ECDSA-SECP256K1-Signature-Analysis-Tool

A comprehensive tool for analyzing ECDSA signatures to detect cryptographic weaknesses, implementation flaws, and potential vulnerabilities in digital signature generation.

Overview

This tool performs deep analysis of ECDSA signatures to identify various cryptographic vulnerabilities, including:

• GCD vulnerabilities in r-values
• Nonce reuse detection
• Partial nonce reuse patterns
• Shared bits between signatures
• Weak randomness patterns
• Linear relationships between signatures
• Timing vulnerabilities

Key Features

• GCD Analysis: Detects any shared factors between r-values
• Nonce Analysis:
  • Complete nonce reuse detection
  • Partial nonce reuse (shared bits)
  • Pattern analysis in nonce generation
• Statistical Analysis:
  • Bit length anomalies
  • Common prefix detection
  • Entropy analysis
• Implementation Weaknesses:
  • Timing vulnerability patterns
  • Biased nonce generation detection
• Private Key Recovery: Attempts to recover private keys when vulnerabilities are found

Usage

• git clone https://github.com/KrashKrash/ECDSA-SECP256K1-Signature-Analysis-Tool
• cd ECDSA-SECP256K1-Signature-Analysis-Tool
• python analyzer.py

Technical Details

100% using Python 3. No external dependencies needed.

Vulnerability Detection

1. GCD Vulnerabilities

   • Detects shared factors between r-values of any size
   • Identifies potential nonce generation weaknesses
   • Attempts private key recovery using GCD relationships

2. Nonce Reuse

   • Complete nonce reuse (same r-value)
   • Partial nonce reuse (shared bits)
   • Close nonce values (small differences)

3. Statistical Weaknesses

   • Bit length anomalies
   • Common prefix patterns
   • Low entropy in nonce generation
   • Biased bit distributions

4. Implementation Flaws

   • Timing attack vulnerabilities
   • Weak random number generation
   • Linear relationships between signatures

Output Format

The tool generates detailed reports including:

• Vulnerability type and severity
• Affected signatures
• Technical details of the vulnerability
• Recovered private keys (when possible)
• Recommendations for mitigation

Security Implications

This tool is designed to identify implementation flaws in ECDSA signature generation that could lead to:

• Private key compromise
• Signature forgery
• Side-channel attacks
• Cryptanalytic weaknesses

Use Cases

1. Security Auditing

   • Analyze signature implementations
   • Verify random number generator quality
   • Detect implementation vulnerabilities

2. Research and Analysis

   • Study cryptographic weaknesses
   • Analyze signature patterns
   • Test implementation security

3. Incident Response

   • Investigate potential compromises
   • Analyze signature anomalies
   • Assess vulnerability impact

Prerequisites

• Python 3.10 or higher
• Standard Python libraries only (no external dependencies)

Warning

This tool is intended for security research and authorized testing only. Do not use it to analyze signatures without proper authorization.

Contributing

Contributions are welcome! Please feel free to submit pull requests, create issues, or suggest improvements.

Author

[KRASH/The Bes3rd]

• ECDSA specification
• Bitcoin's secp256k1 curve parameters
• Academic research on ECDSA vulnerabilities