SlowMist: Critical Security Vulnerability Found in Elliptic Cryptography Library

Foresight News reports that SlowMist Technology has stated that a severe security vulnerability (GHSA-vjh7-7g9h-fjfh) has been discovered in the elliptic cryptographic library, which is widely used in the JavaScript ecosystem. Attackers can extract private keys with a single signature by crafting specific inputs, thereby gaining full control over the victim's digital assets or identity credentials. The root cause of this vulnerability lies in the elliptic library's handling defects of non-standard inputs, leading to the possibility of repeated random number k in ECDSA signatures. Since the security of the ECDSA algorithm heavily relies on the uniqueness of k, once k is repeated, the private key can be directly derived, resulting in irreversible security risks.