Hey guys, sorry again for my lack of communication recently, this family get-together has lasted a lot longer than I thought!

Anyway I'm not sure if you've heard but a side-channel attack for ECDSA has been published, to be specific the ECDSA variant used in Bitcoin/Litecoin/TiPS/etccoin.

It allows an attacker to recover the private key for a given address/publickey, but only under certain circumstances. (in non-techie terms, it allows someone to make a wallet key mold from your wallet lock and unlock your wallet with it)

I tried looking around to see if any other coin devs talked about this yet but I haven't found anything (it's hard to search on a phone though, if you've heard anything a link would be appreciated!)

Maybe it's just not a priority to them, seeing as the attack depends on the factors below (might be incorrect, based on what I could understand from the paper and what others have said):

If all of these conditions are met then recovering the targets private key is only a matter of time, and while the probability of all of these being met is pretty slim it still leaves a possibility.

Maybe other coin developers have already marked it down as WONTFIX, but I won't stand by and allow the coin I develop to contain any public exploits.

A mitigation technique (aka: semi-fix) is already described in the paper, although it sounds like it might take some work to implement. I'll start looking into it as soon as I get back but that might not be until March 9th or so.

PS. sorry if this post reads a bit weird, had to rewrite it because my phone randomly skipped back a page and I lost the post before I could send it -.-