# Quiz: The Playstation 3 Hack ![Very very secure.](/files/-LwA_1aSNqbqUQR2yo85) Sony uses a private key, typically stored (in an HSM?) at the company's HQ, to mark their Playstation firmwares as valid and unmodified. The PS3 only needs a public key to verify that the signature came from Sony. Normally, this is considered safe; but Sony did a rookie mistake in the implementation of their signing algorithm - **they used the same random number to sign everything**. ### Quiz time Recall how the (public parameter) $$r$$ in the signature is generated from a (secret) random number $$k$$, using the formula $$kG = R$$, $$r$$ being the x-coordinate of the point $$R$$. Given two signatures that use the same $$k$$, **prove how you can extract the private key** used for signing. Use the signature formula in the ECDSA section. You'll need pen and paper for this. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://onyb.gitbook.io/roll-your-own-crypto/the-playstation-3-hack.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.