), a malicious actor can generate a signature and message pair that resolves toqwithout the exploiter needing to know or have access top. - Signature Malleability: Covers the process wherein, given a signature (
v,r, ands) of a message (m) signed by a private key (p) with the corresponding public key (q), a malicious actor can manipulate the signature by subtractingsfrom the curve's order and flippingvto 27 if it's 28, or 28 if it's 27, resulting in a new signature that resolves toqwithout requiring access top. - Parent Private Key Recovery in HD Wallets: Addresses the scenario where, given knowledge of a parent public key and its chain code, if there is a leak of any non-hardened child wallet's private key along with the index of that child wallet, it's trivial to calculate the parent's private key. Which in turn enables derivation of all possible child private keys, specifically referring to the private key of the leaked child wallet's siblings.
- Double Key Stealth Address Scheme Key Leak Implications: Explains what is breached between privacy and/or security when one of or a combination of the private keys involved in a stealth address transactions (i.e ephemeral private key, view private key, spend private key) leaks.