Tags: biased-nonce ecdsa
- this is based on biased nonce attacks on ECDSA https://eprint.iacr.org/2019/023.pdf
- the signature scheme is essentially ECDSA, except slightly different
- there is a bias in both the LSB and the MSB
- find the hidden number problem instance and solve with LLL
- recover the private key, sign the auth message, and win!