Finding the private key with the transaction signature

Question

I have two ETH transactions (both belonging to the same address) that both have the same r value in the transaction signature, is it possible to extract the private key from it? Details of both transactions below:

address: 0xF55f348c48bd2811a34105899db5fF7C2EBD9934

transaction hash(1): 0x374180005946ef3b1906ee1677f85fa62eb5a834aa0241b4c9c74174bca26a07

r: 0x41d43fd626c24e449ac54257eeff271edb438bbabbc9bee3d60a5bd78dc39d6d

s: 0x0f8062db22b4f8b654c01d6114616c1a7972453ab509a5fe5192a8ae28d7f351 —————————————————————- transaction hash(2): 0x670f66ff71882ae35436cd399adf57805745177b465fdb44a60b31b7c32e4d16

r: 0x41d43fd626c24e449ac54257eeff271edb438bbabbc9bee3d60a5bd78dc39d6d

s: 0x796fd3c7e31cb6f799d00d5a4c63185baa70e2ba10a7104a3a48d43d82738ef9

Lev · Answer 1 · 2022-10-20T00:04:51.260

To quote directly from the wikipedia page on ECDSA:

As the standard notes, it is not only required for $k$ to be secret, but it is also crucial to select different $k$ for different signatures, otherwise the equation in step 6. can be solved for $d_A$, the private key: given two signatures $(r,s)$ and $(r, s')$, employing the same unknown $k$ for different known messages $m$ and $m'$, an attacker can calculate $z$ and $z'$, and since $s-s' = k^{-1}(z-z')$ (all operations in this paragraph are done modulo $n$) the attacker can find $k = \frac{z-z'}{s-s'}$. Since $s = k^{-1}(z + rd_A)$, the attacker can now calculate the private key $d_A = \frac{sk - z}{r}$.

Finding the private key with the transaction signature

1 Answers1