# Quiz: The Playstation 3 Hack

aka The Nonce Reuse Attack
Very very secure.
Sony uses a private key, typically stored (in an HSM?) at the company's HQ, to mark their Playstation firmwares as valid and unmodified. The PS3 only needs a public key to verify that the signature came from Sony. Normally, this is considered safe; but Sony did a rookie mistake in the implementation of their signing algorithm - they used the same random number to sign everything.

### Quiz time

Recall how the (public parameter)
$r$
in the signature is generated from a (secret) random number
$k$
, using the formula
$kG = R$
,
$r$
being the x-coordinate of the point
$R$
.
Given two signatures that use the same
$k$
, prove how you can extract the private key used for signing. Use the signature formula in the ECDSA section. You'll need pen and paper for this.
Last modified 3yr ago