This work addresses private-key leakage in ECDSA arising from affine relations among non-reused ephemeral scalars (i.e., (k_2 = a cdot k_1 + b)). We propose the first closed-form algebraic method capable of recovering the secret key from merely two signatures—even on identical messages. Unlike conventional lattice-based attacks requiring either nonce reuse or large signature samples, our approach constructs elliptic curve discrete logarithm equations and applies exact linear elimination to directly solve for the secret key. The method is purely algebraic, involves no heuristic search, and relies neither on lattice reduction nor probabilistic assumptions. Evaluated on NIST P-256, it achieves 100% private-key recovery success with millisecond-level computation time per instance. This result breaks the traditional dependency of ECDSA side-channel attacks on nonce reuse or extensive signature collections, thereby substantially lowering the practical exploitability threshold for real-world implementation flaws.

The security of the Elliptic Curve Digital Signature Algorithm (ECDSA) depends on the uniqueness and secrecy of the nonce, which is used in each signature. While it is well understood that nonce $k$ reuse across two distinct messages can leak the private key, we show that even if a distinct value is used for $k_2$, where an affine relationship exists in the form of: (k_m = a cdot k_n + b), we can also recover the private key. Our method requires only two signatures (even over the same message) and relies purely on algebra, with no need for lattice reduction or brute-force search(if the relationship, or offset, is known). To our knowledge, this is the first closed-form derivation of the ECDSA private key from only two signatures over the same message, under a known affine relationship between nonces.