How EdDSA Vulnerability Exposed Private Keys in Popular Libraries

In this research, a serious weakness in the standardized EdDSA digital signature technique that had not been previously reported is revealed. By employing the signing function as a public key oracle, the attack takes advantage of the scheme's deterministic character. An adversary can forge signatures for any message by simply recovering the server's whole private key if they can provide the signing API with an arbitrary public key. At the time of publication, 45 well-known cryptographic libraries' APIs were found to be susceptible to this attack by the authors. The paper offers two practical solutions to protect EdDSA signature routines from this oracle attack, along with a thorough description of the exploit and a list of affected implementations.