Bitcoin

secp256k1 – Are there still digital signature loopholes in Bitcoin transactions?

Does the problem of repeating r values ​​still persist in Bitcoin transactions today?

If your question is whether Bitcoin signatures are still vulnerable if they were created in a bad way, then yes. of course. The security of the ECDSA scheme (and the Schnorr scheme introduced in BIP340) relies on signatures being generated using nonces that are completely unpredictable to an attacker.

However, I think it is fair to say that this happens less often in practice as the software stack used in the Bitcoin software that constructs these signatures has matured. Using techniques like deterministic nonces, standardized in RFC6979, makes writing secure implementations much easier.

So how do you find deals that include this?

There is a question on this site that goes into more practical details, but broadly it looks at transactions on every blockchain, group signatures based on generated public keys, and checks if the R value is repeated within each group. If so, you can usually calculate the private key from the signature.

We are researching ways to protect digital assets.

Use production quality, well-reviewed wallet software or libraries. They generate signatures in a secure manner. If you’re writing code yourself where bad nonces are a problem, you’re almost certainly doing something wrong.

Related Articles

Back to top button