Re: LLL_nonce_leakage.py -->> simple Sagemath code

Quote from: krashfire on Today at 01:04:18 AM

Quote from: cassondracoffee on April 15, 2024, 10:42:55 AM

# Secret key = x = (rns1 – r1sn)-1 (snm1 – s1mn – s1sn(k1 – kn))
# For most significant fix 128 bit leak at least 3 sig is required.
fix_bits = 128
out_file_name = 'pseudo_sig_rsz.txt'

kbits = 256 - fix_bits

....
................

for row in new_matrix:
potential_nonce_diff = row[0]
# print('k=', hex(potential_nonce_diff))
# modinv(r3 * s1 - r1 *s3) * (s3 * m1 - s1 * m3 - s1 * s3 *(k1 - k3))
potential_priv_key = (sn * z[0]) - (sigs_s[0] * zn) - (sigs_s[0] * sn * potential_nonce_diff)
potential_priv_key *= modinv((rn * sigs_s[0]) - (sigs_r[0] * sn))
potential_priv_key = potential_priv_key % N
# print('PK=', hex(potential_priv_key))

# check if we found private key by comparing its public key with actual public key
if ice.scalar_multiplication(potential_priv_key) == pub:
print('-'*75)
print(f' found private key = {hex(potential_priv_key)}')
print('-'*75)

I can't understand this Python code. Anyone write the Sagemath code?
LLL_nonce_leakage.py -->> simple Sagemath code

download or clone the file from here to the same directory you have the LLL program. you need to use ice_secp256k1.dll or .so for linux to use this program..
https://github.com/iceland2k14/secp256k1

Yes, I know, but I am asking for simple math for easy understanding.
Please explain how LLL_nonce_leakage works, write simple math, or explain