Tags: ecdsa biased-nonce
Rating:
tldr;
- this is based on biased nonce attacks on ECDSA https://eprint.iacr.org/2019/023.pdf
- the signature scheme is essentially ECDSA, except slightly different
- there is a bias in both the LSB and the MSB
- find the hidden number problem instance and solve with LLL
- recover the private key, sign the auth message, and win!
[DUCTF GitHub](https://github.com/DownUnderCTF/Challenges_2020_public/tree/master/crypto/impeccable)
[writeup](https://jsur.in/posts/2020-09-20-downunderctf-2020-writeups#impeccable)
