Tags: biased-nonce ecdsa 


- this is based on biased nonce attacks on ECDSA https://eprint.iacr.org/2019/023.pdf
- the signature scheme is essentially ECDSA, except slightly different
- there is a bias in both the LSB and the MSB
- find the hidden number problem instance and solve with LLL
- recover the private key, sign the auth message, and win!

[DUCTF GitHub](https://github.com/DownUnderCTF/Challenges_2020_public/tree/master/crypto/impeccable)


Original writeup (https://www.josephsurin.me/posts/2020-09-20-downunderctf-2020-writeups#impeccable).