feat: Add ECDSA signature vulnerability data #95
Description
Summary
Extend boha to include ECDSA signature data for cryptographic research and vulnerability analysis.
Context
The btcsec ecosystem currently covers:
- Key generation vulnerabilities (vuke)
- ECDLP solving (kangaroo)
- Hash databases (shaha)
Missing: Signature vulnerability data - known cases of weak ECDSA signatures that can be used for:
- Research and education
- Testing signature analysis tools
- Historical vulnerability documentation
Proposed Data Structure
pub struct VulnerableSignature {
pub tx_id: String,
pub address: String,
pub r: [u8; 32],
pub s: [u8; 32],
pub z: [u8; 32], // message hash
pub vulnerability_type: VulnerabilityType,
}
pub enum VulnerabilityType {
NonceReuse,
BiasedNonce,
LcgNonce,
// ... future types
}Data Sources
- Known nonce reuse transactions from blockchain
- Historical vulnerability cases (Android SecureRandom 2013, etc.)
- CTF/puzzle signatures
Provider Pattern
Following existing boha patterns: boha:signatures:nonce-reuse