Code:
import random
p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x
s=0x
z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m
def make_public(r,s,z):
R = E.lift_x(Integer(r))
w = int(modinv(s, n))
u1 = int((z * w) % n)
u2 = int((r * w) % n)
#R=u1*G + u2*public_key
#pub= R*modinv(u2,n) - u1*modinv(u2,n)%n
u_n2=modinv(u2,n)%n
u_n1=- u1*modinv(u2,n)%n
pub=u_n1*G + u_n2*R
pub2=u_n1*G + u_n2*(-R)
return pub,pub2
def verify(r, s,z,public_key):
w = int(modinv(s, n))
u1 = int((z * w) % n)
u2 = int((r * w) % n)
D=u1*G + u2*public_key
x,y=D.xy()
x=int(x)
if (r % n) == (x % n):
print( "signature matches")
else:
print("invalid signature")
def calc_u(r,s,z):
mod_s= modinv(s,n)%n
u1=mod_s*z%n
u2=mod_s*r%n
print("u1==",u1,"n-u1=",n-u1)
print("u2==",u2,"n-u2=",n-u2)
return u1,u2
u1, u2 = calc_u(r,s,z)
pub1,pub2=make_public(r,s,z)
print("public_key1",pub1)
print("pub1_x=",hex(pub1.xy()[0]))
print("public_key2",pub2)
print("pub2_x=",hex(pub2.xy()[0]))
verify(r,s,z,pub1)
verify(r,s,z,pub2)
print()
# Find the real mod n for k and K nonce
# Loop to search for k in hexadecimal
for i in range(0, n):
k = (r * i + z) * modinv(s, n) % n
R = E.lift_x(Integer(r))
P = k * G
print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal
if hex(P.xy()[0]) == hex(r):
print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal
break
i just updated the code in sagemath.
k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n
File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675)
File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612)
File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640)
File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933)
TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring'
im use this rsz bro:
r= 115780575977492633039504758427830329241728645270042306223540962614150928364886
s= 115784413730767153834193500621449522112098284939719838943229029456606672741370
z= 2
?
why this not work ?
replace base pooint and "i" in cangaroo and you take "i" were finder k,after put "i" to your formula....
this is work, jast enother way of using cangaroo and bsgs search
try with your real 6 weeks search rsz, and tall what time was need to find k with cuda bsgs or cuda kangaroo ?
thx
ps this is work, bro
Hi sir I want to try your code with these rsz
1:
r = 0x57a463b8ac30f2ed36767d5ccabf04fbe29c94b054b4309996f086556428c748
s = 0x5a4c7e96159688e8cd2525a3230ec5184597d6cfbaf037ca5815fa01097f67cc
z = 0xa37f38a2db651ba57f68ef4d0ac297e732d0eb3954bb85ac069569f9b372daa0
2:
Index 0
r = 0x4f7f2657387cf1fef8152e2bbd39f153ee235e1f46294fded0d42dacbbe7ea
s = 0x430773be7ebda7fba5ed2f829e9b47a7f92d526905c250780f044ed860de0786
z = 0x76757e4b29801bbb747a125c0bb6752feeeabd84c58fe3dd71e94eed3839dfaa
Can you help me with script to find private keys from these rsz.