Can multiple signatures of the same message with the same private key (different nonces) lead to a private key trace?
Asked
Active
Viewed 1,219 times
1 Answers
3
In case leak was meant where the question has “trace”: in ECDSA, signing the same message twice with different nonces does not leak the private key or otherwise jeopardize security, including when message and public key are available to adversaries.
The same holds for any signature system secure under EF-CMA or stronger definitions of security.
From the description of signing operation in ECDSA, we see that changing the nonce $k$ changes $R$, $x_R$, $y_R$, $r$, $s$ (not $H$, $e$); thus including both components of the signature $S=(r,s)$.
fgrieu
- 149,326
- 13
- 324
- 622