How can my private key be revealed if I use the same nonce while generating the signature?How can I use message signing to prove that I have private keys for many different accounts?Step by Step - how does sending 1 bitcoin work?Can same private key generate multiple addresses?How a private key can be invalid?Multi signature wallet I'll know the private keyGenerating private/public key and using ECC and EC_POINT_mul() functionDigital Signature and private/public keyWhat does a bitcoin transaction contain?generating private key from bip39 seedHow can you calculate the inverse of S component of signature, while you cannot do it in ECC to calculate private key from public key?

How do I keep an essay about "feeling flat" from feeling flat?

How do I define a right arrow with bar in LaTeX?

IGraph/M Library - ConfigurationModel

Cynical novel that describes an America ruled by the media, arms manufacturers, and ethnic figureheads

Teaching indefinite integrals that require special-casing

The Riley Riddle Mine

How can I replace every global instance of "x[2]" with "x_2"

Print name if parameter passed to function

Why "be dealt cards" rather than "be dealing cards"?

The plural of 'stomach"

Are there any thematic similarities between Shostakovichs' Symphony 5th and Beethovens' 7th symphony?

Tiptoe or tiphoof? Adjusting words to better fit fantasy races

voltage of sounds of mp3files

Is exact Kanji stroke length important?

Modulo 2 binary long division in European notation

Implement the Thanos sorting algorithm

What is the intuitive meaning of having a linear relationship between the logs of two variables?

General airship questions: largest possible size?

Efficiently merge handle parallel feature branches in SFDX

What is the opposite of 'gravitas'?

There is only s̶i̶x̶t̶y one place he can be

How to prove that the query oracle is unitary?

Could you calculate the variance of data using the median or something other than the mean?

how to analyze "是其于主也至忠矣"



How can my private key be revealed if I use the same nonce while generating the signature?


How can I use message signing to prove that I have private keys for many different accounts?Step by Step - how does sending 1 bitcoin work?Can same private key generate multiple addresses?How a private key can be invalid?Multi signature wallet I'll know the private keyGenerating private/public key and using ECC and EC_POINT_mul() functionDigital Signature and private/public keyWhat does a bitcoin transaction contain?generating private key from bip39 seedHow can you calculate the inverse of S component of signature, while you cannot do it in ECC to calculate private key from public key?













2















I know it is well understood that it is not a good practice to use the same nonce while generating the signatures, but I am not getting the math right.



Assume I have some UTXOs that are controlled by my private key Q. Say I have spent two of the UTXOs using nonce 'N' to generate my signature. Now the (R,S) components of the signature are public and the transactions are public so everyone has access to them.



S1 = N^(-1)*[hash(m1) + Q*R] mod p


S2 = N^(-1)*[hash(m2) + Q*R] mod p



S1 - S2 = N^(-1)*[hash(m1) - hash(m2)] mod p


Even though we know S1, S2, m1 and m2, isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?










share|improve this question


























    2















    I know it is well understood that it is not a good practice to use the same nonce while generating the signatures, but I am not getting the math right.



    Assume I have some UTXOs that are controlled by my private key Q. Say I have spent two of the UTXOs using nonce 'N' to generate my signature. Now the (R,S) components of the signature are public and the transactions are public so everyone has access to them.



    S1 = N^(-1)*[hash(m1) + Q*R] mod p


    S2 = N^(-1)*[hash(m2) + Q*R] mod p



    S1 - S2 = N^(-1)*[hash(m1) - hash(m2)] mod p


    Even though we know S1, S2, m1 and m2, isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?










    share|improve this question
























      2












      2








      2








      I know it is well understood that it is not a good practice to use the same nonce while generating the signatures, but I am not getting the math right.



      Assume I have some UTXOs that are controlled by my private key Q. Say I have spent two of the UTXOs using nonce 'N' to generate my signature. Now the (R,S) components of the signature are public and the transactions are public so everyone has access to them.



      S1 = N^(-1)*[hash(m1) + Q*R] mod p


      S2 = N^(-1)*[hash(m2) + Q*R] mod p



      S1 - S2 = N^(-1)*[hash(m1) - hash(m2)] mod p


      Even though we know S1, S2, m1 and m2, isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?










      share|improve this question














      I know it is well understood that it is not a good practice to use the same nonce while generating the signatures, but I am not getting the math right.



      Assume I have some UTXOs that are controlled by my private key Q. Say I have spent two of the UTXOs using nonce 'N' to generate my signature. Now the (R,S) components of the signature are public and the transactions are public so everyone has access to them.



      S1 = N^(-1)*[hash(m1) + Q*R] mod p


      S2 = N^(-1)*[hash(m2) + Q*R] mod p



      S1 - S2 = N^(-1)*[hash(m1) - hash(m2)] mod p


      Even though we know S1, S2, m1 and m2, isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?







      private-key signature cryptography






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 3 hours ago









      Ugam KamatUgam Kamat

      42112




      42112




















          2 Answers
          2






          active

          oldest

          votes


















          1















          isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?




          No, it is not. This does not require finding the discrete logarithm at all. Solving the discrete logarithm is finding the exponent to a known base. However in this problem we are trying to find the base and know what the exponent is. Furthermore, this known exponent is -1 for which finding the base of something raise to -1 is to raise the result to -1 again, i.e. taking the inverse of the inverse.



          There are algorithms that exist to find the modular inverse of a number which is how N^(-1) is found in the first place. To find N, you just need to take the inverse of N^(-1) because of the identity that an inverse an inverse is the element itself.






          share|improve this answer























          • Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

            – Ugam Kamat
            1 hour ago






          • 1





            No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

            – Andrew Chow
            1 hour ago











          • That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

            – Ugam Kamat
            1 hour ago


















          2














          Let me rewrite your question in a different notation, where all lowercase values are integers and uppercase values are points.



          • The group generator is G (a known constant).

          • The private key is q, its corresponding public key is Q = qG.

          • The nonce is n, its corresponding point is R = nG.

          • The X coordinate of R is r.

          • The hash function is h(x).

          • A signature is (r,s), where s is computed as n-1(h(m) + qr).

          • A signature is valid iff r = x(s-1(h(m)G + rQ)).

          Now for the two signatures it holds that:



          • s1 = n-1(h(m1) + qr)

          • s2 = n-1(h(m2) + qr)

          • s1 - s2 = n-1(h(m1) - h(m2))

          • n = (s1 - s2)-1(h(m1) - h(m2))

          As s1 and s2 are just integers, (s1 - s2)-1 can be trivially computed using a modular inverse; there are no elliptic curve points involved here (over which this problem would be hard).



          Once you know n, you can find q by rewriting the first equation:



          • ns1 = h(m1) + qr

          • ns1 - h(m1) = qr

          • q = r-1(ns1 - h(m1))





          share|improve this answer
























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "308"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85638%2fhow-can-my-private-key-be-revealed-if-i-use-the-same-nonce-while-generating-the%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1















            isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?




            No, it is not. This does not require finding the discrete logarithm at all. Solving the discrete logarithm is finding the exponent to a known base. However in this problem we are trying to find the base and know what the exponent is. Furthermore, this known exponent is -1 for which finding the base of something raise to -1 is to raise the result to -1 again, i.e. taking the inverse of the inverse.



            There are algorithms that exist to find the modular inverse of a number which is how N^(-1) is found in the first place. To find N, you just need to take the inverse of N^(-1) because of the identity that an inverse an inverse is the element itself.






            share|improve this answer























            • Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

              – Ugam Kamat
              1 hour ago






            • 1





              No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

              – Andrew Chow
              1 hour ago











            • That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

              – Ugam Kamat
              1 hour ago















            1















            isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?




            No, it is not. This does not require finding the discrete logarithm at all. Solving the discrete logarithm is finding the exponent to a known base. However in this problem we are trying to find the base and know what the exponent is. Furthermore, this known exponent is -1 for which finding the base of something raise to -1 is to raise the result to -1 again, i.e. taking the inverse of the inverse.



            There are algorithms that exist to find the modular inverse of a number which is how N^(-1) is found in the first place. To find N, you just need to take the inverse of N^(-1) because of the identity that an inverse an inverse is the element itself.






            share|improve this answer























            • Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

              – Ugam Kamat
              1 hour ago






            • 1





              No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

              – Andrew Chow
              1 hour ago











            • That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

              – Ugam Kamat
              1 hour ago













            1












            1








            1








            isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?




            No, it is not. This does not require finding the discrete logarithm at all. Solving the discrete logarithm is finding the exponent to a known base. However in this problem we are trying to find the base and know what the exponent is. Furthermore, this known exponent is -1 for which finding the base of something raise to -1 is to raise the result to -1 again, i.e. taking the inverse of the inverse.



            There are algorithms that exist to find the modular inverse of a number which is how N^(-1) is found in the first place. To find N, you just need to take the inverse of N^(-1) because of the identity that an inverse an inverse is the element itself.






            share|improve this answer














            isn't solving for N^(-1), and hence N, becomes equivalent to finding the solution to the discrete logarithm?




            No, it is not. This does not require finding the discrete logarithm at all. Solving the discrete logarithm is finding the exponent to a known base. However in this problem we are trying to find the base and know what the exponent is. Furthermore, this known exponent is -1 for which finding the base of something raise to -1 is to raise the result to -1 again, i.e. taking the inverse of the inverse.



            There are algorithms that exist to find the modular inverse of a number which is how N^(-1) is found in the first place. To find N, you just need to take the inverse of N^(-1) because of the identity that an inverse an inverse is the element itself.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 2 hours ago









            Andrew ChowAndrew Chow

            33k42462




            33k42462












            • Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

              – Ugam Kamat
              1 hour ago






            • 1





              No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

              – Andrew Chow
              1 hour ago











            • That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

              – Ugam Kamat
              1 hour ago

















            • Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

              – Ugam Kamat
              1 hour ago






            • 1





              No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

              – Andrew Chow
              1 hour ago











            • That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

              – Ugam Kamat
              1 hour ago
















            Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

            – Ugam Kamat
            1 hour ago





            Isn't the order of how the equation is written same as the public key generation? You have [hash(m1) - hash(m2)] as the base and N^(-1) as the exponent?

            – Ugam Kamat
            1 hour ago




            1




            1





            No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

            – Andrew Chow
            1 hour ago





            No. [hash(m1) - hash(m2)] is an integer, not a elliptic curve point. N^(-1) is also an integer. So this formula is just integer multiplication. It is not exponentiation nor is it curve point multiplication (the two things that have discrete log problems). Thus it is not solving any discrete logarithm.

            – Andrew Chow
            1 hour ago













            That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

            – Ugam Kamat
            1 hour ago





            That's what I was looking for. So since N^(-1)*[hash(m1) - hash(m2)] is just integer multiplication modulo p vs curve point addition.

            – Ugam Kamat
            1 hour ago











            2














            Let me rewrite your question in a different notation, where all lowercase values are integers and uppercase values are points.



            • The group generator is G (a known constant).

            • The private key is q, its corresponding public key is Q = qG.

            • The nonce is n, its corresponding point is R = nG.

            • The X coordinate of R is r.

            • The hash function is h(x).

            • A signature is (r,s), where s is computed as n-1(h(m) + qr).

            • A signature is valid iff r = x(s-1(h(m)G + rQ)).

            Now for the two signatures it holds that:



            • s1 = n-1(h(m1) + qr)

            • s2 = n-1(h(m2) + qr)

            • s1 - s2 = n-1(h(m1) - h(m2))

            • n = (s1 - s2)-1(h(m1) - h(m2))

            As s1 and s2 are just integers, (s1 - s2)-1 can be trivially computed using a modular inverse; there are no elliptic curve points involved here (over which this problem would be hard).



            Once you know n, you can find q by rewriting the first equation:



            • ns1 = h(m1) + qr

            • ns1 - h(m1) = qr

            • q = r-1(ns1 - h(m1))





            share|improve this answer





























              2














              Let me rewrite your question in a different notation, where all lowercase values are integers and uppercase values are points.



              • The group generator is G (a known constant).

              • The private key is q, its corresponding public key is Q = qG.

              • The nonce is n, its corresponding point is R = nG.

              • The X coordinate of R is r.

              • The hash function is h(x).

              • A signature is (r,s), where s is computed as n-1(h(m) + qr).

              • A signature is valid iff r = x(s-1(h(m)G + rQ)).

              Now for the two signatures it holds that:



              • s1 = n-1(h(m1) + qr)

              • s2 = n-1(h(m2) + qr)

              • s1 - s2 = n-1(h(m1) - h(m2))

              • n = (s1 - s2)-1(h(m1) - h(m2))

              As s1 and s2 are just integers, (s1 - s2)-1 can be trivially computed using a modular inverse; there are no elliptic curve points involved here (over which this problem would be hard).



              Once you know n, you can find q by rewriting the first equation:



              • ns1 = h(m1) + qr

              • ns1 - h(m1) = qr

              • q = r-1(ns1 - h(m1))





              share|improve this answer



























                2












                2








                2







                Let me rewrite your question in a different notation, where all lowercase values are integers and uppercase values are points.



                • The group generator is G (a known constant).

                • The private key is q, its corresponding public key is Q = qG.

                • The nonce is n, its corresponding point is R = nG.

                • The X coordinate of R is r.

                • The hash function is h(x).

                • A signature is (r,s), where s is computed as n-1(h(m) + qr).

                • A signature is valid iff r = x(s-1(h(m)G + rQ)).

                Now for the two signatures it holds that:



                • s1 = n-1(h(m1) + qr)

                • s2 = n-1(h(m2) + qr)

                • s1 - s2 = n-1(h(m1) - h(m2))

                • n = (s1 - s2)-1(h(m1) - h(m2))

                As s1 and s2 are just integers, (s1 - s2)-1 can be trivially computed using a modular inverse; there are no elliptic curve points involved here (over which this problem would be hard).



                Once you know n, you can find q by rewriting the first equation:



                • ns1 = h(m1) + qr

                • ns1 - h(m1) = qr

                • q = r-1(ns1 - h(m1))





                share|improve this answer















                Let me rewrite your question in a different notation, where all lowercase values are integers and uppercase values are points.



                • The group generator is G (a known constant).

                • The private key is q, its corresponding public key is Q = qG.

                • The nonce is n, its corresponding point is R = nG.

                • The X coordinate of R is r.

                • The hash function is h(x).

                • A signature is (r,s), where s is computed as n-1(h(m) + qr).

                • A signature is valid iff r = x(s-1(h(m)G + rQ)).

                Now for the two signatures it holds that:



                • s1 = n-1(h(m1) + qr)

                • s2 = n-1(h(m2) + qr)

                • s1 - s2 = n-1(h(m1) - h(m2))

                • n = (s1 - s2)-1(h(m1) - h(m2))

                As s1 and s2 are just integers, (s1 - s2)-1 can be trivially computed using a modular inverse; there are no elliptic curve points involved here (over which this problem would be hard).



                Once you know n, you can find q by rewriting the first equation:



                • ns1 = h(m1) + qr

                • ns1 - h(m1) = qr

                • q = r-1(ns1 - h(m1))






                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 1 hour ago

























                answered 1 hour ago









                Pieter WuillePieter Wuille

                47.7k399160




                47.7k399160



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Bitcoin Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85638%2fhow-can-my-private-key-be-revealed-if-i-use-the-same-nonce-while-generating-the%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Are there any AGPL-style licences that require source code modifications to be public? Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Force derivative works to be publicAre there any GPL like licenses for Apple App Store?Do you violate the GPL if you provide source code that cannot be compiled?GPL - is it distribution to use libraries in an appliance loaned to customers?Distributing App for free which uses GPL'ed codeModifications of server software under GPL, with web/CLI interfaceDoes using an AGPLv3-licensed library prevent me from dual-licensing my own source code?Can I publish only select code under GPLv3 from a private project?Is there published precedent regarding the scope of covered work that uses AGPL software?If MIT licensed code links to GPL licensed code what should be the license of the resulting binary program?If I use a public API endpoint that has its source code licensed under AGPL in my app, do I need to disclose my source?

                    2013 GY136 Descoberta | Órbita | Referências Menu de navegação«List Of Centaurs and Scattered-Disk Objects»«List of Known Trans-Neptunian Objects»

                    Mortes em março de 2019 Referências Menu de navegação«Zhores Alferov, Nobel de Física bielorrusso, morre aos 88 anos - Ciência»«Fallece Rafael Torija, o bispo emérito de Ciudad Real»«Peter Hurford dies at 88»«Keith Flint, vocalista do The Prodigy, morre aos 49 anos»«Luke Perry, ator de 'Barrados no baile' e 'Riverdale', morre aos 52 anos»«Former Rangers and Scotland captain Eric Caldow dies, aged 84»«Morreu, aos 61 anos, a antiga lenda do wrestling King Kong Bundy»«Fallece el actor y director teatral Abraham Stavans»«In Memoriam Guillaume Faye»«Sidney Sheinberg, a Force Behind Universal and Spielberg, Is Dead at 84»«Carmine Persico, Colombo Crime Family Boss, Is Dead at 85»«Dirigent Michael Gielen gestorben»«Ciclista tricampeã mundial e prata na Rio 2016 é encontrada morta em casa aos 23 anos»«Pagan Community Notes: Raven Grimassi dies, Indianapolis pop-up event cancelled, Circle Sanctuary announces new podcast, and more!»«Hal Blaine, Wrecking Crew Drummer, Dies at 90»«Morre Coutinho, que editou dupla lendária com Pelé no Santos»«Cantor Demétrius, ídolo da Jovem Guarda, morre em SP»«Ex-presidente do Vasco, Eurico Miranda morre no Rio de Janeiro»«Bronze no Mundial de basquete de 1971, Laís Elena morre aos 76 anos»«Diretor de Corridas da F1, Charlie Whiting morre aos 66 anos às vésperas do GP da Austrália»«Morreu o cardeal Danneels, da Bélgica»«Morreu o cartoonista Augusto Cid»«Morreu a atriz Maria Isabel de Lizandra, de "Vale Tudo" e novelas da Tupi»«WS Merwin, prize-winning poet of nature, dies at 91»«Atriz Márcia Real morre em São Paulo aos 88 anos»«Mauritanie: décès de l'ancien président Mohamed Mahmoud ould Louly»«Morreu Dick Dale, o rei da surf guitar e de "Pulp Fiction"»«Falleció Víctor Genes»«João Carlos Marinho, autor de 'O Gênio do Crime', morre em SP»«Legendary Horror Director and SFX Artist John Carl Buechler Dies at 66»«Morre em Salvador a religiosa Makota Valdina»«مرگ بازیکن‌ سابق نساجی بر اثر سقوط سنگ در مازندران»«Domingos Oliveira morre no Rio»«Morre Airton Ravagniani, ex-São Paulo, Fla, Vasco, Grêmio e Sport - Notícias»«Morre o escritor Flavio Moreira da Costa»«Larry Cohen, Writer-Director of 'It's Alive' and 'Hell Up in Harlem,' Dies at 77»«Scott Walker, experimental singer-songwriter, dead at 76»«Joseph Pilato, Day of the Dead Star and Horror Favorite, Dies at 70»«Sheffield United set to pay tribute to legendary goalkeeper Ted Burgin who has died at 91»«Morre Rafael Henzel, sobrevivente de acidente aéreo da Chapecoense»«Morre Valery Bykovsky, um dos primeiros cosmonautas da União Soviética»«Agnès Varda, cineasta da Nouvelle Vague, morre aos 90 anos»«Agnès Varda, cineasta francesa, morre aos 90 anos»«Tania Mallet, James Bond Actress and Helen Mirren's Cousin, Dies at 77»e