Bitcoin Transaction Decoder

Use this online tool to decode Bitcoin Transaction and retrieve the following information from P2PKH-input scripts:

What is ECDSA weak signature vulnerability?

The ECDSA weak signature vulnerability refers to a security flaw where certain weak or non-random values used during the signature generation process can lead to the compromise of the private key. This vulnerability allows an attacker to recover the private key from the weak signature, compromising the security of the digital signature scheme.

In ECDSA, a digital signature is represented by two values: "r" and "s." These values are derived from a process that involves the private key, the message being signed, and other parameters. The "r" value represents the x-coordinate of a point on the elliptic curve, while the "s" value is a scalar derived from the private key and the message.

The "z" value is a hash of the message being signed, which is an essential part of the ECDSA signature generation process. The "z" value is typically calculated as the SHA-256 hash of the concatenation of various components of the transaction data, such as the transaction inputs, outputs, and other relevant information. It serves as a unique identifier for the message being signed and ensures that the signature is tied to the specific transaction.

The ECDSA weak signature issue arises when the "r" and "s" values are not securely generated due to weaknesses in the random number generation process. In some cases, two or more signatures may share the same "r" value, enabling an attacker to recover the private key using the following formula:

private key = (z1 * s2 - z2 * s1) / (r * (s1 - s2))

The issue has been discovered 2012 within the Bitcoin network. As for now, no known instances of a weak signature attack in the Bitcoin network have been reported.