New vulnerability in elliptic.js allows attackers to extract private keys from signatures.

This happened because fully deterministic signatures are not your friends. Check out my latest blog post describing the bug and prevention methods:

New vulnerability in elliptic.js allows attackers to extract private keys from signatures.

This happened because fully deterministic signatures are not your friends. Check out my latest blog post describing the bug and prevention methods:

https://paulmillr.com/posts/deterministic-signatures/

Your blog is fantastic. This vulnerability is right up our alley at Hacken.io. Let’s chat - https://calendly.com/j-dmuchowski-hacken/30min

Security, austrian school. Developing noble cryptography: audited js libraries for web3. https://paulmillr.com/noble

Hacken.io | Focused on US Security Policy for Web3 and Institutional Adoption | Emerging Tech | Capital Markets

decentralized networking, wallet enthusiast 

Past performance is not indicative of future results

luckily k reuse is a well-known vuln and research into real world data (from myself and independent researchers) have shown it’s very very rare