BitLogiK
BitLogiK
In case your Z is the full secret nonce, the Lattice ECDSA Attack software is not designed for that. In this case, all you have to do is to compute...
Usually, from a blockchain transaction, the hash H(m) is recomputed from the transaction message. The data signed is built from the transaction data, then hashed to get the hash value...
kp is the **known leaked part of the internal ephemeral nonce** during ECDSA. As this is supposed to be an internal secret, it can be read using a side channel....
We're sorry to hear about your issue. Yes LatticeAttack requires fpyLLL, which is the core of the software. fpyLLL (through fpLLL) performs the matrix computation to solve the result. Basically,...
An other way is to run LatticeAttack in a virtual env (venv), so fpylll doesn't detect Sage at runtime and doesn't perform unnecessary Sage conversions.
Not at all. In order to find the private key, the software needs: - A set of EC signatures - For each signature, a part of internal information. More specifically...
This issues kicks when your system has also sagemath installed. Here are some ways to fix this issue : - Remove/uninstall sagemath, if not required on your system (not used...
This is JCOP "4" 3.0.5 on NXP P71 SmartMX3. The bigger J3R320 version might be more common by the way. We'll test with other chip in this familly, one day...
Sorry, we let this project aside since that time. We need to confirm. Because yes we just see there were some [works relative to this issue](https://github.com/ANSSI-FR/SmartPGP/commit/6952d4e03de99aeec7f2ffbce76433dff8d63c25), and I totally missed...
We tested the applet v1.17+ on J3R cards, and it fixed the signatures issue. No more hazardous memory leak for signatures. 👍 But, quite as expected, the key generation after...