Quiz: The Playstation 3 Hack
aka The Nonce Reuse Attack
โ€‹
Very very secure.
Sony uses a private key, typically stored (in an HSM?) at the company's HQ, to mark their Playstation firmwares as valid and unmodified. The PS3 only needs a public key to verify that the signature came from Sony. Normally, this is considered safe; but Sony did a rookie mistake in the implementation of their signing algorithm - they used the same random number to sign everything.

Recall how the (public parameter)
rr
in the signature is generated from a (secret) random number
kk
, using the formula
kG=RkG = R
,
rr
being the x-coordinate of the point
RR
.
Given two signatures that use the same
kk
, prove how you can extract the private key used for signing. Use the signature formula in the ECDSA section. You'll need pen and paper for this.
Last modified 2yr ago
Copy link