Search content
Sort by
Showing 20 of 83 results by stanner.austin
Re: Ultra-Secure Cold Wallet: The "Sagem PHONE Infineon" Approach
Hello
Nice to see someone from gsm. i also spend more than 15 year in gsm reverse engineering & programming.
Infineon & locosto cpu base phone made by sagem, old time we used jtag to read memory dump and decrypt data for unlock code.
Most secure in old time and never cracked security publicly is by blackberry (company is dead long go) qualcomm cpu base phones, same principal use in latest modern hardware wallets.
Its not secure to relays on any older security. for example RSA 1024 its still not broken but consider unsafe everyone move to RSA 2048.
There is always EMMC/JTAG method to dump data on old phones. some may be encrypted but only firmware part data is decrypted most case.
I think latest qualcomm & samsung trustzone and trusttonic are best to start, it may be costly but security never come in cheap.
samsung exynos & qualcomm latest phones are more secure currently for research part for wallet.
Nice to see someone from gsm. i also spend more than 15 year in gsm reverse engineering & programming.
Infineon & locosto cpu base phone made by sagem, old time we used jtag to read memory dump and decrypt data for unlock code.
Most secure in old time and never cracked security publicly is by blackberry (company is dead long go) qualcomm cpu base phones, same principal use in latest modern hardware wallets.
Its not secure to relays on any older security. for example RSA 1024 its still not broken but consider unsafe everyone move to RSA 2048.
There is always EMMC/JTAG method to dump data on old phones. some may be encrypted but only firmware part data is decrypted most case.
I think latest qualcomm & samsung trustzone and trusttonic are best to start, it may be costly but security never come in cheap.
samsung exynos & qualcomm latest phones are more secure currently for research part for wallet.
Re: Bias Weakness in Transactions – Lattice Attack Possible?
⭐ Merited by vapourminer (1)
Hi
Technically with 80 sign set of RSZ with just 4 bit known on MSB or LSB can use lattice attack to find target private key in seconds.
Its millions in 1 onc chance.
Only possible and known reason to have this is following.
It can be bug in tool which use to sign transaction which known from long time.
it can be self testing or very old address, old time they don't know much about nonce liner attack or weak nonce.
Regards,
Technically with 80 sign set of RSZ with just 4 bit known on MSB or LSB can use lattice attack to find target private key in seconds.
Its millions in 1 onc chance.
Only possible and known reason to have this is following.
It can be bug in tool which use to sign transaction which known from long time.
it can be self testing or very old address, old time they don't know much about nonce liner attack or weak nonce.
Regards,
Re: [CHALLENGE] 5 BTC Reward – ECDSA Structured Nonce k Puzzle (1M Signatures)
@jvaimamu
Can you upload your data set at any other web i can't download
Only 100 R,S,Z is ok for me
must have K = d + 1 and so on.
Can you upload your data set at any other web i can't download
Only 100 R,S,Z is ok for me
must have K = d + 1 and so on.
All this just basic info.
Any government official can ask you for password of your phone. you can give them or you can denied them.
currently no one in india can decrypt or unlock locked iphone 11 or newer android 12 or newer without damage data.
Also you must choice secure phone lock password and don't use face lock or fingerprint lock they can force you to unlock it.
On whatsapp do not backup on there server off chat backup if you are using.
Unless you been monitored with spyware in your phone there is nothing to fear.
Any government official can ask you for password of your phone. you can give them or you can denied them.
currently no one in india can decrypt or unlock locked iphone 11 or newer android 12 or newer without damage data.
Also you must choice secure phone lock password and don't use face lock or fingerprint lock they can force you to unlock it.
On whatsapp do not backup on there server off chat backup if you are using.
Unless you been monitored with spyware in your phone there is nothing to fear.
⭐ Merited by nc50lc (1)
@MikeJ_NpC
Its not security issue having 2 same R in two different transaction (public key) unless one of them private key you know, Without private key (D) of one of them or Nonce (K) you can not recover any of them.
If you find same R in same private key (D) or public key Then its possible to recovery nonce (K) and Private key (D)
Its not security issue having 2 same R in two different transaction (public key) unless one of them private key you know, Without private key (D) of one of them or Nonce (K) you can not recover any of them.
If you find same R in same private key (D) or public key Then its possible to recovery nonce (K) and Private key (D)
I am going to continue with this exchange if some one is interested
You still need it ?How much amount in btc you need ?
How much % you offer for this ?
I don't mind going first with you, I know you are trustworthy.
Re: What happens if RBI decides to ban Bitcoins? What should I do with Bitcoins then
Bitcoin is protocol act as internet money. block chain is public ledger.
Bitcoin can not be blocked or blacklisted or freeze at any case unless, wallets which hold them can be red flag or exchange which hold your account can freeze it.
Safe way to hold bitcoin currently is hardware wallet if big amount & software wallets if small amount.
Even if India block any transaction related to bitcoin illegal's there are many many country and ways to cash it out. near is HK,UAE many more.
Bitcoin can not be blocked or blacklisted or freeze at any case unless, wallets which hold them can be red flag or exchange which hold your account can freeze it.
Safe way to hold bitcoin currently is hardware wallet if big amount & software wallets if small amount.
Even if India block any transaction related to bitcoin illegal's there are many many country and ways to cash it out. near is HK,UAE many more.
Hello,
I have someone that is willing to pay me a % of BTC for converting it to USD and sending it to India. Basically they are wanting to send me 2 BTC and I am supposed to convert those to USD (in US) and send to an Indian bank account.
I know usually these things are questionable but since BTC is irreversible... any thoughts on below:
1) Tax implications since these will go towards MISC earnings on W2 and even if I write majority as expenses since most will be sent back in USD.
2) Is this frowned upon since I am not a registered coin exchange in my state of residence?
3) Is this seen as $ launder1ng?
Probably yes to all questions, but wanted to confirm. Thanks guys.
HelloI have someone that is willing to pay me a % of BTC for converting it to USD and sending it to India. Basically they are wanting to send me 2 BTC and I am supposed to convert those to USD (in US) and send to an Indian bank account.
I know usually these things are questionable but since BTC is irreversible... any thoughts on below:
1) Tax implications since these will go towards MISC earnings on W2 and even if I write majority as expenses since most will be sent back in USD.
2) Is this frowned upon since I am not a registered coin exchange in my state of residence?
3) Is this seen as $ launder1ng?
Probably yes to all questions, but wanted to confirm. Thanks guys.
If that receiver bank account is in USD than this is for tax saving.
In india direct BTC to INR will cost 30% crypto tax and 1% tds with lots of other tax.
Most people trying to find way for such condition one of them is USD transfer from out side india which will exempt them with LUT for 18% gst and no crypto tax as this income in USD not in crypto.
But now days positive pay is in action by government, any unknown 3rd transfer will still flag there money. way is no longer safe way to save tax.
Re: Private key recovery with 120 bit nonce leakage possible?
Hello
You can calculate with simple python
int(1.03 * 4 / 3 * 256 / 120)
Result is 2 min need.
Result is tested and can be verify with https://github.com/bitlogik/lattice-attack your self too.
Regards,
You can calculate with simple python
int(1.03 * 4 / 3 * 256 / 120)
Result is 2 min need.
Result is tested and can be verify with https://github.com/bitlogik/lattice-attack your self too.
Regards,
Hi
This is my version if you have private key or may need to bf.
But you can always do R == K * G to find out if you really found valid K or not.
Regards,
This is my version if you have private key or may need to bf.
Code:
def Get_Nonce_K_With_Private_Key(r,s,z,x):
if (x == 0 ):
return 0;
sinv = pow(s,N-2,N)
t1 = (x*r) % N
t2 = (z+t1) % N
myK = (sinv*t2) % N
if (myK == 0 ):
return 0;
if ((myK*G).x.num == r):
return myK
return 0
if (x == 0 ):
return 0;
sinv = pow(s,N-2,N)
t1 = (x*r) % N
t2 = (z+t1) % N
myK = (sinv*t2) % N
if (myK == 0 ):
return 0;
if ((myK*G).x.num == r):
return myK
return 0
But you can always do R == K * G to find out if you really found valid K or not.
Regards,
@IdMineThat
Hello
My view is on puzzle 1000 BTC is creator is in this forum and watching.
It was started as puzzle 32 BTC from private key range 1 to 160 bit . as you know creator recharged unsolved puzzle to match current market price with another 872 BTC at 16-04-2023.
Rule is simple, use your coding skill solve math and take price. There is no risk of having such key and collecting price when its given as rewards.
Puzzle is specially designed for bit range 1 to 160 .
In normal world any secure platform wallet will provide you full 256 bit private key which is much more secure..
But if someone hacked/stolen/cheated for any BTC private key it must be considered illegal may face criminal charges depending on real private key owner country.
Puzzle also show reality that no one can yet break 160 bit of private key in Bitcoin.
Hello
My view is on puzzle 1000 BTC is creator is in this forum and watching.
It was started as puzzle 32 BTC from private key range 1 to 160 bit . as you know creator recharged unsolved puzzle to match current market price with another 872 BTC at 16-04-2023.
Rule is simple, use your coding skill solve math and take price. There is no risk of having such key and collecting price when its given as rewards.
Puzzle is specially designed for bit range 1 to 160 .
In normal world any secure platform wallet will provide you full 256 bit private key which is much more secure..
But if someone hacked/stolen/cheated for any BTC private key it must be considered illegal may face criminal charges depending on real private key owner country.
Puzzle also show reality that no one can yet break 160 bit of private key in Bitcoin.
Hello
My answer folling.
1) 2009
2) satoshi
3) store value or currency
4) Ethereum ETH
5) public key can be public shown to any one as address to receive fund. private key is must keep in private to send fund,sign message etc.
6) any one who own 51% or more mining power, can make this attack on bitcoin for double spending for his own benefits.
7) double-spending is term used to define spending same value multiple time.
04 march 2020 (i googled this i was not sure about date but i remember year 2020)
9 ) e₹
Regards,
My answer folling.
1) 2009
2) satoshi
3) store value or currency
4) Ethereum ETH
5) public key can be public shown to any one as address to receive fund. private key is must keep in private to send fund,sign message etc.
6) any one who own 51% or more mining power, can make this attack on bitcoin for double spending for his own benefits.
7) double-spending is term used to define spending same value multiple time.
04 march 2020 (i googled this i was not sure about date but i remember year 2020)9 ) e₹
Regards,
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
@zahid888
My opinion on this puzzle creation main purpose is only to see how secure bitcoin private key, if key are less then 256 bits. specially 160 bits or less.
Creator himself have lots of bitcoin to run & refill this challenge.
There is no relation with random numbers to each others so far i can find.
Each time any random number is created its use entry op for his startup then use that as starting point to encrypt next one.
Your last post about thiery of startup seed is not valid for my point of view, it may land same number on low bit due to not having big ranges on lower bits, but it will not help on 32 bit or higher.
So far only hope for this puzzle still relays on bruteforce,BSGS,lattice attack etc. still need tools like keyhunt or more ideas. Pools are good idea still no perfect way to divide range or split range with active users etc.
ps:i like to say thank you to creator only this way public can see bitcoin private key even 160 bit random is not possible to break, so 256 bit is impossible.
My opinion on this puzzle creation main purpose is only to see how secure bitcoin private key, if key are less then 256 bits. specially 160 bits or less.
Creator himself have lots of bitcoin to run & refill this challenge.
There is no relation with random numbers to each others so far i can find.
Each time any random number is created its use entry op for his startup then use that as starting point to encrypt next one.
Your last post about thiery of startup seed is not valid for my point of view, it may land same number on low bit due to not having big ranges on lower bits, but it will not help on 32 bit or higher.
So far only hope for this puzzle still relays on bruteforce,BSGS,lattice attack etc. still need tools like keyhunt or more ideas. Pools are good idea still no perfect way to divide range or split range with active users etc.
ps:i like to say thank you to creator only this way public can see bitcoin private key even 160 bit random is not possible to break, so 256 bit is impossible.
You can use pretty much any cipher. It's not restricted to ECB, CBC, or anything like that.
HelloIt's not about restriction its about security & purpose of use.
for example you can use most case aes-cbc-128 its simple and secure. but still there are case people use aes-ctr & aes-gcm
Almost all AES(other then ECB mode) provide good security.
There are also WhiteBox-AES CTR/CBC provide more security then standard.
Hello
This is group of Rijndael family AES.
AES-ECB-128
AES-CBC-128
AES-CBC-256
AES-CTR-128
AES-CTR-256
etc etc
You can use any coding language you know to this via openssl & other non depended on lib ways.
What your exactly requirement ? i can help on any cryptography related work.
This is group of Rijndael family AES.
AES-ECB-128
AES-CBC-128
AES-CBC-256
AES-CTR-128
AES-CTR-256
etc etc
You can use any coding language you know to this via openssl & other non depended on lib ways.
What your exactly requirement ? i can help on any cryptography related work.
Hello
In developers coding terms
M = message
H = Hashed message or hash
Z = bitcoin specific for double SHA2
K = nonce to randomize your sign output.
X = bitcoin specific for private key
In developers coding terms
M = message
H = Hashed message or hash
Z = bitcoin specific for double SHA2
K = nonce to randomize your sign output.
X = bitcoin specific for private key
how did you find such a transaction that was using same R?
is there a tool available for the calculcation which takes those values as input argument and output the resulting private key?
Hello is there a tool available for the calculcation which takes those values as input argument and output the resulting private key?
You can use Same R cracker utility at following link.
offline https://github.com/nlitsme/bitcoinexplainer
online https://rawcdn.githack.com/nlitsme/bitcoinexplainer/aa50e86e8c72c04a7986f5f7c43bc2f98df94107/ecdsacrack.html
I have tested this work stable no bug.
Also possible in python
Code:
def Crack_K_Same_R(R,S1,S2,H1,H2):
t1 = pow((S1-S2), N-2, N)
TestK = 0
TestK = ((H1-H2) * t1) % N
if ((TestK*G).x.num == R):
print("!!!Winner!!! %064X " % TestK );
exit();
print("Not valid. %064X " % t1)
Once you have K = nonce you can extract private key X
t1 = pow((S1-S2), N-2, N)
TestK = 0
TestK = ((H1-H2) * t1) % N
if ((TestK*G).x.num == R):
print("!!!Winner!!! %064X " % TestK );
exit();
print("Not valid. %064X " % t1)
Once you have K = nonce you can extract private key X
can you share code?
dont forget pay to member 1200
sure, when it will be work, maybe i will pay more.
previous was invalid data my fault sorry
Code:
# transaction 1 & 2 first privkey
priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013
z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381
z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey
priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196
z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187
z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013
z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381
z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey
priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196
z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187
z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
normal calculate not work, modulo 0
any one help?
Code:
K1 fac77baf5d1dd051987bf8335065d59d14bd41fe778340f0ef1482457b7c6539
K2 c4a309118b2505dad8df1d6053573bab6b4629fc0bf296d19fe2847ec90b94e5
Signature r1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s1=5da53ccaaf8cc2926c3e6d0a5cdf93a3f3aa4f9da7b2839101c78c57cc71c4b2
Signature r1_1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s2=547586d2f6f6af809ed061a3619e51f480e976a7637fc09fa91db5f7fba1bf94
Signature r2=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s3=341b2787dc687cf04a1ae278a4a6384dd7c7480e5d4e5eb807a984f7158653fb
Signature r2_1=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s4=93965abd5b6ac399cd51dd5cbb800574a43bec69e56664148dc155c8dccf7b93
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
K2 c4a309118b2505dad8df1d6053573bab6b4629fc0bf296d19fe2847ec90b94e5
Signature r1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s1=5da53ccaaf8cc2926c3e6d0a5cdf93a3f3aa4f9da7b2839101c78c57cc71c4b2
Signature r1_1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s2=547586d2f6f6af809ed061a3619e51f480e976a7637fc09fa91db5f7fba1bf94
Signature r2=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s3=341b2787dc687cf04a1ae278a4a6384dd7c7480e5d4e5eb807a984f7158653fb
Signature r2_1=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s4=93965abd5b6ac399cd51dd5cbb800574a43bec69e56664148dc155c8dccf7b93
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
There is some relation with odd/even i guess, if i add + 1 in private key 1 i am able to get results else inverse is zero..
So may be your tweaked data need to change some odd/even formula for h4 or may need to bigger number.
⭐ Merited by NotATether (3)
Hello
Here is code its same as link you posted nothing special.
Here is code its same as link you posted nothing special.
Code:
#!/usr/bin/env python3
import ecdsa
import random
import libnum
import hashlib
import sys
G = ecdsa.SECP256k1.generator
order = G.order()
priv1 = 74151126465914553719682701372546590912032713247110001383204298192577238294259 #random.randrange(1,order)
Public_key = ecdsa.ecdsa.Public_key(G, G * priv1)
x1 = ecdsa.ecdsa.Private_key(Public_key, priv1)
priv2 = 65602009300807068992382438511465994464148703102269145684254988072233619429415 #random.randrange(1,order)
Public_key2 = ecdsa.ecdsa.Public_key(G, G * priv2)
x2 = ecdsa.ecdsa.Private_key(Public_key2, priv2)
k1 = 113430668354305125354139681412571553637810109882549088741100884487402919060793 #random.randrange(1, order)
k2 = 88941376982568942091029320764989550225390065895384871037015643141890275775717 #random.randrange(1, order)
h1 = 45063904364969322573281122086971579379876583577391310824950725157431863085693 #int(hashlib.sha256(msg1.encode()).hexdigest(),base=16)
h2 = 96925863066810859394685400246217607442326685412593308871569663983290139782035 #int(hashlib.sha256(msg2.encode()).hexdigest(),base=16)
h3 = 70890957235815785946608014568730757332857823983374044998781188028671033610413 #int(hashlib.sha256(msg3.encode()).hexdigest(),base=16)
h4 = 88400657509035765824159536685234267382896518494653799783594906135509259195161 #int(hashlib.sha256(msg4.encode()).hexdigest(),base=16)
x1sig1 = x1.sign(h1, k1)
x1sig2 = x1.sign(h3, k2)
r1,s1 = x1sig1.r,x1sig1.s
r2,s3 = x1sig2.r,x1sig2.s
#r1,s1 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,36665125934301679295764426496089959157670212057714313825462899262019004181013 #x1sig1.r,x1sig1.s
#r2,s3 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,88414683103569280491867470526894992004240909646745888824999991880846576153983 #x1sig2.r,x1sig2.s
#r1_1,s2 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,48387795993880540164497955151292140905876432678370698441361372722465054520609 #x2sig1.r,x2sig1.s
#r2_1,s4 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,94479523762013111191490500533227932711756342618388816229238677867942525385058 #x2sig2.r,x2sig2.s
x2sig1 = x2.sign(h2, k1)
x2sig2 = x2.sign(h4, k2)
r1_1,s2 = x2sig1.r,x2sig1.s
r2_1,s4 = x2sig2.r,x2sig2.s
print("valinv " + hex(r1*r2*(s1*s4-s2*s3)% order ))
print (f"Signature r1={r1}, s1={s1}")
print (f"Signature r1_1={r1_1}, s2={s2}")
print (f"Signature r2={r2}, s3={s3}")
print (f"Signature r2_1={r2_1}, s4={s4}")
valinv = libnum.invmod( r1*r2*(s1*s4-s2*s3),order)
x1rec = ((h1*r2*s2*s3-h2*r2*s1*s3-h3*r1*s1*s4+h4*r1*s1*s3 ) * valinv) % order
x2rec = ((h1*r2*s2*s4-h2*r2*s1*s4-h3*r1*s2*s4+h4*r1*s2*s3 ) * valinv) % order
print ("\nPrivate key (x1):",hex(priv1)[2:])
print ("\nPrivate recovered (x1): ",hex(x1rec)[2:])
print ("\nPrivate1 Matched ?: ",priv1 ==x1rec)
print ("\nPrivate key (x2):",hex(priv2)[2:])
print ("\nPrivate recovered (x2):",hex(x2rec)[2:])
print ("\nPrivate2 Matched ?: ",priv2 ==x2rec)
import ecdsa
import random
import libnum
import hashlib
import sys
G = ecdsa.SECP256k1.generator
order = G.order()
priv1 = 74151126465914553719682701372546590912032713247110001383204298192577238294259 #random.randrange(1,order)
Public_key = ecdsa.ecdsa.Public_key(G, G * priv1)
x1 = ecdsa.ecdsa.Private_key(Public_key, priv1)
priv2 = 65602009300807068992382438511465994464148703102269145684254988072233619429415 #random.randrange(1,order)
Public_key2 = ecdsa.ecdsa.Public_key(G, G * priv2)
x2 = ecdsa.ecdsa.Private_key(Public_key2, priv2)
k1 = 113430668354305125354139681412571553637810109882549088741100884487402919060793 #random.randrange(1, order)
k2 = 88941376982568942091029320764989550225390065895384871037015643141890275775717 #random.randrange(1, order)
h1 = 45063904364969322573281122086971579379876583577391310824950725157431863085693 #int(hashlib.sha256(msg1.encode()).hexdigest(),base=16)
h2 = 96925863066810859394685400246217607442326685412593308871569663983290139782035 #int(hashlib.sha256(msg2.encode()).hexdigest(),base=16)
h3 = 70890957235815785946608014568730757332857823983374044998781188028671033610413 #int(hashlib.sha256(msg3.encode()).hexdigest(),base=16)
h4 = 88400657509035765824159536685234267382896518494653799783594906135509259195161 #int(hashlib.sha256(msg4.encode()).hexdigest(),base=16)
x1sig1 = x1.sign(h1, k1)
x1sig2 = x1.sign(h3, k2)
r1,s1 = x1sig1.r,x1sig1.s
r2,s3 = x1sig2.r,x1sig2.s
#r1,s1 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,36665125934301679295764426496089959157670212057714313825462899262019004181013 #x1sig1.r,x1sig1.s
#r2,s3 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,88414683103569280491867470526894992004240909646745888824999991880846576153983 #x1sig2.r,x1sig2.s
#r1_1,s2 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,48387795993880540164497955151292140905876432678370698441361372722465054520609 #x2sig1.r,x2sig1.s
#r2_1,s4 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,94479523762013111191490500533227932711756342618388816229238677867942525385058 #x2sig2.r,x2sig2.s
x2sig1 = x2.sign(h2, k1)
x2sig2 = x2.sign(h4, k2)
r1_1,s2 = x2sig1.r,x2sig1.s
r2_1,s4 = x2sig2.r,x2sig2.s
print("valinv " + hex(r1*r2*(s1*s4-s2*s3)% order ))
print (f"Signature r1={r1}, s1={s1}")
print (f"Signature r1_1={r1_1}, s2={s2}")
print (f"Signature r2={r2}, s3={s3}")
print (f"Signature r2_1={r2_1}, s4={s4}")
valinv = libnum.invmod( r1*r2*(s1*s4-s2*s3),order)
x1rec = ((h1*r2*s2*s3-h2*r2*s1*s3-h3*r1*s1*s4+h4*r1*s1*s3 ) * valinv) % order
x2rec = ((h1*r2*s2*s4-h2*r2*s1*s4-h3*r1*s2*s4+h4*r1*s2*s3 ) * valinv) % order
print ("\nPrivate key (x1):",hex(priv1)[2:])
print ("\nPrivate recovered (x1): ",hex(x1rec)[2:])
print ("\nPrivate1 Matched ?: ",priv1 ==x1rec)
print ("\nPrivate key (x2):",hex(priv2)[2:])
print ("\nPrivate recovered (x2):",hex(x2rec)[2:])
print ("\nPrivate2 Matched ?: ",priv2 ==x2rec)