Ever wonder why it isn't possible to guess private key from bitcoin address? How private key keeps your fund safe? How signatures can only be generated using private key but can be verified using public key? The answer to all these questions is Elliptic Curve Cryptography (ECC). Although ECC is not unique to Bitcoin and was introduced much before Bitcoin but it is one of the most important fundamental of Bitcoin. With just few lines of code, ECC ensures that funds on address remain safe and only person holding private key can access those funds.

Ok! Now let's dive deep into the topic. I will not explain the basics of Elliptic Curve Cryptography in this thread. Rather I will take essential components of ECC which are being used in Bitcoin and only explain things from Bitcoin's point of view so things remain easy to understand.


Bitcoin uses specific elliptic curve known as secp256k1. SECG have defined the exact values for various parameters that are used in the calculation for secp256k1 curve. There are total 6 parameters but we only need 3 for the calculation. Let's have a look at these three parameters first:

P = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1

G = 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8

n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

These values may be bit confusing for now but let's understand them. P is a very large prime number which is used to calculate mod in the formula.

G is generator point. It has 3 parts:
(i) 04 which shows that point is in uncompressed form.
(ii) Next 64 characters are hexadecimal representation of X-axis of generator point which is when converted into integer looks like this: 55066263022277343669578718895168534326250603453777594175500187360389116729240
(iii) Next 64 characters are hexadecimal representation of Y-axis of generator point which is when converted into integer looks like this: 32670510020758816978083085130507043184471273380659243275938904335757337482424

You may have studied in mathematics that point (2,4) means point is 2 on X-axis and 4 on Y-axis. Something like this:



Similarly G point is nothing but a point on graph with very large coordinates like this:



Lastly, n represents the maximum integer value of private key. Any number between 0 and n is valid private key. n when converted into integer is this number: 115792089237316195423570985008687907852837564279074904382605163141518161494337.


Basically there are three formulas that make up Elliptic Curve Cryptography namely, ECAddition, ECDouble and ECMultiplication. Although we use the terms like addition, double and multiplication but these calculations are not like general addition or multiplication. These are much more complex. As I said earlier, this thread is not about Elliptic Curve Cryptography but how is it used in Bitcoin so I won't explain these formulas and how these are derived. Let's keep this thread simple and understandable.


Now comes the most important and interesting part. How ECC is used in Bitcoin!

This is the system of applying ECC on private key to calculate public key:

1. Convert the hex of private key into Binary representation.
2. Ascertain the number of characters our Binary representation have.
3. Let's say, our Binary representation have 256 characters then we have to apply ECMultiply formula 256 times. ECMultiply involves applying ECDouble on G point and then if the binary character is 1, apply ECAdd formula on the resulting value. Else if binary character is 0, ignore ECAdd and move to next character.
4. Note: We don't have to apply ECAdd formula on the first character even if it is 1.
5. Keep on repeating this and the final point we get after 256 rounds will be our public key.

Confusing? Let's understand this with an example: Since private key can be any number between 0 and n, let's assume 145 as our private key. The hex representation of our private key will be: 0xa8.

Now according to step 1, we have to convert our private key into binary which is: 10010001
Now according to step 2, we have to ascertain the length of our binary which is: 8.
Now according to step 3, we have to do ECMultiply 8 times. Let's do it:

(I am using short form D() for ECDouble and A() for ECAdd)

Round	Starting value	Binary Character	ECDouble	ECAdd	Value going next round
First	G	1	Yes	No (read step 4)	D(G)
Second	D(G)	0	Yes	No (0)	D(D(G))
Third	D(D(G))	0	Yes	No (0)	D(D(D(G)))
Fourth	D(D(D(G)))	1	Yes	Yes (1)	A(D(D(D(D(G)))),G)
Fifth	A(D(D(D(D(G)))),G)	0	Yes	No (0)	D(A(D(D(D(D(G)))),G))
Sixth	D(A(D(D(D(D(G)))),G))	0	Yes	No (0)	D(D(A(D(D(D(D(G)))),G)))
Seventh	D(D(A(D(D(D(D(G)))),G)))	0	Yes	No (0)	D(D(D(A(D(D(D(D(G)))),G))))
Eight	D(D(D(A(D(D(D(D(G)))),G))))	1	Yes	Yes (1)	A(D(D(D(D(A(D(D(D(D(G)))),G))))),G)

So this value: A(D(D(D(D(A(D(D(D(D(G)))),G))))),G) will be a point on graph having two coordinates (X,Y). This point will be our public key which is then converted in Bitcoin Address. D() means we are applying ECDouble formula on the value within brackets while A() means we are applying ECAddition formula on the value within brackets. Note that ECAddition requires two points for the calculcation hence the first point is our result value while the second point is G point.

Wanna see this code in action? Check out my other thread where I have created Bitcoin Address from private key from scratch: https://bitcointalk.org/index.php?topic=5223167.0 . I have provided the complete ECAdd, ECDouble and ECMultiply formula in that thread as Javascript functions. You can learn in depth about these formulas from various online resources and then check their working through my code.


So we have done immense calculation in step 3. But what actually makes this calculation irreversible? Why can't be calculate private key from public key by applying ECDouble and ECAdd in reverse order (afterall we are using G as the input whose value is known to all)? The reason why ECC is so invincible is due to the use of modulus and modulus inverse in ECDouble and ECAddition formulas. So what is modulus (or mod) and modulus inverse (or mod inverse)?

Mod of any two numbers say, mod(14,6) is the remainder obtained after dividing first number with second. For example, when 14 is divided by 6 remainder is 2. So the mod of 14 and 6 is 2. Whereas mod inverse is the number which is when multiplied with first number and then divided by second number leaves the remainder of 1. For example, mod inverse of 3 and 11 is 4 because when 3 multiplied by 4 gives 12 which when divided by 11 leaves the remainder of 1.

ECC uses these two in both ECDouble and ECAdd. So after every round of ECMultiply, we are only taking remainder in next round. We are discarding any quotient obtain in calculation, which makes the reverse calculation almost impossible. For example, even if you know that the remainder is 2 and the number which divided the first number is 6, you can't certainly say that the first number is 14 because it could be 8 or 14 or 20 or so on. In ECC, we uses mod lots of times and on top of that, we are dealing with very large numbers (remember P from Section 1? P is used to calculate mod in ECDouble and ECAdd functions). So virtually it's impossible to do reverse calculation.

I hope this thread made you little more knowledgeable about Bitcoin and why it is one of the best innovation of 21st century. If you already know about ECC and think something in this thread needs to be improved, please let me know, I will make the necessary amendments.

There is a new malware in town, aptly called CoronaVirus. And this time the method to spread the ransomware is very clever, the hackers created a fake Windows WiseCleaner.com




(Fortunately, the site has been taken down already, thanks to those investigators who have reported it)

So it will ask you to download WSHSetup.exe, but it contains the CoronaVirus and password stealing trojan known as Kpot. If you fall victim and have executed the downloadable file, it will give you a warning like this asking 0.008 BTC (maybe this is just a test run that's why the demand is too low as this time.)



Scammers bitcoin address:
So far though the balance is empty, meaning no one has fallen for this gimmick. However, I just want to give warnings to everyone, specially to beginners that they need to be careful and used our common sense not to download anything that is very suspicious.

https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/

A month ago I was scammed by imposter of shdvb in telegram. He didn't got from me much but I got a lesson learned that day. We all love to trade or finish a deal quickly and to do that we need a quick communication so we always move over to some chatting or messaging apps instead of continuing the conversation in forum's message system. But there are lot of imposters of regular dealers whether it be a regular currency exchanger or someone regular in providing service or goods. Now question comes how do we know its an imposter?


(A) Always check that you are dealing with the Telegram ID provided to you by the dealer.

Say I am trying to deal with shdvb. Real telegram ID of shdvb is: @mingxingxu and while searching in Telegram I get a lot of results here as shown in screenshot below:



(First^[1]), you should know how the telegram displays an account. There are two things: Telegram Username (i.e Display name) and Telegram UID. Now here comes the important part: Anyone can have same display name but Telegram UID is unique and hence if someone is already with Telegram UID @abc123 then no one can make another account with that UID again. So always remember that Telegram UID is something that you should be looking out for and check before dealing.

Here is how it is displayed:



As in search results you can see that there are lot of results like someone has set "@mingxingxu" in Telegram Display name but its UID is "@mingxingxux" and similarly there are other results with "@mingxingxu" as Telegram Display name but UID different than "@mingxingxu" . These are all traps waiting for someone to get fooled thinking that "@mingxingxu" which is being shown as Telegram Display name is actually the UID and the actual dealer while their actual UID is different (some having prefix or suffix or change in some characters).

So (Second^[2]), focus only on checking UID that matches the actual UID provided i.e  in this case is "@mingxingxu". After checking in this manner, I got the account I was looking for which is the real telegram account which has "@mingxingxu" as the Telegram UID as shown in screenshot below.




Now I have told you about only the first kind of traps.


(B) Traps with fake ID coated inside a hyperlink with actual ID as text.


This was the trap where I slipped.



Above is the screenshots of result again. All the results are actually channels except for the actual real TG account of shdvb as shown previously. Now if you get into one of these channels you will find a post already like in screenshot below.




This is the post as in that telegram channel and it may seem like they have provided the actual user ID and the direct link but its is actually hyperlinked with another fake telegram account in that Telegram channel. In here when I clicked I was directed to the Telegram account with UID: "@mignxingxu" which is different from actual Telegram ID of shdvb "@mingxingxu"




How to avoid falling for it ?

Whenever you start conversation with a telegram UID always check his UID by clicking his display name and verify if you are going to start conversation with the real dealer.

---

---

For now that's it. I will be looking out for traps and will post if new type of traps surface in Telegram.

I would suggest currency exchangers or regular service and good providers who are regular in telegram and have provided the ID publicly to add this thread to their main post and warn about it so that they can stay safe and won't fall for traps dealing with imposters on telegram.

Feel free to add anything which you think I am missing or if I have made some mistakes in this post.

What is this Ransomware?

Image source

This is a kind of Malware Or software, if once entered into someone's computer, all his data or some important data will be locked, After this, the hacker asks for money, and says if you want your data back, send me money (mostly in crypto)

there is a lot more that can be done through command and control (C&C, it depends on features
Each ransomware is different from the other, which is why antivirus is not able to catch every ransomware as a virus.

Every Ransomware has encryption and a decryption tool, When installed on the victim' computer, the hacker uses encryption tool to lock his/her data.
When the hacker receives payment, then the hacker uses a decryption tool to unlock the victim's data.

This can happen to anyone, that's why I have found some free decryption tools, which can help you a lot.

---

Quick Heal decryption tool for these types of ransomware

---

Trend Micro Ransomware Decryptor
Supported Ransomware Families
The following list describes the known ransomware-encrypted files types can be handled by the latest version of the tool.

---

Kaspersky RakhniDecryptor
Use the Kaspersky RakhniDecryptor tool in case your files were encrypted by the following ransomware:

---

For more Tools you can visit: https://www.nomoreransom.org/en/decryption-tools.html

UPDATE 2:
Quickest way to get your sent/received merits for the last 120 days:
LoyceV has created this handy tool for this purpose. Instructions are very simple:

---

UPDATE: Here is how to get the total number of earned merits in the last 120 days - all credits go to the users below:

METHOD I: BPIP (thanks o_e_l_e_o)
   1. Go to this online calendar to find out what date was it 120 days ago: https://www.convertunits.com/dates/daysfromnow/-120
   2. Go to https://bpip.org/smerit.aspx?to=YOURUSERNAME&start=YYYY-MM-DD (change YOURUSERNAME to your BTCTalk username and YYYY-MM-DD to the date from above)
   3. At the bottom of the loaded BPIP page, you'll see the total Merits you've received in the last 120 days.

METHOD II: GreatArkansas' Telegram Bot (thanks Rikafip)
   1. Go to GreatArkansas' thread and follow the instructions.

METHOD III: Loyce Club (thanks o_e_l_e_o)
   1. Go here: http://loyce.club/Merit/history/806196.html
   2. Look at the sum of merits you had earned 120 days ago.
   3. Look at the sum of merits you have earned today.
   4. Subtract the two.

METHOD IV: tranthidung's unofficial service (thanks hosseinimr93)
   1. Go to this thread: https://bitcointalk.org/index.php?topic=5211129 and follow OP's instructions

METHOD V: TryNinja's Tampermonkey script (thanks TryNinja)
   1. Download the Tampermonkey extension for your browser
   2. Go to this post: https://bitcointalk.org/index.php?topic=5148488.msg53143412#msg53143412
   3. Add the userscript from the post above in Tampermonkey

METHOD VI: DdmrDdmr's Merit Dashboard (thanks DroomieChikito)
   1. Go to this online calendar to find out what date was it 120 days ago: https://www.convertunits.com/dates/daysfromnow/-120
   2. Go to DdmrDdmr's Merit Dashboard
   3. On the right side of the page, insert your username in the "To User Name" field
   4. Change the data range to start from the calendar date you have found from step 1
   5. Under "Total Received" on the right side of the website, you'll see the total Merit received in the last 120 days.

METHOD VII: Import Theymos' dump merit into Excel (thanks DroomieChikito)
   1. Go to this post and follow the instructions.

---

Original post:

Every time I want to know how much merit I've spent or received in the last 120 days or a campaign asks me to write that into the participation post, I have to manually add every single number on a calculator to get a total result.

I suggest adding the total count of merit received and spent in the last 120 days, I think it would be pretty useful to quite a lot of members here. In my mind, it's just a little formula the administrator could add next to the "Received in the last 120 days" text.. something like "Received in the last 120 days: 252 Merits"

In my mind, it sounds like a rather simple formula that could be added on the Merits page. I've looked for this number many times but have never found an easier way to get it.. Thoughts?

This is a matter of security and safety of your crypto, folks, and every one  obsessed with it is more than welcomed to this thread to share or gain experience on using HW keys designed for 2FA authentication. Mine is Yubico Yubikey 5 NFC. Both relevant documentation and howtos are very scattered, so let's start with that Yubikey.

To stay very brief, Yubikey 5 NFC is a small USB-A dongle, which also uses wireless NFC. The latter is important if you are in need for authentication on mobile devices. The key supports many relevant authentication protocols FIDO, FIDO2, U2F, OTP, TOTR, PIV, HOTP, TOTP, Challenge-responce, OpenPGP and encryption algorithms: RSA 4096, ECC p256, ECC p384.  Depending  on the usage, one can think of that dongle differently.

For example, one can view it as the key with an OTP interface and two programmable slots accessible through SW apps.

In the freshly bought Yubikey 5 slot 1 is preconfigured to use OTP to fit the authentication  solutions from Yubico - this is the so-called Yubico OTP, while slot 2 is empty and must be configured. Some resellers offer Yubikey VIP - for those keys, the 1st slot OTP is preconfigured to meet corresponding Symantec's products.  Both slots are configurable via  YubiKey Personalization Tool.  Using that, you can select and configure the protocol for yourself.

For example, slot 2 can be configured for static password - and this is very convenient when working with the password manager - you do not need to type something every time to approach your database and at the same time to worry about compromised computer (if any) . Or,  this static password can be used as the second part of the secret when entering any site. In this case, the first part (unique for each site) can be typed on the keyboard or copied from the password manager. With this approach, any keylogger  or malware potential to steal passwords from clipboard is no longer scary simply because they do not see the  second part of the secret, delivered via the YubiKey OTP interface.

You can also think of Yubikey  as of  FIDO certificated U2F dongle capable to serve to unlimited number of IDs.

In general, it’s convenient to imagine Yubikey 5 NFC as a HW-implemented authentication tools, each of which uses its own interface:

1) FIDO interface: FIDO 2, U2F, WebAuthn.

2) CCID interface: OATH (TOTP and HOTP, up to 32 ID), PIV (Smart Card, default PIN: 123456 PUK: 12345678), OpenPGP (RSA 1024, RSA 2048, RSA 3072, RSA 4096)

3) OTP interface: Static Password, Challenge-Response or OATH-HOTP.

To get authentication via Yubikey 5 NFC, just touch its gilded disk. The duration of the touch depends on which slot you need to activate. If this is slot 1, then the touch  should should last as short as 0.3-1.5 sec. If slot 2, then hold a little longer - 2 - 5 sec.

Specification: https://support.yubico.com/support/solutions/articles/15000014174--yubikey-5-nfc

Please post links, I have 600+ sMerit to give and not enough time to read all posts.