Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: I found a method to reverse public keys to private keys
by
bitcoinend
on 09/02/2025, 17:42:07 UTC
Quote from: ovcijisir on Today at 05:34:11 PM
So it didn't work in the end?

OP did you write the script yourself or got it from somewhere?

Myself. that's why it so messy Smiley


Quote from: BlackHatCoiner on Today at 05:38:40 PM
Quote from: bitcoinend on Today at 05:29:01 PM
Idk man, maybe i did something wrong in my script. can you verify that it randomly generates signatures with random utpo 200 bit key and nonce?
Here's my program. As you can see, private key and nonce values are 160 bits.

Code:
import random
import hashlib
from ecdsa import SigningKey, SECP256k1
from ecdsa.util import sigdecode_string, sigencode_string

weak_private_key_int = random.getrandbits(160)
weak_private_key = SigningKey.from_secret_exponent(weak_private_key_int, curve=SECP256k1)

public_key = weak_private_key.verifying_key

print("Weak Private Key (Hex):", hex(weak_private_key_int))
print("Public Key (Hex):", public_key.to_string("compressed").hex())

message1 = b"BlackHatCoiner"
message2 = b"Break this message"


z1 = int.from_bytes(hashlib.sha256(message1).digest(), "big")
z2 = int.from_bytes(hashlib.sha256(message2).digest(), "big")

weak_k1 = random.getrandbits(160)
weak_k2 = random.getrandbits(160)

signature1 = weak_private_key.sign_digest_deterministic(
    hashlib.sha256(message1).digest(),
    sigencode=sigencode_string,
    extra_entropy=weak_k1.to_bytes(32, 'big')  # Inject weak k
)

signature2 = weak_private_key.sign_digest_deterministic(
    hashlib.sha256(message2).digest(),
    sigencode=sigencode_string,
    extra_entropy=weak_k2.to_bytes(32, 'big')  # Inject weak k
)


r1, s1 = sigdecode_string(signature1, weak_private_key.curve.order)
r2, s2 = sigdecode_string(signature2, weak_private_key.curve.order)


print("\nSignature 1:")
print(f"R1 = {hex(r1)}")
print(f"S1 = {hex(s1)}")
print(f"Z1 = {hex(z1)}")
print(f"k1 = {hex(weak_k1)} (Weak Nonce)")

print("\nSignature 2:")
print(f"R2 = {hex(r2)}")
print(f"S2 = {hex(s2)}")
print(f"Z2 = {hex(z2)}")
print(f"k2 = {hex(weak_k2)} (Weak Nonce)")


could you try this code? I'm pretty sure i didn't fuck it up by having a backdoor by mistake.