Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Secp256k1 / Invalid Curve Attack
by
dexizer7799
on 22/08/2024, 15:13:52 UTC
Quote from: cassondracoffee on Today at 03:11:08 PM
Quote from: dexizer7799 on Today at 03:06:30 PM
Quote from: cassondracoffee on Today at 02:56:53 PM
Quote from: dexizer7799 on Today at 01:59:24 PM
Quote from: mamuu on Today at 01:32:47 PM
Hello
Can you write a random point example? I didn't understand.

With that attack we can easily recover any private key.

i am run this code output

Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737

can you explain how to  recover private key.  Huh

If we can do this with fixed real public key we can recover private key,

Order of the curve: 115792089237316195423570985008687907852837564279074904382605163141518161494337
GCD of lowOrder and order_of_curve: 115792089237316195423570985008687907852837564279074904382605163141518161494337
Cannot recover private keys: lowOrder and order_of_curve are not coprime.

give me example value and code  ,recover private key

I can easily combine these partial keys only thing it must find for secp256k1 points.