Author

Topic: ECDSA math (Read 2147 times)

sr. member
Activity: 467
Merit: 267
November 30, 2014, 05:21:00 AM
#11
lol. If you know the private key, you don't need the signature to calculate the public key.
Obviously without knowing the private key.

The public key is not completely unambiguous from the signature. (nor is R, technically)
Yes but it can be lifted if we know the address.
staff
Activity: 4284
Merit: 8808
November 30, 2014, 04:33:30 AM
#10
This also allows you to calculate the public key from the signature.
The public key is not completely unambiguous from the signature. (nor is R, technically)
sr. member
Activity: 475
Merit: 252
November 30, 2014, 03:45:29 AM
#9
This also allows you to calculate the public key from the signature.
lol. If you know the private key, you don't need the signature to calculate the public key.
sr. member
Activity: 467
Merit: 267
November 30, 2014, 01:31:31 AM
#8
This also allows you to calculate the public key from the signature.
sr. member
Activity: 475
Merit: 252
November 29, 2014, 09:39:01 PM
#7
Quote
What is n ?
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
aka "the order of the curve" of secp256k1 (the curve bitcoin uses)
legendary
Activity: 1260
Merit: 1019
November 29, 2014, 04:18:00 PM
#6
Quote
What is n ?
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
November 29, 2014, 03:46:30 PM
#5
K=(digest+r.privkey)/s mod n

What is n ?
sr. member
Activity: 467
Merit: 267
November 28, 2014, 06:11:08 AM
#4
K=(digest+r.privkey)/s mod n
legendary
Activity: 1260
Merit: 1019
November 28, 2014, 04:10:00 AM
#3
Yes, if you know the private key. What awful thing are you doing?
Stealing bitcoins as usual Smiley
What else can we do on Sunday? {*}
staff
Activity: 4284
Merit: 8808
November 28, 2014, 04:03:18 AM
#2
Yes, if you know the private key. What awful thing are you doing?
legendary
Activity: 1260
Merit: 1019
November 28, 2014, 03:00:45 AM
#1
In few words signing in ECDSA is (some pseudocode)

int256 r, s, digest, privkey, k;
k = rand ( );
[r,s] = sign ( privkey, digest, k );  // signing


The question: is it possible to get 'k' from other values if i know them and do not know 'k' (formula, not bruteforcing)?
Something like

k = get_k_value ( privkey, digest, r, s );





Jump to: