๐

๐

๐

๐

secp256k1 Python

Searchโฆ

Quiz: The Playstation 3 Hack

aka The Nonce Reuse Attack

โ

Very very secure.

Sony uses a private key, typically stored (in an HSM?) at the company's HQ, to mark their Playstation firmwares as valid and unmodified. The PS3 only needs a public key to verify that the signature came from Sony. Normally, this is considered safe; but Sony did a rookie mistake in the implementation of their signing algorithm - **they used the same random number to sign everything**.

Recall how the (public parameter)

$r$

in the signature is generated from a (secret) random number $k$

, using the formula $kG = R$

, $r$

being the x-coordinate of the point $R$

.Given two signatures that use the same **prove how you can extract the private key** used for signing. Use the signature formula in the ECDSA section. You'll need pen and paper for this.

$k$

, Last modified 2yr ago

Copy link