btw we need a ton of signatures to break ECDSA, we only have one here. And the nonces are deterministic (checked), so we're screwed.
#130
only 1 rsz
r = 0x9fca00d29192007648f7e4b525f15a00a5180833617a604ec6701833eb26e580
s = 0x1f5ff38219a72080f77534b735badbcf57f503a33e91935ee7a859387abf5483
z = 0x8d9ac8a5bc9b7ab8954e985fb9ebfc82e11c009fcccafcfb90934fb01a8c57ce
k = 2^256
priv = 2^129 ~ 2^130
Even with a large number of signatures, it still takes a lot of time...
I run LLL_nonce_leakage.py , spend time log
K bit_length spend time
---------------------------------------------------------------
244 bits 12747 seconds ( success to find private key )
245 bits 18146 seconds ( success to find private key )
246 bits 36348 seconds ( success to find private key )
248 bits 142189 seconds ( success to find private key )
249 bits 251375 seconds ( failed ) 52 rsz , need more rsz
250 bits 572073 seconds ( failed ) 64 rsz , need more rsz
251 bits
252 bits
253 bits
254 bits
255 bits
256 bits