Welcome to the resource topic for 2025/705
Title:
Breaking ECDSA with Two Affinely Related Nonces
Authors: Jamie Gilchrist, William J Buchanan, Keir Finlow-Bates
Abstract:The security of the Elliptic Curve Digital Signature Algorithm (ECDSA) depends on the uniqueness and secrecy of the nonce, which is used in each signature. While it is well understood that nonce k reuse across two distinct messages can leak the private key, we show that even if a distinct value is used for k_2, where an affine relationship exists in the form of: (k_m = a \cdot k_n + b), we can also recover the private key. Our method requires only two signatures (even over the same message) and relies purely on algebra, with no need for lattice reduction or brute-force search(if the relationship, or offset, is known). To our knowledge, this is the first closed-form derivation of the ECDSA private key from only two signatures over the same message, under a known affine relationship between nonces.
ePrint: https://eprint.iacr.org/2025/705
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .