Does the issue of repeating the worth r nonetheless persist right this moment in Bitcoin transactions?
In case your query is whether or not Bitcoin signatures are nonetheless weak if their nonces are generated in a foul approach: sure, completely. The safety of the ECDSA scheme (and the Schnorr scheme launched in BIP340) depends on signatures being created utilizing nonces which can be completely unpredictable to attackers.
Nonetheless, I do assume it is honest to say that the software program stacks utilized in Bitcoin software program that constructs these signatures has matured so it happens much less in observe. Methods like deterministic nonces as standardized in RFC6979 makes it a lot simpler to put in writing secure implementations.
If that’s the case, how can I discover transactions that include this factor?
There are questions on this web site that give extra sensible particulars, however in broad traces, you go over all of the blockchain’s transactions, group signatures by the general public key they’re created for, and inside every group see if any R worth is repeated. If that’s the case, you possibly can typically compute the non-public key from the signatures.
Relaxation assured that any funds remaining in addresses whose keys may be retrieved this manner are immediately stolen.
I’ve analysis on the way to shield digital property.
Use production-quality, well-reviewed, pockets software program or libraries. They may produce signatures in safe approach. Should you’re writing code your self the place dangerous nonces are a priority, you are virtually actually doing one thing flawed.
