class CryptoToolchain::Tools::DSARecoverNonceFromSignatures

Recovers private key from message signatures signed with the same nonce (k) This means that they have the same r values

Attributes

q[R]
targets[R]

Public Class Methods

new(inputs, q: DSA_Q) click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 16
def initialize(inputs, q: DSA_Q)
  @targets = targets_for(inputs)
  validate_targets!
  @q = q
end

Public Instance Methods

execute(params: true) click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 23
def execute(params: true)
  t1 = targets.first
  t2 = targets.last
  m1 = t1.hash.hex
  m2 = t2.hash.hex
  s1 = t1.s
  s2 = t2.s
  # (a + b) mod n = [(a mod n) + (b mod n)] mod n.
  top = (m1 - m2) % q
  k = top * (s1 - s2).invmod(q)
  # numerator = ((m1 % q) - (m2 % q)) % q
  k
end
targets_for(inputs) click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 44
def targets_for(inputs)
  inputs.
    group_by {|inp| inp.r }.
    select {|k, v| v.length > 1 }.
    values.
    first
end
validate_targets!() click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 37
def validate_targets!
  r1 = targets.first.r
  targets[1..-1].each do |t|
    raise ArgumentError.new("All r-values must be identical") unless t.r == r1
  end
end