Recovering The Private Key in a ECDSA Signature Using A Single Random Nonce
You must look after your private key. It is the thing that identifies your systems, your users, and, in fact, your company. A breach of your private key can be one of the most costly things that a company can face in terms of a trust breach. And so, we are moving towards a world where we sign our transactions with your private key, and then prove them with our public key. This happens every time that a Bitcoin transaction happens, and where Bob signs a transfer to Bitcoins to Alice with his private key, and then everyone can prove it was Bob with his public key.
So my most often question that I am asked … “Can I crack the private key from the public key”? Well, the answer is always, “No”, unless there’s a weakness in the implementation. So, let’s look at an example.
The ECDSA signature method is the elliptic curve equivalent of the DSA method and is used extensively with Bitcoin methods. With this, we create a private key (priv) and then generate a public key, which is:
and where G is the base point on the elliptic curve, and where we add this point priv times (G+G+G … +G) to produce the public key. For the
Next, we create a random number (k) and produce the signature of:
