Hello
Can you write a random point example? I didn't understand.
Can you write a random point example? I didn't understand.
With that attack we can easily recover any private key.
i am run this code output
Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
can you explain how to recover private key.
If we can do this with fixed real public key we can recover private key,
give me example value and code ,recover private key
Target point is
G = E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
X = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Y = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
what is a priv of you secp257k1 loint ?
what is a benefit of this "attack"?
this theme interesting, but needs more info....
does code convert coordinates from secp256k1 to lower order curve ?
Yes we can easily recover with this attack only thing we must compute valid and right coordinates and we will get right private key, It can recover for 10 - 15 minutes.
Code:
Finite field K defined with p = 115792089237316195423570985008687907853269984665640564039457584007908834671663
Elliptic curve E defined with a = 0 and b = 7
Base point G defined at coordinates: (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1)
D defined as: 2
Sextic twist W created.
Extension field Kext created.
Isomorphism created between E and W.
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Elliptic curve E defined with a = 0 and b = 7
Base point G defined at coordinates: (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1)
D defined as: 2
Sextic twist W created.
Extension field Kext created.
Isomorphism created between E and W.
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
i just run your code Found matching scalar i = 1166
so, what is formula for recover privatekey can you write forumula
Can you share code and I will recover it and other secp256k1 coordinates easily.