Search content
Sort by
Showing 20 of 30 results by cassondracoffee
Re: I found a method to reverse public keys to private keys
There have already been examples, what other proof do you need?
Reviewing their code, just to clarify, the trick seems to be that the signed message includes the nonce concatenated as part of the string. Somehow, the OP extracts the nonce from here, which allows them to derive the private key. In short, their code generates vulnerable signatures. The nonce should never be included in the message of a signature because it is a catastrophic vulnerability.
Code:
def generate_signatures(self, priv, num_signatures=10):
sigs = []
for _ in range(num_signatures):
nonce = random.randrange(1, 2**BIT_RANGE)
note = str(os.urandom(25)) + str(nonce)
msg = bytes(note, 'utf-8')
private_key, public_key = self.make_keypair(priv)
r, s, z = self.sign_message(priv, msg, nonce)
sigs.append((z, r, s))
return sigs
sigs = []
for _ in range(num_signatures):
nonce = random.randrange(1, 2**BIT_RANGE)
note = str(os.urandom(25)) + str(nonce)
msg = bytes(note, 'utf-8')
private_key, public_key = self.make_keypair(priv)
r, s, z = self.sign_message(priv, msg, nonce)
sigs.append((z, r, s))
return sigs
Nice observation,
You are correct,
But my trick works with also 256 bit random nonce if we have enough signatures
hi,
pubxy = 0xf30e2aaeccd1d8014cfb0f32f7c7a17edd4eb852d11bb6c65db56a0eafe3ec41 0xdff242ffc97c9923b42b9e4d360db5efce6f507aa2f443bf4fe6ec8e155f97d8
this pub was zero balance,show me priv key
and u share z rs from pubxy
Re: I found a method to reverse public keys to private keys
230 bit:
....
.....
..
pubkey:
04a2e0e99ceac47a3dd83f33434523f09ba8b35b773c795fe1c5a370f1e73456e92fb40ba82f4ec 010bdb0800872656a9e1eef6d1627259850bea1671880c779bc
?
I'm running some unrelated tests now, it'll finish soon and i'll send it. if you can send the x and y of the public key it'll be good.
I made dec for pubkey later and send it.
The private key for the 230 bit public key is
1606810226048941903531730621352970454741442315642201293890991507745196
confirm:
print(0x3b99934a8858ffa79d9a6d7a7f3ba4c82ced80430118adfc885d45a9ac
try 256?
after 256 need check 256 with nonce <252
after after test or real data
so, time to go to "dark web anonimous" is little fare away ))
It works on real data as you seen.
I can confirm that i already did that on 256 bit keys and it works.
if you want we can chat privately, i don't want to make things too public on the internet.
If you know some advanced math DM me. but don't expect me to provide any tools or codes.
me to
try sending me a private message now.
Just join this telegram group
https://t.me/+-qZAZBYuwbRlMzI0
https://www.talkimg.com/images/2025/02/10/egjn1.jpeg
you need update setting
Personal Message Options > Allow newbies to send you PMs.
Re: I found a method to reverse public keys to private keys
230 bit:
....
.....
..
pubkey:
04a2e0e99ceac47a3dd83f33434523f09ba8b35b773c795fe1c5a370f1e73456e92fb40ba82f4ec 010bdb0800872656a9e1eef6d1627259850bea1671880c779bc
?
I'm running some unrelated tests now, it'll finish soon and i'll send it. if you can send the x and y of the public key it'll be good.
I made dec for pubkey later and send it.
The private key for the 230 bit public key is
1606810226048941903531730621352970454741442315642201293890991507745196
confirm:
print(0x3b99934a8858ffa79d9a6d7a7f3ba4c82ced80430118adfc885d45a9ac
try 256?
after 256 need check 256 with nonce <252
after after test or real data
so, time to go to "dark web anonimous" is little fare away ))
It works on real data as you seen.
I can confirm that i already did that on 256 bit keys and it works.
if you want we can chat privately, i don't want to make things too public on the internet.
If you know some advanced math DM me. but don't expect me to provide any tools or codes.
me to
try sending me a private message now.
"This message shows me what I need to do."
User 'bitcoinend' is a newbie, but your options are set such that you cannot receive PMs from newbies. Therefore, you cannot send PMs to newbies, either.
Write your email, or are you trying to send me a direct message?
Re: I found a method to reverse public keys to private keys
230 bit:
....
.....
..
pubkey:
04a2e0e99ceac47a3dd83f33434523f09ba8b35b773c795fe1c5a370f1e73456e92fb40ba82f4ec 010bdb0800872656a9e1eef6d1627259850bea1671880c779bc
?
I'm running some unrelated tests now, it'll finish soon and i'll send it. if you can send the x and y of the public key it'll be good.
I made dec for pubkey later and send it.
The private key for the 230 bit public key is
1606810226048941903531730621352970454741442315642201293890991507745196
confirm:
print(0x3b99934a8858ffa79d9a6d7a7f3ba4c82ced80430118adfc885d45a9ac
try 256?
after 256 need check 256 with nonce <252
after after test or real data
so, time to go to "dark web anonimous" is little fare away ))
It works on real data as you seen.
I can confirm that i already did that on 256 bit keys and it works.
if you want we can chat privately, i don't want to make things too public on the internet.
If you know some advanced math DM me. but don't expect me to provide any tools or codes.
me to
Re: I found a method to reverse public keys to private keys
Is the nonce you used below 200 bits also?
try this new one i used
pubxy= 0xdc3da318f9a9b7ffc82ccffa29622895091606885c8e4ca0c5ac19dc70266c5 0xf6d4b94cdbc3ebb9eb6e059fad87ff41a4b4d2a3d470ec4a508bab55e814856a
(6226108126078494539249842724718857207859664379045345395490556241357844932293 : 111644811224390640995519078136711738974816348459514100801436649687719020365162 : 1)
tra1 1
R = 0x29065d1942c6acd7a68a7f9d01c4b339732cc82a2d8c6408aca59674f19e4053
S = 0x41c620f18bf3a17e390e55417694e43cddba039b4233820e923c44483649e1bb
Z = 0x716cd00a8088b0e6c6a68335a90c13f80a0dc4a0cb56d1308eda339eaf856165
tra2 2
R = 0x82c3f66f2ef8b968775dd82a33efec056442e76abece38877279d59b724aea7
S = 0xfe5db6f15e1640738ca8db3ee97d78328489d875d2c3b1fe96a23813a0eee215
Z = 0xbf4977bbd35121592f3a717eca14d2c63e8b904b1ee978165f9d2cb00a1539ed
tra3 3
R = 0xee9e7642524b5a7c469eb041b533b6164d77b17e8eb7511b25f3a7b73401be2c
S = 0xbaf81a49ce271e110ccdd7ae42659cc8901f5887df1181a812a4ef9170ec9432
Z = 0xb03fd20ecbe5a0d2d9ef1c58dca2835ca3c7786584442225e4ed52393a53aaa0
tra4 4
R = 0x530c4308a0c05018354eb6516adfb6bb3db4ffe97e36f34a9e4a489605a7e2e9
S = 0x16a023cce5425e2952983b01978167913c20103b69fd324e1e44e87f62f4efb7
Z = 0x7afa18a10f7ce8773445fae27f91fc4a9bc2bdf885ff679817ccf4f81097e18
tra5 5
R = 0x1fde899eb313644d9a4564ff477a0e35e609f712c5b6fa1bb086f311d2000cb9
S = 0xb2148db4a70fa5b75ce2cb989276f202b03535249dc7e2e23952667f8359ef26
Z = 0x913b27459ecd87f1c045d2773831564c7ccc4902cace6a0b53c2e6d1386e62f2
tra6 6
R = 0x42775d4bea75afe5cb4b20087f7797d802ce055a732cfa0c221e8850fbc19b9f
S = 0x4054bbd9b1e05e60c1e374d91159057d2ec61970fea8e3851ae578267821230
Z = 0xf7a18a040db5986b21cb54dd89776f37abbdde32c7a45aa67b76f70cad18dbdb
tra7 7
R = 0xda4eeb19ce648156ad463b6261ec7da1c6873fc610f42bbdbea9f95c4d7472db
S = 0xbafba446de71d51dff520c543d8d477770962b0c2bab3e2e25d4ca6180c0c16e
Z = 0xfda38488d4875951cd3ddef92332490fd89d263f5990f5fd7aa0576a90d0c384
tra8 8
R = 0x58796c745fab889538c2eb55730e90e7c0d11e9ff64bb6722464376b40bdb929
S = 0xa322b50e813ccf125aa95aa9fe08838fcdb3189dd9443be9ba4bae5650859a4d
Z = 0x9a586b8d35453448752b56cf89f466767f7a7235911d1e48a28b7372ec3267ca
tra9 9
R = 0xe5c367a4a587685efb55be6b82f1a43b7bddc331506c2eba64ee47152a98c2c6
S = 0xe68f548cc95f4e46698c5be60e3d07f3645b3719b999ffb54553737a2d7b81c1
Z = 0xae75bd7b2477873ca82e9901a64ef1e17aefcab11212e5fe98a81edfbccdda5b
tra10 10
R = 0x7e9eae99ac7a9ce39f375dc6eed14f9a8292305d1b053dbf60c1c15d4750090
S = 0xdc29bb88f195c31ae33616d642b4edff3d68912929c4eff0a254356a2ffd71a7
Z = 0x9b1bd589ac1545d85fdf446d6c2db79a5fdfb4c4abcf5adeab483c5376eb1c95
And,i can't dm you, i got this message
User 'bitcoinend' has not chosen to allow messages from newbies. You should post in their relevant thread to remind them to enable this setting.
"How does your math work? Can you explain it clearly with some examples?"
thanks
try this new one i used
pubxy= 0xdc3da318f9a9b7ffc82ccffa29622895091606885c8e4ca0c5ac19dc70266c5 0xf6d4b94cdbc3ebb9eb6e059fad87ff41a4b4d2a3d470ec4a508bab55e814856a
(6226108126078494539249842724718857207859664379045345395490556241357844932293 : 111644811224390640995519078136711738974816348459514100801436649687719020365162 : 1)
tra1 1
R = 0x29065d1942c6acd7a68a7f9d01c4b339732cc82a2d8c6408aca59674f19e4053
S = 0x41c620f18bf3a17e390e55417694e43cddba039b4233820e923c44483649e1bb
Z = 0x716cd00a8088b0e6c6a68335a90c13f80a0dc4a0cb56d1308eda339eaf856165
tra2 2
R = 0x82c3f66f2ef8b968775dd82a33efec056442e76abece38877279d59b724aea7
S = 0xfe5db6f15e1640738ca8db3ee97d78328489d875d2c3b1fe96a23813a0eee215
Z = 0xbf4977bbd35121592f3a717eca14d2c63e8b904b1ee978165f9d2cb00a1539ed
tra3 3
R = 0xee9e7642524b5a7c469eb041b533b6164d77b17e8eb7511b25f3a7b73401be2c
S = 0xbaf81a49ce271e110ccdd7ae42659cc8901f5887df1181a812a4ef9170ec9432
Z = 0xb03fd20ecbe5a0d2d9ef1c58dca2835ca3c7786584442225e4ed52393a53aaa0
tra4 4
R = 0x530c4308a0c05018354eb6516adfb6bb3db4ffe97e36f34a9e4a489605a7e2e9
S = 0x16a023cce5425e2952983b01978167913c20103b69fd324e1e44e87f62f4efb7
Z = 0x7afa18a10f7ce8773445fae27f91fc4a9bc2bdf885ff679817ccf4f81097e18
tra5 5
R = 0x1fde899eb313644d9a4564ff477a0e35e609f712c5b6fa1bb086f311d2000cb9
S = 0xb2148db4a70fa5b75ce2cb989276f202b03535249dc7e2e23952667f8359ef26
Z = 0x913b27459ecd87f1c045d2773831564c7ccc4902cace6a0b53c2e6d1386e62f2
tra6 6
R = 0x42775d4bea75afe5cb4b20087f7797d802ce055a732cfa0c221e8850fbc19b9f
S = 0x4054bbd9b1e05e60c1e374d91159057d2ec61970fea8e3851ae578267821230
Z = 0xf7a18a040db5986b21cb54dd89776f37abbdde32c7a45aa67b76f70cad18dbdb
tra7 7
R = 0xda4eeb19ce648156ad463b6261ec7da1c6873fc610f42bbdbea9f95c4d7472db
S = 0xbafba446de71d51dff520c543d8d477770962b0c2bab3e2e25d4ca6180c0c16e
Z = 0xfda38488d4875951cd3ddef92332490fd89d263f5990f5fd7aa0576a90d0c384
tra8 8
R = 0x58796c745fab889538c2eb55730e90e7c0d11e9ff64bb6722464376b40bdb929
S = 0xa322b50e813ccf125aa95aa9fe08838fcdb3189dd9443be9ba4bae5650859a4d
Z = 0x9a586b8d35453448752b56cf89f466767f7a7235911d1e48a28b7372ec3267ca
tra9 9
R = 0xe5c367a4a587685efb55be6b82f1a43b7bddc331506c2eba64ee47152a98c2c6
S = 0xe68f548cc95f4e46698c5be60e3d07f3645b3719b999ffb54553737a2d7b81c1
Z = 0xae75bd7b2477873ca82e9901a64ef1e17aefcab11212e5fe98a81edfbccdda5b
tra10 10
R = 0x7e9eae99ac7a9ce39f375dc6eed14f9a8292305d1b053dbf60c1c15d4750090
S = 0xdc29bb88f195c31ae33616d642b4edff3d68912929c4eff0a254356a2ffd71a7
Z = 0x9b1bd589ac1545d85fdf446d6c2db79a5fdfb4c4abcf5adeab483c5376eb1c95
And,i can't dm you, i got this message
User 'bitcoinend' has not chosen to allow messages from newbies. You should post in their relevant thread to remind them to enable this setting.
Quote
If you know some advanced math DM me
"How does your math work? Can you explain it clearly with some examples?"
thanks
Re: I found a method to reverse public keys to private keys
@bitcoinend
pubxy= 0xbf04d7b82b70c7193f10c87bffc3306f72b8f1a85ee8f110a0ac91a5a86c2f9d 0x801d54cf84f86d76303584caca948cb1e2e5a9793c7b4d2612476e80fea05f17
tra1 1
r = 0x2d1de2b7204413825cdf438e615ef16722a9fe7ea593d4a451e3daebb5512413
s = 0x74e772561a6fdebbc8b18017117ee334ab3c4257385532b5c53958aceeeacee9
z = 0x2a7507eb1b132d55a837c3043350b53f7980f48c80ff0a71ee8bc1730178686f
tra2 2
r = 0xe3b04d2d079bb23ac1c7a18cb47176ca5bd6311e9a18caba06feee090fa957f2
s = 0x8570410cdbad687ff46d5c69c93874524e9e6a9de0e7f0645b11a69bac00d1bd
z = 0xbb11f9518a8215d7f5d26fb68a45e0afe198114a55fcefd5c8aa7d539f028882
tra3 3
r = 0x2f58c602954298204ceddfc4fc6036bf049d53574c0954fe3d5e2e65c5e33a46
s = 0x6107d8b600e41d1896cd8a5eb8643213e9e42277ea498c43540204ac802abb21
z = 0x9788f09f8a62ba8797cdc79f4203092e0cf8bbb2923eb4c34a3973d434184c6e
tra4 4
r = 0xca513cd3f9889de4dfd8c141b611b95c9c8bc031d8fd549fc1e6f3723721fe8d
s = 0x85824f215a00492936cf9697c295e77b6c35af1f24ddc4f24246772902006d1
z = 0xbe8e7dcb415d80835a0c21b2e917f12dd155a32b1243d299afc33d41effd9290
tra5 5
r = 0xd29c0370ebdc1619f24fe538f6a4c7aec4124f1cd682b9086c5162da7a0d1519
s = 0xec1de0639ef5e16d88ad29d9de91862df5bf6e9541cd89499c5aa925a9fb1852
z = 0xe2a735f5ba8b0dd9c91a121ebfa475000c8a248de023d09ffe8d74fe5a1148d1
tra6 6
r = 0xb47498872096ab80edceb765fb819c3c1c2805fa365346972211df6189441014
s = 0x11abb0a7ff706beea1ab071160b928a9a9e259881c7e0ced3a1ad5bcd965f074
z = 0xedf76665763cfa4b1e39449e4badd7f1e811c5b6d71ace3092ed553325dba3d1
tra7 7
r = 0xb61f76b22aa8418f69f27b8cdfb3efa304481dfdf7aa1d2b758bb44e090e8435
s = 0xf69c72e40c9483f87d61b78fa7d0c7636db530923d61e0b411c25afafdcf24ea
z = 0xd92c4eaa8e988d98d2ffb84133dcda4100fd076f9869da0c437130183d1ad84d
tra8 8
r = 0xbacdfbbb20362eb92c2020e865bbced367a2766aebd9c8993c0d8f770247c38a
s = 0xfc2e711e34c5a44fa5e288a86345e21a1c2a05bdd9bc45d631186e0313ce7482
z = 0xeaa205fd8b54031228201423ec25d464304da42d60b8bfdb5c0b35330dd3af15
tra9 9
r = 0x7e1cfa1a0e003d1e8a4d86c2bc76446ea78bce62131bcd927afb57c529f4a025
s = 0xcfd63644ed095a1aadc734454f1cf0d7126abec288b5e8934af2ae51c38673ba
z = 0x7f155c6d034db9e5bf8482c6445497352a1d79ec0983fad49e64dab8b8dbeec4
tra10 10
r = 0x45fd456fbbd257dffc9740351a4ef02e52b5765c02e462452a801453926e1997
s = 0xc32a0b244e3ba3ce265c077e9c24638dcec0f081097cea68f908b81d9991134f
z = 0xe05135fada721a90ecd3064e60c9be3692af3cbb731153660785cde40925cdde
show the priv key ?
pubxy= 0xbf04d7b82b70c7193f10c87bffc3306f72b8f1a85ee8f110a0ac91a5a86c2f9d 0x801d54cf84f86d76303584caca948cb1e2e5a9793c7b4d2612476e80fea05f17
tra1 1
r = 0x2d1de2b7204413825cdf438e615ef16722a9fe7ea593d4a451e3daebb5512413
s = 0x74e772561a6fdebbc8b18017117ee334ab3c4257385532b5c53958aceeeacee9
z = 0x2a7507eb1b132d55a837c3043350b53f7980f48c80ff0a71ee8bc1730178686f
tra2 2
r = 0xe3b04d2d079bb23ac1c7a18cb47176ca5bd6311e9a18caba06feee090fa957f2
s = 0x8570410cdbad687ff46d5c69c93874524e9e6a9de0e7f0645b11a69bac00d1bd
z = 0xbb11f9518a8215d7f5d26fb68a45e0afe198114a55fcefd5c8aa7d539f028882
tra3 3
r = 0x2f58c602954298204ceddfc4fc6036bf049d53574c0954fe3d5e2e65c5e33a46
s = 0x6107d8b600e41d1896cd8a5eb8643213e9e42277ea498c43540204ac802abb21
z = 0x9788f09f8a62ba8797cdc79f4203092e0cf8bbb2923eb4c34a3973d434184c6e
tra4 4
r = 0xca513cd3f9889de4dfd8c141b611b95c9c8bc031d8fd549fc1e6f3723721fe8d
s = 0x85824f215a00492936cf9697c295e77b6c35af1f24ddc4f24246772902006d1
z = 0xbe8e7dcb415d80835a0c21b2e917f12dd155a32b1243d299afc33d41effd9290
tra5 5
r = 0xd29c0370ebdc1619f24fe538f6a4c7aec4124f1cd682b9086c5162da7a0d1519
s = 0xec1de0639ef5e16d88ad29d9de91862df5bf6e9541cd89499c5aa925a9fb1852
z = 0xe2a735f5ba8b0dd9c91a121ebfa475000c8a248de023d09ffe8d74fe5a1148d1
tra6 6
r = 0xb47498872096ab80edceb765fb819c3c1c2805fa365346972211df6189441014
s = 0x11abb0a7ff706beea1ab071160b928a9a9e259881c7e0ced3a1ad5bcd965f074
z = 0xedf76665763cfa4b1e39449e4badd7f1e811c5b6d71ace3092ed553325dba3d1
tra7 7
r = 0xb61f76b22aa8418f69f27b8cdfb3efa304481dfdf7aa1d2b758bb44e090e8435
s = 0xf69c72e40c9483f87d61b78fa7d0c7636db530923d61e0b411c25afafdcf24ea
z = 0xd92c4eaa8e988d98d2ffb84133dcda4100fd076f9869da0c437130183d1ad84d
tra8 8
r = 0xbacdfbbb20362eb92c2020e865bbced367a2766aebd9c8993c0d8f770247c38a
s = 0xfc2e711e34c5a44fa5e288a86345e21a1c2a05bdd9bc45d631186e0313ce7482
z = 0xeaa205fd8b54031228201423ec25d464304da42d60b8bfdb5c0b35330dd3af15
tra9 9
r = 0x7e1cfa1a0e003d1e8a4d86c2bc76446ea78bce62131bcd927afb57c529f4a025
s = 0xcfd63644ed095a1aadc734454f1cf0d7126abec288b5e8934af2ae51c38673ba
z = 0x7f155c6d034db9e5bf8482c6445497352a1d79ec0983fad49e64dab8b8dbeec4
tra10 10
r = 0x45fd456fbbd257dffc9740351a4ef02e52b5765c02e462452a801453926e1997
s = 0xc32a0b244e3ba3ce265c077e9c24638dcec0f081097cea68f908b81d9991134f
z = 0xe05135fada721a90ecd3064e60c9be3692af3cbb731153660785cde40925cdde
show the priv key ?
Re: LLL & Babai's Nearest Plane Algorithm to find Private key
I was testing on 2 signatures. both created with different K nonce.
as we all know, it will not lead to the correct private key unless the same nonce is reuse. However, i extended the code to include Babai's Nearest plane algorithm to readjust the wrong private key and get it closer to the correct private key by "guiding it " to the correct pubkey coordinates and it manage to only give me the partial private key from the closest vector.
I think this is interesting and will be exploring further to recover full private key.
result from my test.
root@MSI:/home/krash/test# python3 test.py
INFO:__main__:Using 2 signatures to build the lattice...
INFO:__main__:Short vectors after LLL reduction:
INFO:__main__:Short vector: (166728803922956164814674931204777127007, 0, -269917836034390020152096309044001076683, 0)
INFO:__main__:Short vector: (284880382552528911560114733869411675383, 0, 233299777452147397360970206987837337582, 0)
INFO:__main__:Short vector: (0, 115792089237316195423570985008687907853269984665640564039457584007908834671663, 0, 0)
INFO:__main__:Short vector: (191322878670180847261800180723017804593, 0, -63475476205101254537288001668546129622, 115792089237316195423570985008687907853269984665640564039457584007913129639936)
INFO:__main__:Completed LLL reduction.
INFO:__main__:partial private key from Babai: 000000000000000000000000000000007d6eccb306788626b5f389b33f092c5f
At this point, the experiment is not completed and i only consider something viable if we can recover the full private key. if anyone interested to work with me on how we can refine this experiment further, do DM me.
hi,as we all know, it will not lead to the correct private key unless the same nonce is reuse. However, i extended the code to include Babai's Nearest plane algorithm to readjust the wrong private key and get it closer to the correct private key by "guiding it " to the correct pubkey coordinates and it manage to only give me the partial private key from the closest vector.
I think this is interesting and will be exploring further to recover full private key.
result from my test.
Code:
root@MSI:/home/krash/test# python3 test.py
INFO:__main__:Using 2 signatures to build the lattice...
INFO:__main__:Short vectors after LLL reduction:
INFO:__main__:Short vector: (166728803922956164814674931204777127007, 0, -269917836034390020152096309044001076683, 0)
INFO:__main__:Short vector: (284880382552528911560114733869411675383, 0, 233299777452147397360970206987837337582, 0)
INFO:__main__:Short vector: (0, 115792089237316195423570985008687907853269984665640564039457584007908834671663, 0, 0)
INFO:__main__:Short vector: (191322878670180847261800180723017804593, 0, -63475476205101254537288001668546129622, 115792089237316195423570985008687907853269984665640564039457584007913129639936)
INFO:__main__:Completed LLL reduction.
INFO:__main__:partial private key from Babai: 000000000000000000000000000000007d6eccb306788626b5f389b33f092c5f
At this point, the experiment is not completed and i only consider something viable if we can recover the full private key. if anyone interested to work with me on how we can refine this experiment further, do DM me.
i send your dm reply me
thankyou
I was testing on 2 signatures. both created with different K nonce.
as we all know, it will not lead to the correct private key unless the same nonce is reuse. However, i extended the code to include Babai's Nearest plane algorithm to readjust the wrong private key and get it closer to the correct private key by "guiding it " to the correct pubkey coordinates and it manage to only give me the partial private key from the closest vector.
I think this is interesting and will be exploring further to recover full private key.
result from my test.
root@MSI:/home/krash/test# python3 test.py
INFO:__main__:Using 2 signatures to build the lattice...
INFO:__main__:Short vectors after LLL reduction:
INFO:__main__:Short vector: (166728803922956164814674931204777127007, 0, -269917836034390020152096309044001076683, 0)
INFO:__main__:Short vector: (284880382552528911560114733869411675383, 0, 233299777452147397360970206987837337582, 0)
INFO:__main__:Short vector: (0, 115792089237316195423570985008687907853269984665640564039457584007908834671663, 0, 0)
INFO:__main__:Short vector: (191322878670180847261800180723017804593, 0, -63475476205101254537288001668546129622, 115792089237316195423570985008687907853269984665640564039457584007913129639936)
INFO:__main__:Completed LLL reduction.
INFO:__main__:partial private key from Babai: 000000000000000000000000000000007d6eccb306788626b5f389b33f092c5f
At this point, the experiment is not completed and i only consider something viable if we can recover the full private key. if anyone interested to work with me on how we can refine this experiment further, do DM me.
as we all know, it will not lead to the correct private key unless the same nonce is reuse. However, i extended the code to include Babai's Nearest plane algorithm to readjust the wrong private key and get it closer to the correct private key by "guiding it " to the correct pubkey coordinates and it manage to only give me the partial private key from the closest vector.
I think this is interesting and will be exploring further to recover full private key.
result from my test.
Code:
root@MSI:/home/krash/test# python3 test.py
INFO:__main__:Using 2 signatures to build the lattice...
INFO:__main__:Short vectors after LLL reduction:
INFO:__main__:Short vector: (166728803922956164814674931204777127007, 0, -269917836034390020152096309044001076683, 0)
INFO:__main__:Short vector: (284880382552528911560114733869411675383, 0, 233299777452147397360970206987837337582, 0)
INFO:__main__:Short vector: (0, 115792089237316195423570985008687907853269984665640564039457584007908834671663, 0, 0)
INFO:__main__:Short vector: (191322878670180847261800180723017804593, 0, -63475476205101254537288001668546129622, 115792089237316195423570985008687907853269984665640564039457584007913129639936)
INFO:__main__:Completed LLL reduction.
INFO:__main__:partial private key from Babai: 000000000000000000000000000000007d6eccb306788626b5f389b33f092c5f
At this point, the experiment is not completed and i only consider something viable if we can recover the full private key. if anyone interested to work with me on how we can refine this experiment further, do DM me.
Hi, bro
You need ask questions in crypto.stackexchangr I think.This will be more productive.
Hey man. How are you. Long time no talk. Yeah... I hate that place. They hate me too. It's mutual. We argued a lot there. Coz the admins was pretty rude. So I hack one of them
This was 4 years ago. Not interested to go back there.
I am waiting for 1 week. You are not replying; check DM and write your email.
Re: LLL & Babai's Nearest Plane Algorithm to find Private key
I was testing on 2 signatures. both created with different K nonce.
as we all know, it will not lead to the correct private key unless the same nonce is reuse. However, i extended the code to include Babai's Nearest plane algorithm to readjust the wrong private key and get it closer to the correct private key by "guiding it " to the correct pubkey coordinates and it manage to only give me the partial private key from the closest vector.
I think this is interesting and will be exploring further to recover full private key.
result from my test.
root@MSI:/home/krash/test# python3 test.py
INFO:__main__:Using 2 signatures to build the lattice...
INFO:__main__:Short vectors after LLL reduction:
INFO:__main__:Short vector: (166728803922956164814674931204777127007, 0, -269917836034390020152096309044001076683, 0)
INFO:__main__:Short vector: (284880382552528911560114733869411675383, 0, 233299777452147397360970206987837337582, 0)
INFO:__main__:Short vector: (0, 115792089237316195423570985008687907853269984665640564039457584007908834671663, 0, 0)
INFO:__main__:Short vector: (191322878670180847261800180723017804593, 0, -63475476205101254537288001668546129622, 115792089237316195423570985008687907853269984665640564039457584007913129639936)
INFO:__main__:Completed LLL reduction.
INFO:__main__:partial private key from Babai: 000000000000000000000000000000007d6eccb306788626b5f389b33f092c5f
At this point, the experiment is not completed and i only consider something viable if we can recover the full private key. if anyone interested to work with me on how we can refine this experiment further, do DM me.
hi,as we all know, it will not lead to the correct private key unless the same nonce is reuse. However, i extended the code to include Babai's Nearest plane algorithm to readjust the wrong private key and get it closer to the correct private key by "guiding it " to the correct pubkey coordinates and it manage to only give me the partial private key from the closest vector.
I think this is interesting and will be exploring further to recover full private key.
result from my test.
Code:
root@MSI:/home/krash/test# python3 test.py
INFO:__main__:Using 2 signatures to build the lattice...
INFO:__main__:Short vectors after LLL reduction:
INFO:__main__:Short vector: (166728803922956164814674931204777127007, 0, -269917836034390020152096309044001076683, 0)
INFO:__main__:Short vector: (284880382552528911560114733869411675383, 0, 233299777452147397360970206987837337582, 0)
INFO:__main__:Short vector: (0, 115792089237316195423570985008687907853269984665640564039457584007908834671663, 0, 0)
INFO:__main__:Short vector: (191322878670180847261800180723017804593, 0, -63475476205101254537288001668546129622, 115792089237316195423570985008687907853269984665640564039457584007913129639936)
INFO:__main__:Completed LLL reduction.
INFO:__main__:partial private key from Babai: 000000000000000000000000000000007d6eccb306788626b5f389b33f092c5f
At this point, the experiment is not completed and i only consider something viable if we can recover the full private key. if anyone interested to work with me on how we can refine this experiment further, do DM me.
i send your dm reply me
thankyou
i am not expert this attack.
Without clear details, I can't move the correct way.
Write all the steps of how this attack works and what is the goal for this type of attack
Where I am learn this attack and what is the name of this attack?
i speak little English i use this https://www.grammarcheck.net/editor/
write full code of this attack
thank you
Without clear details, I can't move the correct way.
Write all the steps of how this attack works and what is the goal for this type of attack
Where I am learn this attack and what is the name of this attack?
i speak little English i use this https://www.grammarcheck.net/editor/
write full code of this attack
thank you
Hello
Can you write a random point example? I didn't understand.
Can you write a random point example? I didn't understand.
With that attack we can easily recover any private key.
i am run this code output
Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
can you explain how to recover private key.
If we can do this with fixed real public key we can recover private key,
give me example value and code ,recover private key
Target point is
G = E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
X = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Y = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
what is a priv of you secp257k1 loint ?
what is a benefit of this "attack"?
It can recover private key for 10 - 15 minutes.
Maybe, but, you know what sach code have many " false-positives" methods
Can you please show example with recover privkey in range 2**80 ?
With random points we can easily recover but with fixed not yet.
show example with 2**80 ?
If will be valid coordinates it can easily recover up to 256 bits (secp256k1)
show example ?
You are right in twist curve but these are isomorphic curves.
explaint what your code is do ?
your code change order of a curve this is very good
you code find priv this is good too
.....
explain more what your code do ?
Great question this is for recover private key secp256k1 easily. Not need Lattice Attacks and others.
G_twist = W(x_G, y_G) # This may not be valid; you need to ensure y_G is valid for W
how to get
Hello
Can you write a random point example? I didn't understand.
Can you write a random point example? I didn't understand.
With that attack we can easily recover any private key.
i am run this code output
Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
can you explain how to recover private key.
If we can do this with fixed real public key we can recover private key,
give me example value and code ,recover private key
Target point is
G = E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
X = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Y = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
what is a priv of you secp257k1 loint ?
what is a benefit of this "attack"?
this theme interesting, but needs more info....
does code convert coordinates from secp256k1 to lower order curve ?
Yes we can easily recover with this attack only thing we must compute valid and right coordinates and we will get right private key, It can recover for 10 - 15 minutes.
Code:
Finite field K defined with p = 115792089237316195423570985008687907853269984665640564039457584007908834671663
Elliptic curve E defined with a = 0 and b = 7
Base point G defined at coordinates: (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1)
D defined as: 2
Sextic twist W created.
Extension field Kext created.
Isomorphism created between E and W.
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Elliptic curve E defined with a = 0 and b = 7
Base point G defined at coordinates: (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1)
D defined as: 2
Sextic twist W created.
Extension field Kext created.
Isomorphism created between E and W.
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
i just run your code Found matching scalar i = 1166
so, what is formula for recover privatekey can you write forumula
Hello
Can you write a random point example? I didn't understand.
Can you write a random point example? I didn't understand.
With that attack we can easily recover any private key.
i am run this code output
Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
can you explain how to recover private key.
If we can do this with fixed real public key we can recover private key,
give me example value and code ,recover private key
Hello
Can you write a random point example? I didn't understand.
Can you write a random point example? I didn't understand.
With that attack we can easily recover any private key.
i am run this code output
Code:
Low order calculated as: 142393661588618631124367558329129831721258921133329965251678624050800531446149513211695563794469400071298339844826774992453856440487613232814046884710002004308110224877166547666596889228843713919855121125886525144407485343940156
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
Base point after scaling: (51625506863060491577657288757181147576313939976966412237861325982245450729022*z^2 : 49221422808436841396470345893403624465052376179251603819877718257495916669156 : 1)
Target point after scaling: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Target point coordinates: (110974968763117171622808860036105470024737559947254951736159563904722056600050*z^2 : 45554962652940387360842202629183926818175847992039505756191562188071661519508 : 1)
Found matching scalar i = 1166
Found matching scalar i = 9737
can you explain how to recover private key.
For find privkey need find 9 numbers from range 1 to 3500
How to do it in reasonable time ?
How to do it in reasonable time ?
explain please.. dm
python3 gen_data.py -f data.json -c SECP256K1 -b 1 -t LSB -n 360
Private Key: 0xa0a9e351153934a4d5e86c4c53f21bef542e676e2639235596c5d3b81f57
Preparing Data
Generating 360 signatures with curve SECP256K1
leaking 1 bits for k (LSB) ...
File data.json written with all data.
python3 lattice_attack.py -f data.json
(time python3 lattice_attack.py -f data.json) > time.txt 2>&1
----- Lattice ECDSA Attack -----
Loading data from file data.json
Running with 1 bits of k (LSB)
Starting recovery attack (curve SECP256K1)
Constructing matrix
Solving matrix ...
LLL reduction
.....
....
still running.....
How long does time solve guys I run more than 2hr and not doing still running.....
If anyone tries to solve 1 bit of their own key
Please guide me on how quickly to solve 1 bit know
What method do you recommend me gus??
Private Key: 0xa0a9e351153934a4d5e86c4c53f21bef542e676e2639235596c5d3b81f57
Preparing Data
Generating 360 signatures with curve SECP256K1
leaking 1 bits for k (LSB) ...
File data.json written with all data.
python3 lattice_attack.py -f data.json
(time python3 lattice_attack.py -f data.json) > time.txt 2>&1
----- Lattice ECDSA Attack -----
Loading data from file data.json
Running with 1 bits of k (LSB)
Starting recovery attack (curve SECP256K1)
Constructing matrix
Solving matrix ...
LLL reduction
.....
....
still running.....
How long does time solve guys
I run more than 2hr and not doing still running.....If anyone tries to solve 1 bit of their own key
Please guide me on how quickly to solve 1 bit know
What method do you recommend me gus??
Re: Satoshi signature challenge (z,r,s with Satoshi addresses)
Satoshi signature challenge
1. create a character
2. name it, only hex characters are allowed (e.g. badface, deadfeed)
3. create an ID from the name (32 bytes, hex, e.g. id = name + random hex number)
4. find a valid signature from one of the Satoshi addresses for this ID ( 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa , 1K8SfPfTkvjF8YHGG134uQvjcdNDHM6UfB, 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S, etc.)
5. publish it
Examples:
https://opensea.io/assets/matic/0x0edd5391ae1f60818883a8db4981311800609cce/11
[Name:]
deadfeed
[ID:]
z:deadfeed487e6ef8af6dcd3c848df5763c4c4edff666ceff51c419c617715951
[Signature:]
r:aee5d0b511f81c79ca5a04bac374003f45a9ea306d6491d4075501ca8c47eaf5
s:7191fa2ff83a91686516d7e1d59aa609d81f6e04e20c528eddf29fa4360f60b3
[Public key:]
x:678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
y:49f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
[Address:]
a:1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
https://opensea.io/assets/matic/0x0edd5391ae1f60818883a8db4981311800609cce/10
[Name:]
badface
[ID:]
z:badfacebb197083f77bfa18adcadf26bdf8ae4e2970cd217faf66ee2e4bb7b7a
[Signature:]
r:b9c341a9ac009af73e7e3ae00df1e834d3d088618a1c2cd9c9cdb63506f47708
s:6e3dfee8020ee68562b2569b522b4d6e28a2b000a9d32ee8a57459bf08af6ae3
[Public key:]
x:678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
y:49f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
[Address:]
a:1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
My lucky angel number
https://opensea.io/assets/matic/0x1865d62288aa7eb0c20d411ad824b5b447422c96/23
[name]:
7777777
[id]:
z:7777777aa548e3d164d75316392aa2d29ffd528bbbd49a138c2e4a0e98eb6778
[signature]:
r:7eda1af78b42b13cbc0031e356d04ae793aaf2af69f22f1027a07d582b790795
s:16e8fb9908bf7026a8fa2ba7410be6009a67836c3bc0f0f1b875cf5adca10855
[pubkey]:
p:04
11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c
b2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3
[address]:
a:12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S
Math&Fun
1. create a character
2. name it, only hex characters are allowed (e.g. badface, deadfeed)
3. create an ID from the name (32 bytes, hex, e.g. id = name + random hex number)
4. find a valid signature from one of the Satoshi addresses for this ID ( 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa , 1K8SfPfTkvjF8YHGG134uQvjcdNDHM6UfB, 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S, etc.)
5. publish it
Examples:
https://opensea.io/assets/matic/0x0edd5391ae1f60818883a8db4981311800609cce/11
[Name:]
deadfeed
[ID:]
z:deadfeed487e6ef8af6dcd3c848df5763c4c4edff666ceff51c419c617715951
[Signature:]
r:aee5d0b511f81c79ca5a04bac374003f45a9ea306d6491d4075501ca8c47eaf5
s:7191fa2ff83a91686516d7e1d59aa609d81f6e04e20c528eddf29fa4360f60b3
[Public key:]
x:678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
y:49f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
[Address:]
a:1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
https://opensea.io/assets/matic/0x0edd5391ae1f60818883a8db4981311800609cce/10
[Name:]
badface
[ID:]
z:badfacebb197083f77bfa18adcadf26bdf8ae4e2970cd217faf66ee2e4bb7b7a
[Signature:]
r:b9c341a9ac009af73e7e3ae00df1e834d3d088618a1c2cd9c9cdb63506f47708
s:6e3dfee8020ee68562b2569b522b4d6e28a2b000a9d32ee8a57459bf08af6ae3
[Public key:]
x:678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
y:49f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
[Address:]
a:1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
My lucky angel number
https://opensea.io/assets/matic/0x1865d62288aa7eb0c20d411ad824b5b447422c96/23
[name]:
7777777
[id]:
z:7777777aa548e3d164d75316392aa2d29ffd528bbbd49a138c2e4a0e98eb6778
[signature]:
r:7eda1af78b42b13cbc0031e356d04ae793aaf2af69f22f1027a07d582b790795
s:16e8fb9908bf7026a8fa2ba7410be6009a67836c3bc0f0f1b875cf5adca10855
[pubkey]:
p:04
11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c
b2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3
[address]:
a:12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S
Math&Fun
z:deadfeed487e6ef8af6dcd3c848df5763c4c4edff666ceff51c419c617715951
z:badfacebb197083f77bfa18adcadf26bdf8ae4e2970cd217faf66ee2e4bb7b7a
z:7777777aa548e3d164d75316392aa2d29ffd528bbbd49a138c2e4a0e98eb6778
if this is possible
Can you share your code?
I`m trying to understand Bitcoin a bit more, but have a problem I can`t quite figure out, and I`m so unsure about it that I don`t even know how to ask the question (so don`t shout at me!).
How are the "blocks" constructed? on my mining pool I can see blocks being constructed out of transactions, and I know my miner is guessing numbers and when a block is finished the Nodes all get a copy of this new block and the transactions within it, but what part does the fitting of these transactions into a block?
But I`v been told that even if all the electricity on the planet died, all it would take is for someone to spin up a node and Bitcoin`s back in action again (and I assume you`de need at least one miner to start hashing as well).
so if all you need is a node and miner, I`m really missing something in the middle here (I think).
what`s the missing bit? because the info I have doesn`t really make any sense when it`s all put together.
For instance, I consolidated about 30 UTXOs the other day and could see it on Mempool as a consolidation, what part of the Bitcoin machinery is this done on? the Miners, the Nodes or something else I haven`t heard of yet?
https://learnmeabitcoin.com/beginners/guide/mining/How are the "blocks" constructed? on my mining pool I can see blocks being constructed out of transactions, and I know my miner is guessing numbers and when a block is finished the Nodes all get a copy of this new block and the transactions within it, but what part does the fitting of these transactions into a block?
But I`v been told that even if all the electricity on the planet died, all it would take is for someone to spin up a node and Bitcoin`s back in action again (and I assume you`de need at least one miner to start hashing as well).
so if all you need is a node and miner, I`m really missing something in the middle here (I think).
what`s the missing bit? because the info I have doesn`t really make any sense when it`s all put together.
For instance, I consolidated about 30 UTXOs the other day and could see it on Mempool as a consolidation, what part of the Bitcoin machinery is this done on? the Miners, the Nodes or something else I haven`t heard of yet?
Code:
p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
import random
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m
def sign(privkey,nonce,message):
z=message
nonceG=nonce*G
rx,rye=nonceG.xy()
rx=int(rx)
s=(z+int(rx)*privkey)*modinv(nonce,n)%n
return int(rx), int(s), int(z)
#
private=0x12345678901234567890
public_key=private*G
print('public_key:',public_key)
for i in range(1,5):
nonce=random.randrange(2**256-1)
message=random.randrange(2**256-1)
r,s,z = sign(private,nonce,message)
print("k = ",(nonce))
print()
print("r = ",(r))
print("s = ",(s))
print("z = ",(z))
print()
n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
import random
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m
def sign(privkey,nonce,message):
z=message
nonceG=nonce*G
rx,rye=nonceG.xy()
rx=int(rx)
s=(z+int(rx)*privkey)*modinv(nonce,n)%n
return int(rx), int(s), int(z)
#
private=0x12345678901234567890
public_key=private*G
print('public_key:',public_key)
for i in range(1,5):
nonce=random.randrange(2**256-1)
message=random.randrange(2**256-1)
r,s,z = sign(private,nonce,message)
print("k = ",(nonce))
print()
print("r = ",(r))
print("s = ",(s))
print("z = ",(z))
print()
#output
public_key: (105243071627259047368667483594044765021982824084363382876153694762750522988401 :
104125598182348586056118441571689985999353468102348956648162259104921527704151 : 1)
k = 29083908611578474659724835409188629928450877954572645032653586874541462703237
r = 59696872847024287764883588359229125525293276767477693801880266944929876663510
s = 80010627594232692567321382817171148350979277410542815563295883382250157622365
z = 29046398954207568557559337812845639802158825374855453790727264507720942269061
k = 69337410267126143733445433769841521036184947061861184729931918182952636713603
r = 66204497299302794813448884860580533040028016382253230896212796932956850307851
s = 78197288316910247412893934169331566081232042979407260898010071194692833862752
z = 61490995350470215933587146879107314396788082593003439971438111557980048214364
k = 54369543228147138762559582927936238614035377338157105228406927029717132153226
r = 37044516715065049012561472807452925555312743982989311611730725335033602827346
s = 92461946708536229787310797942574898629331316369909556197824596742434968354935
z = 53622079066303081310409199779963535117997475674801702670649253314258639177195
k = 40168673992090659834561921614463767550862354984631432380883735769884152505584
r = 103919090362588117180151567326283890021253888086769542803093556743402383166255
s = 71275504518099351203494061824773539914502255758119765372192658739494934607323
z = 2815976014827110489026899227085751067228569669674380545422790815579479978003
#data.json
{
"curve": "SECP256K1",
"public_key": [
105243071627259047368667483594044765021982824084363382876153694762750522988401,
104125598182348586056118441571689985999353468102348956648162259104921527704151
],
"known_type": "MSB",
"known_bits": ?, ? how to set correct value
"signatures": [
{
"r": 59696872847024287764883588359229125525293276767477693801880266944929876663510,
"s": 80010627594232692567321382817171148350979277410542815563295883382250157622365,
"kp": ? how to set correct value
},
{
"r": 66204497299302794813448884860580533040028016382253230896212796932956850307851,
"s": 78197288316910247412893934169331566081232042979407260898010071194692833862752,
"kp": ? how to set correct value
},
{
"r": 37044516715065049012561472807452925555312743982989311611730725335033602827346,
"s": 92461946708536229787310797942574898629331316369909556197824596742434968354935,
"kp": ? how to set correct value
},
{
"r": 103919090362588117180151567326283890021253888086769542803093556743402383166255,
"s": 71275504518099351203494061824773539914502255758119765372192658739494934607323,
"kp": ? how to set correct value
}
],
"message": [
29046398954207568557559337812845639802158825374855453790727264507720942269061,
61490995350470215933587146879107314396788082593003439971438111557980048214364,
53622079066303081310409199779963535117997475674801702670649253314258639177195,
2815976014827110489026899227085751067228569669674380545422790815579479978003
]
}
Using my sage code to how to write correct data.json format, please the anyone write correct json format, add my code
And the red is that I know a bit how to set
Z calculate from R, S
EXAMPLE : R S
R = 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5
S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e
# target Z value for 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a
R = 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5
S = 0x9cae782a191f3e742d9d4ff8f726d097a3a256af9fbc1faf16e7ec4d9fcf6feb
# target Z value for 0x85e43d48a83d8713a0fe253bf6b1fc70b8ee780e54749dc500f2880b056c4383
R = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
S = 0xb0fc6f098d906534447438c18cd892ab2fea7b5a24b7715f46a2ece08cd281de
# target Z value for 0x373e088a93b3a987eed3d62bbe5187a42d4e7e7ef6e94885ecb06b8575da6a46
R = 0xc6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
S = 0x70b862a9bd712fbc70e5a30152f7951f1b46d40087b83d4330ed4eb6f39d640c
# target Z value for 0x5567c62af707649e8140c5257a6e308c384d6850a4daa172ca54e887fe8fcb8f
EXAMPLE : R S
R = 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5
S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e
# target Z value for 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a
R = 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5
S = 0x9cae782a191f3e742d9d4ff8f726d097a3a256af9fbc1faf16e7ec4d9fcf6feb
# target Z value for 0x85e43d48a83d8713a0fe253bf6b1fc70b8ee780e54749dc500f2880b056c4383
R = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
S = 0xb0fc6f098d906534447438c18cd892ab2fea7b5a24b7715f46a2ece08cd281de
# target Z value for 0x373e088a93b3a987eed3d62bbe5187a42d4e7e7ef6e94885ecb06b8575da6a46
R = 0xc6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
S = 0x70b862a9bd712fbc70e5a30152f7951f1b46d40087b83d4330ed4eb6f39d640c
# target Z value for 0x5567c62af707649e8140c5257a6e308c384d6850a4daa172ca54e887fe8fcb8f
First, we look at signatures:
any formula to find z form r s
my idea
r/s = z
s/r =z
s**r=z
Code:
s=(z+rd)/k
sk=z+rd
sk-z=rd
(sk-z)/r=d
(s/r)k-(z/r)=d
(z/r)+d=(s/r)k
k=((z/r)+d)*(r/s)
sk=z+rd
sk-z=rd
(sk-z)/r=d
(s/r)k-(z/r)=d
(z/r)+d=(s/r)k
k=((z/r)+d)*(r/s)
any formula to find z form r s
my idea
r/s = z
s/r =z
s**r=z