Tags: crypto
Rating: 4.0
Looking at the information we've been given, it appears that this is an ECDSA repeated-nonce problem. We have an unspecified signature algorithm used to produce 512-bit signatures and a 256-bit public key. Additionally, the two signatures have identical first halves: 68299a51b6b592e2db83c26ca3594bdd81bdbb9f11c597a1deb823da7c8b9de8<span>. In ECDSA/DSA signatures, this indicates nonce reuse, a completely catastrophic mistake which allows not only for recovery of the nonce, but recovery of the private key as well!
There's code available to do this at</span> <span>http://antonio-bc.blogspot.com/2013/12/mathconsole-ictf-2013-writeup.html which will recover the nonce and private key and allow us to sign the flag value as required to complete the challenge.</span>