Recently I noticed that my device generates short-sized Nonces.
Approximately $2 ^ {243} - 2^{244}$.
Could it turn out that there will be a small leak of information about the first 3 bits of Nonces?
Accordingly, if Nonces is short, then it must contain null at the beginning.
That is, the first 3 bits of Nonces contain null at the beginning.
Hence, for the sake of safety:
When creating an ECDSA signature, the value of signatures $[R, S, H (e)]$ that in this Nonces signature is short in size can be disclosed to an attacker?
