The State of TLS … ECDSA Nonce Reuse
Satoshi Nakamoto selected ECDSA for Bitcoin transactions, and the rest is history. Ethereum has since adopted it too. But, it has weaknesses, and one of the core weaknesses is that we should NOT reuse the same nonce value.
The signature is:
and where the random nonce value is k. If the same value is used, it is possible to derive the private key (priv). A new paper [1] now shines a light on the current state of the usage of TLS, and where the research team analysed 5.8 billion TLS handshakes from two different university networks:
Unfortunately they found many connections that used nonce reuse:
Nonce reuse
In ECDSA, Bob creates a random private key (priv), and then a public key from:
Next, in order to create a signature for a message of M, he creates a random number (k) and generates the signature of:
The signature is then (r,s) and where r is the x-co-ordinate of the point kG. H(M) is…
