vusi

ECDSA signature vulnerability analysis library and CLI tool.

Features

Nonce Reuse Detection: Identifies signatures using the same nonce (k value)
Private Key Recovery: Recovers private keys from vulnerable signatures
Multiple Input Formats: Supports JSON and CSV input
Flexible Output: Human-readable or JSON output formats

Installation

cargo install --path .

Usage

Analyze signatures from file

vusi analyze signatures.json

Analyze from stdin

echo '[{"r":"...","s":"...","z":"..."}]' | vusi analyze

JSON output

vusi --json analyze signatures.json

Input Format

JSON

[
  {
    "r": "6819641642398093696120236467967538361543858578256722584730163952555838220871",
    "s": "5111069398017465712735164463809304352000044522184731945150717785434666956473",
    "z": "4834837306435966184874350434501389872155834069808640791394730023708942795899",
    "pubkey": null
  }
]

CSV

r,s,z,pubkey
6819641642398093696120236467967538361543858578256722584730163952555838220871,5111069398017465712735164463809304352000044522184731945150717785434666956473,4834837306435966184874350434501389872155834069808640791394730023708942795899,

Exit Codes

0: No vulnerabilities found
1: Vulnerabilities detected
2: Error (invalid input, etc.)

Library Usage

use vusi::attack::{Attack, NonceReuseAttack};
use vusi::provider::load_signatures;

let signatures = load_signatures("signatures.json")?;
let attack = NonceReuseAttack;
let vulnerabilities = attack.detect(&signatures);

for vuln in vulnerabilities {
    if let Some(key) = attack.recover(&vuln) {
        println!("Recovered key: {}", key.private_key_decimal);
    }
}

Development

Run tests

cargo test

Build release

cargo build --release

License

MIT

vusi 0.1.0

vusi

Features

Installation

Usage

Analyze signatures from file

Analyze from stdin

JSON output

Input Format

JSON

CSV

Exit Codes

Library Usage

Development

Run tests

Build release

License