From 0f785e6191b1fad90ab222e2a377cec60fc6e521 Mon Sep 17 00:00:00 2001
From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com>
Date: Tue, 4 Oct 2022 00:15:22 +0300
Subject: [PATCH] Add entries about ECDSA leakage (#27)

* Add entries about ECDSA leakage

The ECDSA is fragile: even small leakages in nonce can help
recovering the private key. The leakage could be a result of a
faulty RNG or timing leak. The most unfortunate part is that this
fact is generally unknown. Therefore, I think this is a valuable
addition.

* Fix link with garykessler.net

Replace it with web archive.

Co-authored-by: Pavlo Farb <pavlo@cossacklabs.com>
---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2cc4b34..5219713 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ It will be extended gradually as I find something of "must-have" value. Pull req
 
 #### Brief introductions
 
-* [An Overview of Cryptography](http://www.garykessler.net/library/crypto.html) - By Gary C. Kessler.
+* [An Overview of Cryptography](http://web.archive.org/web/20220918232416/https://www.garykessler.net/library/crypto.html) - By Gary C. Kessler.
 * [Using Encryption for Authentication in Large Networks](http://inst.eecs.berkeley.edu/~cs268/sp02/cached_papers/needham.pdf) - By Needham, Schroeder: this is were crypto-based auth starts.
 * [Communication Theory of Secrecy Systems](http://web.archive.org/web/20201112040412/http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf) - Fundamental cryptography paper by Claude Shannon.
 
@@ -123,6 +123,9 @@ It will be extended gradually as I find something of "must-have" value. Pull req
 * [Software implementation of the NIST elliptic curves over prime fields](http://delta.cs.cinvestav.mx/~francisco/arith/julio.pdf) - Pracitcal example of implementing elliptic curve crypto, by M. Brown et al.
 * [High-speed high-security signatures](https://ed25519.cr.yp.to/ed25519-20110926.pdf) - Seminal paper on EdDSA signatures on ed25519 curve by Daniel J. Bernstein et al.
 * [Recommendations for Discrete Logarithm-Based Cryptography: Elliptic Curve Domain Parameters (NIST SP 800-186)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186-draft.pdf) - Official NIST guide how securely implement elliptic curves. It also includes math shortcuts, optimizations and possible security risk of wrong algorithm implementation. [(October 2019)](https://csrc.nist.gov/publications/detail/sp/800-186/draft)
+* [Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies](https://eprint.iacr.org/2019/023.pdf) - Computing private keys by analyzing and exploiting biases in ECDSA nonces.
+* [Minerva: The curse of ECDSA nonces](https://eprint.iacr.org/2020/728.pdf) - Exploiting timing/bit-length leaks for recovering private keys from ECDSA signatures
+* [LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage](https://eprint.iacr.org/2020/615.pdf) - Breaking 160-bit curve ECDSA using less than one bit leakage.
 
 #### Zero Knowledge Proofs