secp256k1 – Is there still a digital signature loophole in Bitcoin transactions?

Does the problem of repeating the value r still persist today in Bitcoin transactions?

If your question is whether Bitcoin signatures are still vulnerable if their nonces are generated in a bad way: yes, absolutely. The security of the ECDSA scheme (and the Schnorr scheme introduced in BIP340) relies on signatures being created using nonces that are entirely unpredictable to attackers.

However, I do think it’s fair to say that the software stacks used in Bitcoin software that constructs these signatures has matured so it occurs less in practice. Techniques like deterministic nonces as standardized in RFC6979 makes it much easier to write safe implementations.

If so, how can I find transactions that contain this thing?

There are questions on this site that give more practical details, but in broad lines, you go over all the blockchain’s transactions, group signatures by the public key they’re created for, and within each group see if any R value is repeated. If so, you can generally compute the private key from the signatures.

Rest assured that any funds remaining in addresses whose keys can be retrieved this way are instantly stolen.

I have research on how to protect digital assets.

Use production-quality, well-reviewed, wallet software or libraries. They will produce signatures in secure way. If you’re writing code yourself where bad nonces are a concern, you’re almost certainly doing something wrong.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *