Half the same key certainly narrows down the search :D The effective bits of security for this are 64, which is still better than SSL 20 years ago.

wait. DSA. not ECDSA.

The noughties were miserable times after 2005 until the end of the decade.

l0k18

Small correction: the sony-hack was with k-value in DSA, not r-value in Schnorr. But the two hacks are conceptually the same

zuspotirko

bitcoin

Schnorr signatures: Rogue key attack explained simply in 4 slides

AR0w

Interesting scenario. The thing that comes to my mind immediately when hearing "Schnorr" and "attack" is the Sony-hack that is based on accidentally choosing the same r-value more than once. Which is a very famous attack in crypto