Elliptic Curves - Signatures

The vulnerability of the code (and yes, as somewhat hinted at by the challenge description), is these two lines: 1 2 nonce = sha1(long_to_bytes(privkey.secret_multiplier) + hsh).digest() sig = privkey.sign(bytes_to_long(hsh), bytes_to_long(nonce)) sha1 produces a digest of only 160 bits (20 bytes). This is a big problem as it is required that the nonce is a number randomly generated in the range between 1 and the order of the elliptic curve. In the above code, the hash generated by sha1 is only 160 bits long....

It is ECDSA, except that there is no hashing algorithm in use. Instead, the hashing algorithm just returns the data that it passes in. This makes it trivial to forge messages with the correct signatures. 1 2 3 4 5 6 7 class HashFunc: def __init__(self, data): self.data = data def digest(self): # return hashlib.sha256(data).digest() return self.data The following is referring to this question on Crypto StackExchange. The answer mentions how the signing of a message is carried out....