Breaking ECDSA with Two Affinely Related Nonces
The security of the Elliptic Curve Digital Signature Algorithm ECDSA depends on the uniqueness and secrecy of the nonce, which is used in each signature. While it is well understood that nonce $k$ reuse across two distinct messages can leak the private key, we show that even if a distinct value i...