Hi,

I have a hypothetical scenario where I know precisely 120 bits (out of 256) of the nonce used to create the signature for a transaction.

There is only one transaction available.


Is it possible to recover the recover the private key for this?

I assume that a lattice attack is not possible as we need more than one signature; what other possible attacks are available in this scenario?