Topic: Bitcoin math question (Read 393 times)

It's not the way that the calculation is being done but rather the fact that you are just taking the SHA256 hash of any string instead of a proper random 256-bit private key makes it far easier to crack with tools such as brainflayer since the problem has been reduced from 256-bit brute force to (dictionary) ASCII password string brute force.

THX now i understand what he mean

I am reading this and the words of @gmaxwell

are what i dont understand, does it mean that the "brain wallet fools" sites, do wrong calculation ??
Does it mean, its better to use a, lets say, python script to calculate ??

My calculation gives this result:  N=7a1a7e52797fc8caaa435d2a4dace39158504bf204fbe19f14dbb427faee50ae


Use this ECC calculator to calculate it quickly!
https://github.com/MrMaxweII/Secp256k1-Calculator

Here is what I mean.
The famous tx here with repeated r values:9ec4bc49e828d924af1d1029cacf709431abbde46d59554b62bc270e3b29c4b1  
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
K = GF(p)
r1 = 0xd47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
r2 = 0xd47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
s1 = 0x44e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
s2 = 0x9a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab
z1 = 0xc0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
z2 = 0x17b0f41c8c337ac1e18c98759e83a8cccbc368dd9d89e5f03cb633c265fd0ddc
PK = 0xC477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96  (the private key correctly resolves to 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm)
Ok, so we figure out the nonce now, we have all other data.

K((PK*r1)+z1)/s1 gives N=0x1EE0FAC1872E11EB3E02F24D7623203BBA6DB0E13DEF6DD3E8EBFD1920286254

However K((z1-z2)/(s1 - s2)) gives the right N = 0x7A1A7E52797FC8CAAA435D2A4DACE39158504BF204FBE19F14DBB427FAEE50AE

Why is the first nonce formula not working right? If you have all the params of a transaction, shouldn't this formula work?
The second one resolves right K(((s1*N)-z1)/r1) by this formula, but not my first nonce formula, which uses only the first tx parameters, why?

More over, the following formulas all work for my own transactions:
K((PK*r1)+z1)/s1  gives the right N

K((r2*z1)+(r1*s2*c)-(r1*z2))/((s1*r2)-(s2*r1)) gives the right N

K(((s1*N)-z1)/r1) gives the right PK

But here it does not 

A bunch of these sites are "brain wallet tools" (for brain wallet fools) and they hash the data being input into them. E.g. they compute  sha256(input)*G rather than input*G.  If it accepts anything other than a number then it's almost certainly hashing it.

Yes, you should get the same thing.

Bitcoin transaction formula question.
If k is the nonce, it goes through the same pattern to become the R value as the private key does to become the public key, right? k * Gx = R
So if I take a k value and input it into for example bitaddress.org (or any other software for that matter) like it was the private key, the first part of the public key is supposed to match the R value of my transaction? (minus the 04 at the beginning)
But I don't get this value. Am I missing something?