Can two bitcoin transactions from a Segwit address (p2sh-p2wpkh) have a reused R value?

0

Good day.

I'd found these two transactions:

https://www.blockchain.com/es/btc/tx/2b08d658045724aba40b58690ad84ec2af1f01ab58df37387dadd2b27789f44c

and

https://www.blockchain.com/es/btc/tx/5b51729c75794a5c6ea3c016923bc587895a0b790c4aea50d8bce8d472e5aa03

They're related to the SegWit address 3AQ4kUjQaDjCjmDh2ojKEHjUKTSi52UUqD.

I don't understand much about SegWit addresses transactions but it looks like the first part of each transaction has the same R Value 145d3cbed9f338b82667f410340fcb9bf401c7e837e9f4539b915fb8bced (if this is the R value).

Is that address private key compromised?

I readed something about using the same R value can be used to get the private key of an address. (Even with the same R value used in transactions from different addresses, but only if you already know the private key of one of those, with something like k = ( digest + r * privkey ) / s or so, I didn't found more about this case).

JD-Screesh

Posted 2019-10-14T23:47:15.427

Reputation: 1

Answers

1

Segwit does not use a different signature algorithm nor does it change any of the properties of a ECDSA signature. Thus if you find transactions that involve the same public keys and the same R value, then yes, the private key for that public key is revealed.

However, what you are looking at is not the R value. In fact, you are not even looking at the signature. Rather you are looking at part of the redeemScript. 145d3cbed9f338b82667f410340fcb9bf401c7e837e9f4539b915fb8bced is part of the hash of the witnessScript, not part of a signature.

The address 3AQ4kUjQaDjCjmDh2ojKEHjUKTSi52UUqD is a P2SH-P2WSH address. This means that it maps to a Pay to Script Hash (P2SH) output script, which has a redeemScript for a Pay to Witness Script Hash (P2WSH) script. The P2WSH script contains the hash of the witnessScript, which, in this case, is a multisig script.

Andrew Chow

Posted 2019-10-14T23:47:15.427

Reputation: 40 910