Idk man, maybe i did something wrong in my script. can you verify that it randomly generates signatures with random utpo 200 bit key and nonce?
Here's my program. As you can see, private key and nonce values are 160 bits.
import random
import hashlib
from ecdsa import SigningKey, SECP256k1
from ecdsa.util import sigdecode_string, sigencode_string
weak_private_key_int = random.getrandbits(160)
weak_private_key = SigningKey.from_secret_exponent(weak_private_key_int, curve=SECP256k1)
public_key = weak_private_key.verifying_key
print("Weak Private Key (Hex):", hex(weak_private_key_int))
print("Public Key (Hex):", public_key.to_string("compressed").hex())
message1 = b"BlackHatCoiner"
message2 = b"Break this message"
z1 = int.from_bytes(hashlib.sha256(message1).digest(), "big")
z2 = int.from_bytes(hashlib.sha256(message2).digest(), "big")
weak_k1 = random.getrandbits(160)
weak_k2 = random.getrandbits(160)
signature1 = weak_private_key.sign_digest_deterministic(
hashlib.sha256(message1).digest(),
sigencode=sigencode_string,
extra_entropy=weak_k1.to_bytes(32, 'big') # Inject weak k
)
signature2 = weak_private_key.sign_digest_deterministic(
hashlib.sha256(message2).digest(),
sigencode=sigencode_string,
extra_entropy=weak_k2.to_bytes(32, 'big') # Inject weak k
)
r1, s1 = sigdecode_string(signature1, weak_private_key.curve.order)
r2, s2 = sigdecode_string(signature2, weak_private_key.curve.order)
print("\nSignature 1:")
print(f"R1 = {hex(r1)}")
print(f"S1 = {hex(s1)}")
print(f"Z1 = {hex(z1)}")
print(f"k1 = {hex(weak_k1)} (Weak Nonce)")
print("\nSignature 2:")
print(f"R2 = {hex(r2)}")
print(f"S2 = {hex(s2)}")
print(f"Z2 = {hex(z2)}")
print(f"k2 = {hex(weak_k2)} (Weak Nonce)")