I have been given the task to test the security of our company software. Our company software generates ecdsa signed supply order files. One can generate as many files as he wants.
so my question is Is there any ECDSA Attack if I have millions of signatures?
we are using 112bit prime curve order: 4451685225093714776491891542548933
I have calculated 1 million signatures using the following method:
public void GenerateSignature()
{
//curve order
BigInteger n = ec.N;
Ramdom rand = new Random();
//private key
BigInteger d = ((ECPrivateKeyParameters)key).D;
//loop for 1 million signatures
for (int i = 1; i <= 1000000; i++)
{
//random k and e
BigInteger e = new BigInteger(112, rand).Mod(n); //new biginteger by giving bitlength and random
BigInteger k = new BigInteger(112, rand).Mod(n);
//calculate r
BigInteger r = key.Parameters.G.Multiply(k).X.ToBigInteger().Mod(n);
//calculate s
BigInteger s = k.ModInverse(n).Multiply(e.Add(d.Multiply(r))).Mod(n);
//save generated signatures to database
new DBCon().ExecuteNonQuery("Insert into signatures values ('" + e.ToString() + "', '" + r.ToString() + "', '" + s.ToString() + "')");
}
}
I am using BouncyCastle crypto library with C#.
I know private key can be calculated if k values is known by d = (sk - e) / r
I also know private key can be calculated if two signatures have identical r value then we can calculate k by k = (e1 - e2) / (s1 - s2) and then d by using above formula.
I also know that private key can be calculated if some bits of k are known using about 100 signatures with lattice attacks, but in this case bits of k are unknown.
any help will be appreciated. Thanks.
