Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Secp256k1 / Invalid Curve Attack
by
COBRAS
on 22/08/2024, 15:31:01 UTC
Quote from: dexizer7799 on Today at 03:28:31 PM
Quote from: COBRAS on Today at 03:27:35 PM
Quote from: dexizer7799 on Today at 03:24:46 PM
Quote from: COBRAS on Today at 03:23:20 PM
Quote from: dexizer7799 on Today at 03:17:53 PM
Quote from: COBRAS on Today at 03:16:10 PM
Quote from: dexizer7799 on Today at 03:12:16 PM
Quote from: cassondracoffee on Today at 03:11:08 PM
Quote from: dexizer7799 on Today at 03:06:30 PM
Quote from: cassondracoffee on Today at 02:56:53 PM
Quote from: dexizer7799 on Today at 01:59:24 PM
Quote from: mamuu on Today at 01:32:47 PM
Hello
Can you write a random point example? I didn't understand.

With that attack we can easily recover any private key.

i am run this code output

Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737

can you explain how to  recover private key.  Huh

If we can do this with fixed real public key we can recover private key,

give me example value and code  ,recover private key

Target point is

G = E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)

X = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Y = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8



what is a priv of you secp257k1 loint ?


what  is a benefit of this "attack"?

It can recover private key for 10 - 15 minutes.

Maybe, but, you know what sach code have many " false-positives" methods


Can you please show example with recover privkey in range 2**80 ?


With random points we can easily recover but with fixed not yet.

show example with 2**80 ?

If will be valid coordinates it can easily recover up to 256 bits (secp256k1)


show example ?