ECDSA signature vulnerability analysis library and CLI tool.
- Nonce Reuse Detection: Identifies signatures using the same nonce (k value)
- Private Key Recovery: Recovers private keys from vulnerable signatures
- Multiple Input Formats: Supports JSON and CSV input
- Flexible Output: Human-readable or JSON output formats
cargo install --path .vusi analyze signatures.jsonecho '[{"r":"...","s":"...","z":"..."}]' | vusi analyzevusi --json analyze signatures.json[
{
"r": "6819641642398093696120236467967538361543858578256722584730163952555838220871",
"s": "5111069398017465712735164463809304352000044522184731945150717785434666956473",
"z": "4834837306435966184874350434501389872155834069808640791394730023708942795899",
"pubkey": null
}
]r,s,z,pubkey
6819641642398093696120236467967538361543858578256722584730163952555838220871,5111069398017465712735164463809304352000044522184731945150717785434666956473,4834837306435966184874350434501389872155834069808640791394730023708942795899,0: No vulnerabilities found1: Vulnerabilities detected2: Error (invalid input, etc.)
use vusi::attack::{Attack, NonceReuseAttack};
use vusi::provider::load_signatures;
let signatures = load_signatures("signatures.json")?;
let attack = NonceReuseAttack;
let vulnerabilities = attack.detect(&signatures);
for vuln in vulnerabilities {
if let Some(key) = attack.recover(&vuln) {
println!("Recovered key: {}", key.private_key_decimal);
}
}cargo testcargo build --releaseMIT