Is it possible to recover the private key if the same message is signed twice with different nonce?

Question

Sorry if this question is misguided, I'm a software developer and not a cryptographer.

Let's say I have a public key, and 2 signed messages.

Signed message 1:

message_hash_1
signature_1.r
signature_1.s

Signed message 2:

message_hash_2
signature_2.r
signature_2.s

Assumptions:

message_hash_1 == message_hash_2
signature_1.r != signature_2.r
signature_1.s != signature_2.s

I've read in https://www.bertcmiller.com/2021/12/28/glimpse_nonce_reuse.html that it is possible to recover the private key if r is the same across the signed messages, but s is different.

Is it possible to recover the private key if the message_hash is the same, but signature_1.r/signature_2.r and signature_1.s/signature_2.r are both different? So the nonce with which the message was signed was different, but the message and private key were the same across both signatures.

I'm using NIST P-256 elliptic curve.

For ECDSA we have a dupe for this. could you search for it? in one minute.. — kelalaka, Jan 09 '22 at 12:31
Welcome. You might be interested in these, too. 1) secp256k1: is it theoretically possible to generate same signature with different key, message hash and k? 2) How does the "biased-k attack" on (EC)DSA work? — kelalaka, Jan 09 '22 at 15:23
Here a +1 for you as a fast accept and don't forget to upvote the helpful answers on your cause. — kelalaka, Jan 09 '22 at 16:05

Is it possible to recover the private key if the same message is signed twice with different nonce?

0 Answers0