No it is not because as they note in the paper: " Deterministic variants (e.g. deterministic ECDSA and EdDSA [25]) make use of cryptographic hash functions to generate the nonces and are thus inherently resistant to the attacks described here."
We use deterministic ECDSA exclusively (afaik). So unless the hash algo is broken, we are fine. For some reason (my guess is ignorance), bitcoin uses the non-deterministic ECDSA variant. Why is that a bad idea? Well because of this (and the simpler attack where you re-use the nonce). BR Martin Bernd Fix <b...@hoi-polloi.org> writes: > Hi, > > reading a recent paper (https://eprint.iacr.org/2023/305) I wonder if > this has any impact on GNUnet - especially GNS, which uses ECDSA > signatures for PKEY-signed payloads. Do we need to phase out PKEYs and > replace them with EDKEYs in the future? > > Cheers, Bernd.
signature.asc
Description: PGP signature
