How does the Related Key Attack on Schnorr Signatures work in real life?

We know that Schnorr signature is applied this way:

Key Generation

  • Define curve ( E ), field ( F_q ), order ( N ), generator ( G ), and hash ( h ).
  • Private key: ( d in (0, N) ), Public key: ( P = dG ).

Signing

  1. Random ( k in (1, N) ), compute ( R = kG ).
  2. ( c = h(R || M) ), ( s = (k + d * c) % N ).
  3. Signature: ( (R, s) ).

Verification

  • Compute ( c = h(R || M) ) and check ( sG = R + cP ).
  • Valid if true.

Related-key attack:

A Related Key Attack targets the Schnorr signature scheme by exploiting additive modifications to public keys.

If an attacker has a valid signature ( (R, s) ) for a public key ( P ), they can generate another valid signature ( (R, s + ac) ) for a related public key ( P + aG ), where ( a ) is a scalar. Thus, public keys generated via additive changes are vulnerable, as the attacker can forge valid signatures.

My doubt

What I don't understand is how this attack works in a real scenario. What should an attacker actually do?

The attacker must hope to find a victim with the exact public key ( P + aG ). The attacker cannot arbitrarily choose this public key. While the attacker can modify the scalar ( a ), it is dependent on the original public key ( P ), so the victim public key cannot be selected freely.

So, how does this attack manifest in the real world? Am I missing something here?



from Recent Questions - Bitcoin Stack Exchange https://ift.tt/CJj8qQu
via IFTTT

Popular posts from this blog

Crypto Exec Warns Tokenization Is Moving Faster Than Expected

Image
According to a post shared on X by Keith Grossman, president of crypto payments firm MoonPay, finance is heading toward an onchain future that could unfold over several years. The view comes as large banks and asset managers begin product tokenization, a move that once seemed extreme but is now being treated as a practical step by major institutions. Regulatory Signals Push Institutions Forward Based on reports cited by Grossman, progress has accelerated because rules are becoming clearer. Legislative efforts, regulatory guidance, bank involvement and accounting standards are starting to line up. That combination reduces uncertainty, which is often what slows large pools of capital. BlackRock has already launched tokenized funds, while Franklin Templeton is running tokenized money market funds on public blockchains. Those actions suggest that tokenization is no longer confined to pilot labs or internal trials. It is being used with real assets and real clients. Bank of Ameri...
Read more

Bitcoin Mining Could Be Strengthening The Ruble, Russian Central Bank Says

Image
Bitcoin mining may be providing incremental support to the Russian ruble, Central Bank Governor Elvira Nabiullina said, while cautioning that the effect is difficult to measure because much of the sector still operates in a legal and reporting gray zone. Bitcoin Mining May Support The Ruble Responding to a question at a press conference, Nabiullina said it is “probably difficult to quantify” mining’s influence “because a significant part of mining is still in a gray area.” Still, she added that mining is “indeed one of the additional factors contributing to the strong ruble exchange rate.” As Russian business news portal for RBC reported , her remarks come as Russian officials increasingly frame mining and crypto flows as macro-relevant, not just a niche tech or energy story. Earlier, Maxim Oreshkin, deputy head of the presidential administration, said ruble forecasts have been thrown off by the underestimation of financial flows tied to mining and cryptocurrency. In his view, the s...
Read more

Nigerian SEC Partners With Police To Tackle Crypto Ponzi Schemes – Details

Image
The Nigerian Securities and Exchange Commission (SEC) is maintaining an intense focus on the local cryptocurrency industry, as indicated by recent developments. While introducing minimum capital requirements for previously unregulated virtual asset service providers (VASPs), the securities regulator has also formed an alliance with the Nigeria Police Force (NPF) against cryptocurrency fraud, among other illegal operations. Nigerian SEC Looks To Improve Crypto Investors’ Protection According to local media Voice of Nigeria , the SEC is ramping up efforts aimed at investor protection and transparent market operations in the crypto ecosystem. In a recent meeting with the NPF, the Commission’s Director-General (DG), Dr. Emomotimi Agama, communicated to the Inspector General of Police (IGP), Kayode Egbetokun, concerns over malicious actors in the financial markets who exploit investors’ trust for personal gains.  Dr. Agama said: They cloak their deceit in the glamorous but misunder...
Read more