class CryptoToolchain::Tools::DSARecoverNonceFromSignatures
Recovers private key from message signatures signed with the same nonce (k) This means that they have the same r values
Attributes
q[R]
targets[R]
Public Class Methods
new(inputs, q: DSA_Q)
click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 16 def initialize(inputs, q: DSA_Q) @targets = targets_for(inputs) validate_targets! @q = q end
Public Instance Methods
execute(params: true)
click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 23 def execute(params: true) t1 = targets.first t2 = targets.last m1 = t1.hash.hex m2 = t2.hash.hex s1 = t1.s s2 = t2.s # (a + b) mod n = [(a mod n) + (b mod n)] mod n. top = (m1 - m2) % q k = top * (s1 - s2).invmod(q) # numerator = ((m1 % q) - (m2 % q)) % q k end
targets_for(inputs)
click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 44 def targets_for(inputs) inputs. group_by {|inp| inp.r }. select {|k, v| v.length > 1 }. values. first end
validate_targets!()
click to toggle source
# File lib/crypto_toolchain/tools/dsa_recover_nonce_from_signatures.rb, line 37 def validate_targets! r1 = targets.first.r targets[1..-1].each do |t| raise ArgumentError.new("All r-values must be identical") unless t.r == r1 end end