Are transactions with the same ScriptSig a security problem?

0

For instance while looking at the transaction stack of my address, tracing it to exchanges I use, I came across this:

https://www.blockchain.com/btc/tx/543f319e52123528847681ffc62941219196983b6b2daa51aa7fd44c9bc5c981

ScriptSig: PUSHDATA(34)[0020431a072cb6352277b34d2bd4b7963939c37c2f121feb288106f64369eb1467d6]

The same ScriptSig occurs twice on this page within the same transaction?

I know reading years ago in paper by someone was outlining how you can derive the private key from the scriptsig but I remember you need to have way more data in the field...in other words: the value between two inputs should match but there were other different values? Here it's just the exact same string but occuring twice?

aka, example of signature I am sure it's hackable:

(some header data) + (vulnerable data that occurs in other inputs) + (some more data)

very dumbed-down example:

00207777777777777777777777777123123 <- input1; 00217777777777777777777777777000000 <- input2

then by doing some simple math people can get the private key from input1 and input2 (multiplying/dviding etc, forgot how it worked just because the middle is the same of both inputs).

I have no idea what is 'witness' either, guessing miner who confirmed it?

user3918597

Posted 2019-03-25T21:11:58.380

Reputation: 3

Answers

0

In the example you specified, the scriptsig is duplicated as these are p2sh-p2wpkh addresses. The actual signature is still different, with unique R values.

It is only possible to recover the private key if your have two different signatures from the same key that use the same R-value. This is avoided in any sane wallet by following rfc6979, which creates an R-value deterministically from the data being signed.

Raghav Sood

Posted 2019-03-25T21:11:58.380

Reputation: 10 897

thanks this makes more sense, but how is 'deterministic random value' generated? e.q.: try random number vs blockchain...if it exists: try new one, keep doing it till this is unique? or it's different than that maybe...that's a long article. 10x anyhow.user3918597 2019-03-25T21:59:22.353

@user3918597 You're looking at this from the wrong side. There are completely distinct transactions being signed, so the resulting signatures are completely distinct. The nonces going into those signatures are distinct because they're distinct data being signed. The fact that the scriptSig is identical is not indicative of any problem, as the scriptSig does not contain the signature in this case.Pieter Wuille 2019-03-25T22:03:02.523

@user3918597 So there is no need to look at the blockchain to avoid repeating the same nonce. Deterministic nonces are computed from the private key and the message, and since the message is distinct here, the nonce will also be.Pieter Wuille 2019-03-25T22:56:04.477

ok this makes more sense nowuser3918597 2019-03-26T00:27:19.383

Asked: 2019-03-25T21:11:58.380

Viewed: 49 times

Active: 2019-03-25T21:50:30.720