SlowMist: elliptic encryption library discovered to have serious security vulnerabilities

According to Foresight News, SlowMist Technology announced that a serious security vulnerability (GHSA-vjh7-7g9H-fjfh) has been discovered in the widely used elliptic encryption library in the JavaScript ecosystem recently. Attackers can extract the private key by constructing specific inputs and signing only once, thereby gaining complete control over the victim's digital assets or identity credentials. The root cause of this vulnerability lies in the processing flaws of the ellipsic library for non-standard inputs, which may result in duplicate random numbers k in ECDSA signatures. Due to the extreme dependence of ECDSA algorithm's security on the uniqueness of k, once k is repeated, the private key can be directly derived, causing irreversible security risks.