Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Searching for K nonce
by
COBRAS
on 15/04/2024, 12:51:59 UTC
Quote from: krashfire on Today at 08:40:06 AM
Quote from: COBRAS on April 14, 2024, 02:25:35 AM
Quote from: krashfire on April 14, 2024, 01:47:50 AM
Quote from: COBRAS on April 13, 2024, 05:55:51 PM
Quote from: krashfire on April 13, 2024, 05:21:04 AM
Code:

import random
p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

E = EllipticCurve(GF(p), [0, 7])

G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8))   # Base point

r=0x
s=0x
z=0x

def egcd(a, b):

    if a == 0:

        return (b, 0, 1)

    else:

        g, y, x = egcd(b % a, a)

        return (g, x - (b // a) * y, y)
def modinv(a, m):

    g, x, y = egcd(a, m)

    if g != 1:

        raise Exception('modular inverse does not exist')

    else:

        return x % m
def make_public(r,s,z):
    R = E.lift_x(Integer(r))
    w = int(modinv(s, n))
    u1 = int((z * w) % n)
    u2 = int((r * w) % n)
    #R=u1*G + u2*public_key
    #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n
    u_n2=modinv(u2,n)%n
    u_n1=- u1*modinv(u2,n)%n
   
    pub=u_n1*G + u_n2*R
    pub2=u_n1*G + u_n2*(-R)
    return pub,pub2

def verify(r, s,z,public_key):
    w = int(modinv(s, n))
    u1 = int((z * w) % n)
    u2 = int((r * w) % n)
    D=u1*G + u2*public_key
    x,y=D.xy()
    x=int(x)

    if (r % n) == (x % n):
        print( "signature matches")
         
    else:
        print("invalid signature")
       
def calc_u(r,s,z):
    mod_s= modinv(s,n)%n
    u1=mod_s*z%n
    u2=mod_s*r%n
    print("u1==",u1,"n-u1=",n-u1)
    print("u2==",u2,"n-u2=",n-u2)
    return u1,u2
u1, u2 = calc_u(r,s,z)
pub1,pub2=make_public(r,s,z)

print("public_key1",pub1)
print("pub1_x=",hex(pub1.xy()[0]))
print("public_key2",pub2)
print("pub2_x=",hex(pub2.xy()[0]))
verify(r,s,z,pub1)
verify(r,s,z,pub2)
print()

# Find the real mod n for k and K nonce
# Loop to search for k in hexadecimal
for i in range(0, n):
    k = (r * i + z) * modinv(s, n) % n
    R = E.lift_x(Integer(r))
    P = k * G
    print("K:", hex(P.xy()[0]))  # Print the x-coordinate of K in hexadecimal
    if hex(P.xy()[0]) == hex(r):
        print("Found real k:", hex(P.xy()[0]))  # Print the real k in hexadecimal
        break


i just updated the code in sagemath.
error again, I try remove error, same error:


k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n
  File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675)
  File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612)
  File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640)
  File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933)
TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring'

that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works.


im use this rsz bro:


r= 115780575977492633039504758427830329241728645270042306223540962614150928364886
s= 115784413730767153834193500621449522112098284939719838943229029456606672741370
z= 2


?
lol. of course that wont work. its not real rsz

why this not work ?


replace base pooint and "i" in cangaroo and you take "i" were finder k,after put "i" to your formula....

Huh


this is work, jast enother way of using cangaroo and bsgs search