Post
Topic
Board Development & Technical Discussion
Re: I found a method to reverse public keys to private keys
by
bitcoinend
on 09/02/2025, 17:42:07 UTC
So it didn't work in the end?

OP did you write the script yourself or got it from somewhere?

Myself. that's why it so messy Smiley


Idk man, maybe i did something wrong in my script. can you verify that it randomly generates signatures with random utpo 200 bit key and nonce?
Here's my program. As you can see, private key and nonce values are 160 bits.

Code:
import random
import hashlib
from ecdsa import SigningKey, SECP256k1
from ecdsa.util import sigdecode_string, sigencode_string

weak_private_key_int = random.getrandbits(160)
weak_private_key = SigningKey.from_secret_exponent(weak_private_key_int, curve=SECP256k1)

public_key = weak_private_key.verifying_key

print("Weak Private Key (Hex):", hex(weak_private_key_int))
print("Public Key (Hex):", public_key.to_string("compressed").hex())

message1 = b"BlackHatCoiner"
message2 = b"Break this message"


z1 = int.from_bytes(hashlib.sha256(message1).digest(), "big")
z2 = int.from_bytes(hashlib.sha256(message2).digest(), "big")

weak_k1 = random.getrandbits(160)
weak_k2 = random.getrandbits(160)

signature1 = weak_private_key.sign_digest_deterministic(
    hashlib.sha256(message1).digest(),
    sigencode=sigencode_string,
    extra_entropy=weak_k1.to_bytes(32, 'big')  # Inject weak k
)

signature2 = weak_private_key.sign_digest_deterministic(
    hashlib.sha256(message2).digest(),
    sigencode=sigencode_string,
    extra_entropy=weak_k2.to_bytes(32, 'big')  # Inject weak k
)


r1, s1 = sigdecode_string(signature1, weak_private_key.curve.order)
r2, s2 = sigdecode_string(signature2, weak_private_key.curve.order)


print("\nSignature 1:")
print(f"R1 = {hex(r1)}")
print(f"S1 = {hex(s1)}")
print(f"Z1 = {hex(z1)}")
print(f"k1 = {hex(weak_k1)} (Weak Nonce)")

print("\nSignature 2:")
print(f"R2 = {hex(r2)}")
print(f"S2 = {hex(s2)}")
print(f"Z2 = {hex(z2)}")
print(f"k2 = {hex(weak_k2)} (Weak Nonce)")


could you try this code? I'm pretty sure i didn't fuck it up by having a backdoor by mistake.