Sure you can: R of the signature is the X coordinate of the curve point nonce*G. So you can use kangaroo to search for (R, y) and (R, -y). Then you would have the nonce k and could solve for privatekey.
Well yeah, but you'd still need to figure out the Y coordinate for the nonce*G point before you can run it through Kangaroo [and something tells me that it's not S or Z].
Quote
And it usually is a sha256 hash for the message but I don't think ECDSA specifies a hashing algorithm so you can use whatever you want for the hash as long as the other side knows what algorithm you have been using if they want to rebuild the hash from the message.
So I think you should refresh your knowledge of ECDSA
.
So I think you should refresh your knowledge of ECDSA
.I was assuming fxsniper was talking specifically about Bitcoin tx signatures (which use ECDSA with sha256 hash) so I made my post around that idea.
Of course, an ECDSA signature based on an MD5 or CRC32 hash wouldn't be too hard to break ;-)