Adding an algorithm dependent identifier to the nonce seed ensures that
no information can be retrieved when signing with the same key and
different algorithms.
Details
Details
- Reviewers
deadalnix - Group Reviewers
Restricted Project - Commits
- rSTAGING5801452e54b1: Add an algorithm identifier to the nonce generation for ECDSA signatures
rABC5801452e54b1: Add an algorithm identifier to the nonce generation for ECDSA signatures
make check
Diff Detail
Diff Detail
- Repository
- rABC Bitcoin ABC
- Branch
- secp256k1_nonce_seed
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 4342 Build 6749: Bitcoin ABC Buildbot (legacy) Build 6748: arc lint + arc unit
Event Timeline
src/secp256k1/src/ecdsa.h | ||
---|---|---|
16 ↗ | (On Diff #6344) | Move to main_impl.h There are also no reason to use the same for different algorithms. Using different values for k is never a problem, but reusing values for k can reveal the private key. |
src/secp256k1/src/modules/recovery/main_impl.h | ||
145 ↗ | (On Diff #6344) | ECDSA+DER |
src/secp256k1/src/secp256k1.c | ||
369 ↗ | (On Diff #6344) | ECDSA+Recovery |