Whoops, @Yubico just scored 31% on the Sony PS3 Epic Fail scale. Collect three signatures from a FIPS Yubikey and you can calculate the private key.https://www.yubico.com/support/security-advisories/ysa-2019-02/ …
-
I don't know where the number 3 comes from, but it's described here https://crypto.stackexchange.com/questions/44644/how-does-the-biased-k-attack-on-ecdsa-work …. Yubikey only said several
It's just a guess based on the fraction of random bits leaked (80/256). Might be a few more depending on circumstances, but it's ~that order of magnitude.
-
-
That wasn't my read of it. My read is that during key generation 80 bits are static (left over from boot POST memory content). I don't think collecting any number of sigs/pubkeys will help leak the non-static bits.
- Show replies
New conversation -
-
-
According to "Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies" by
@nomeata &@nadiaheninger, 3 signatures is about right https://eprint.iacr.org/2019/023.pdf pic.twitter.com/VmXfCx6uMa
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.