The Elliptic Curve DSA Algorithm That Makes It Easy to Derive a Public Key From a Signature

An interesting new vulnerability affecting JSON web tokens. They're very commonly used for authentication access control in modern web applications. A common problem here is that if you verify a particular signature well you may use a key that was really only intended for asymmetric encryption and then use it to verify a symmetric algorithm. It's not as easy as you would expect sometimes to get the public key that's being used to verify these JWTs but there is one particular algorithm that makes it quite easy to derive the public key from the signature.