Cryptographic well-known attacks
SafeCurves: choosing safe curves for elliptic-curve cryptography
BLS signature
These curves are slower for single verifications, and worse accounts should last decades while pairing friendly curves should be expected become less secure as number theory advances.
HDKD (hierarchical deterministic key derivation)
Index calculus
pairingにおける$ G_Tのre-exposeを利用してindex calculus algorithmを利用
zcashのBN curveで発見されBls12-381へ移行
cofactor
ECDSA
Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies
The
determinism of the algorithms described in this note may be useful to
an attacker in some forms of side-channel attacks, so implementations
SHOULD use defensive measures to avoid leaking the private key
through a side channel.
Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)
secp256k1 has a small CM field discriminant, which might yield better attacks in the distant future.
Invalid-curve attacks
Timing Attack
暗号学的アルゴリズムの処理に要する時間の差に基づき攻撃する手法
例えば、パスワード入力時に1文字に対して一番長く処理がかかる文字が合っていると推測できる。(正解の場合に限り次の文字の処理が実行されるから)
Length Extension Attack
$ H(m_1)から$ H(m_1||m_2)を求める攻撃