Topic: I found a method to reverse public keys to private keys - page 3. (Read 533 times)

Yes prob is right, try another one:

little bit less 200 bit


04d065447b43b466c918335a5e4872efb5c77825aa5253784c33e3c6b6208c575cfa6340a5866ee 7324ffd4709f8ffb89e3c7fb7f616641ed85c737ca4cd69d80e

tra1= 1
r1= 35781056790654206361636626106532587187001414253679897837887838156475723466668
s1= 6420483661399729901071896193492157113485221530257654649758159620805313613799
z1= 100547791275647556398004216387559085805536951048167777884880996562228107084543

tra2= 2
r2= 73941488516126000796052657471876964190587110358439694629074501102022442106431
s2= 56598608452060255983088408972484035241154438153411513200294533230103261078097
z2= 63995063473560138781054408796374718094944556560947394457490921322289893158511

tra3= 3
r3= 1886384249350604282445977799790732413262893800649925232864942917722896591913
s3= 18948812640424305919439971361881005545112811587533619572845580193644176261363
z3= 102563150449971251059219801524954925615383373005226869323672394588175077321751

tra4= 4
r4= 36945364969169061704191115706500123314114008357653438136827080483772991167615
s4= 49106715924334893265546835118393792174316593830813027016490803089436103398052
z4= 70034016739470279793714855528952349918788831631152513270024650215551741471627

tra5= 5
r5= 91585757637746210331660349293789270118038759826152485403274549511906278323143
s5= 3097380967576664827495120296388397518247628453757190562676448135201836131854
z5= 66004996063908293410916212480096343228691085405136523677902709077908982160373

tra6= 6
r6= 100025893124081125891441242917061158948888745006344470411710718254021411619130
s6= 16099749656802874644818974287264644228888171432792163203577233666517235743109
z6= 87806900907564738397549610717773453177076449571783531109586605129269711167428

tra7= 7
r7= 8039716606820365938099904307893390067763291558116635494688608982298157842181
s7= 5091661312087060987187659976856511351732753252666848778115499995279239640811
z7= 75164557710878619072922020899702711526546027856036524447007198503963339749739

tra8= 8
r8= 102324203246603908807363456747628488714439305933981021093819405980483489349666
s8= 14446387861770368683427544757635650778693535978495755458995760826016925065782
z8= 61323027374152455674257148071709377842853643332899883770546261631226880337431

tra9= 9
r9= 52759726271775744856957135612527423299411333468564654090438178051981085882860
s9= 1027972243996974591111638168650284633586382718032866234046069461801784387151
z9= 70507009100503426475242745687606059486536074648509521251195691825697780454968

tra10= 10
r10= 59734964257338792796604981981071829993152131038018988108563957979537513963982
s10= 28368794004434313689095067308979565277712183029661494027471135718667797459755
z10= 105326900337310388649051558330024517737048592594255547884173151326797798704154

10 RSZ SAVED IN OUTPUT FILE



04d065447b43b466c918335a5e4872efb5c77825aa5253784c33e3c6b6208c575cfa6340a5866ee 7324ffd4709f8ffb89e3c7fb7f616641ed85c737ca4cd69d80e


can you try 256 bit with many rsz(i can generate 3000 rsz for ex) ?

your private key is 17667188011415688292006461

Less 200 bit

Privkey ?

04a885c374a9ca2110f2a92e157cf56e522be3e2a772c37b60324907dd527e6c4afac800ecc2d33 eab45f728cf18b1dcc3dba18cbd031d2fea5d52e21144c43292

tra1= 1
r1= 41565872560242209245985630894953722539561019830771503409380069854642835139660
s1= 46167697913957461218506289444898918867418909747391962463833839991148694956615
z1= 104630186537044373229025543623925248392869011065872824899506355123392418664701

tra2= 2
r2= 40362905993303186892727576539120639590744872013468303189628119988875367021363
s2= 8918722928905970064019264461524104329899290051689410020759449205555926090846
z2= 86561738864438169859743216050244971638199755679352424617453518227764854275113

tra3= 3
r3= 25227009836206853146066274158995906067712252382952926847011580079258124051832
s3= 34766875462834686582192424889565682581131461857777419964587416512193135751074
z3= 79817306508913719907099177483547750005702911789948641880602644303065989235492

tra4= 4
r4= 92325727640773617583665427532142197558187923462544104678534862941082044556363
s4= 6224825729540931937933016415048916941423257399800081331408045994527285680767
z4= 93564540381315851155740874541338221942691911675712683316763897837468622327895

tra5= 5
r5= 46916155570972263119747789707938016004455678383376661626938318859647059992150
s5= 2808362462509154258392538920672366275518138305921285538304236691475907042430
z5= 83121620153025663653557679187572740023547956092150547189743265650337381719770

tra6= 6
r6= 18788833082689876886873942688021588118985177937169687678186798540956890596666
s6= 47325451885674650638380694110263291739762382536813151360268597457383529515904
z6= 63738954508955662102576897079741747740230419508766910869430371794438560474393

tra7= 7
r7= 100558611642189173736372820835356695971474030835791215864780532245248298365754
s7= 26992763885730387324497330918603620565202144731990083288777969805508169695393
z7= 107193087403238094588484826690859188257189441020030141970982589419616226516519

tra8= 8
r8= 69869454531635138646430925605841610643991817049631568327802228880787552111940
s8= 57174573365292191562615510040027347778730170398218235301567310336970393777831
z8= 86889567024107712348112710302279565188522186171025854881914278304158234543020

tra9= 9
r9= 43519824599340269147253843009083347138048449020628507011935485144030943054517
s9= 13950835696820418627108689331594903696313300128609714200714201522342528896190
z9= 94459838706412646173836133190673074282437309201032512475270278267668073359602

tra10= 10
r10= 51937535325749168464222246901531970828610328082176905606299178472536193592216
s10= 17372938005414886861848607684580152299106919007920620976958383962893434286138
z10= 72554995752777389041443022964620966289026088653876662165578241695947492124816

tra11= 11
r11= 6679412811491885742270192144071612338943160719456195832987770587038974860343
s11= 28035223868011527961703107804390138460583125110704185041700240637502073744749
z11= 80858732891232320209019113764356900563178711207586056440455349937830353905891

tra12= 12
r12= 71000344179394965717395675695365935217390364725397883744880045853892212498468
s12= 44559501722759847437941978962068979005852110069368763518464494924041194777762
z12= 90833343858703398875072762318592084896556979787024585621481496490332657661325

tra13= 13
r13= 89978542637620994841824602159581860020850115657321405741328015919862127955794
s13= 31290605786259389756164219548170242713722284011122478144583578763906814753787
z13= 94566315297045507031928222366843785786800050163879484995242019162132074454178

tra14= 14
r14= 20678172651371024148903149169662813509131536884666466460008627370286131475739
s14= 35967090006983255349545393352990493603204929038212942628795116684901414860055
z14= 95980320197558816883220935740232660832998252884852342503720971297117572024203

14 RSZ SAVED IN OUTPUT FILE

[Program finished]

So far all you've proven is that you can't.

Break one of Satoshi's keys, then post a message singed with it.  That's all the proof I need.

Guess the best thing to do in case of successful ECC Break is to expropriate some of Satoshi Funds and live happily ever after.
But certainly not to cry it out loud about it.
To me the thread started looks like some scam shit.

No idea what you talk about, Mine doesn't need specific messages

can you, or anyone else just try my code and send the public key + 10 signatures?

Scrypt generates sighnatures, I have to scrypt for generate and scrypt for lattice solve, yes privkey will ve finded. This is not new,sabject. What new in your code ?

And you need soecific messages.


How you think find any Rial privkey from rsz from blockchain ?

I can do it of course, i just want to prove it to you

Create your own key, make as many signatures as you want.  I'm not even a coder and I can figure that part out.  How the fuck did you get as far as you've gotten without being able to solve such a basic issue?

we can use his code, we just need more signatures

No one wants to waste anymore of their time on your fantasy.  BlackHatCoiner posted his code, you can use it to create signatures until the cows come home, and test your bitcoin ender until the cows come home tomorrow.

Or better yet, do like franky1 suggested and try to break one of Satoshi's addresses.

Use your code. Just send more signatures.

Give it a try. you can run it using python python execution websites. it's a second.

there is no issue with your program, i just need it in this file and i need 10 signatures

No, and I don't think mine is faulty either. You said you can do something. It turns out that you cannot, unless readers run your key generation program.

My program is pretty simple to read. If you can detect an error, let me know. I'm not going to read what your program does, nor do I care. I replied to the thread, because I thought you would break cryptography. Not your cryptography.

Myself. that's why it so messy




could you try this code? I'm pretty sure i didn't fuck it up by having a backdoor by mistake.

edit:
chatgpt reformatted code:
import hashlib
import random
import os
import json

bitRange = 200

def inverseMod(k, p):
    if k == 0:
        raise ZeroDivisionError('division by zero')
    if k < 0:
        return p - inverseMod(-k, p)

    s, oldS = 0, 1
    t, oldT = 1, 0
    r, oldR = p, k

    while r != 0:
        quotient = oldR // r
        oldR, r = r, oldR - quotient * r
        oldS, s = s, oldS - quotient * s
        oldT, t = t, oldT - quotient * t

    return oldS % p

def pointAdd(point1, point2, p, a):
    if point1 is None:
        return point2
    if point2 is None:
        return point1

    x1, y1 = point1
    x2, y2 = point2

    if x1 == x2 and y1 != y2:
        return None

    m = (y1 - y2) * inverseMod(x1 - x2, p) if x1 != x2 else \
        (3 * x1 * x1 + a) * inverseMod(2 * y1, p)

    x3 = m * m - x1 - x2
    y3 = y1 + m * (x3 - x1)
    return (x3 % p, -y3 % p)

def scalarMult(k, point, p, n, g):
    if k % n == 0 or point is None:
        return None
    if k < 0:
        return scalarMult(-k, (point[0], -point[1] % p), p, n, g)

    result = None
    addend = point
    while k:
        if k & 1:
            result = pointAdd(result, addend, p, 0)
        addend = pointAdd(addend, addend, p, 0)
        k >>= 1
    return result

def hashMessage(message):
    messageHash = hashlib.sha512(message).digest()
    e = int.from_bytes(messageHash, 'big')
    return e >> (e.bit_length() - 256)

def signMessage(privateKey, message, nonce, p, n, g, a):
    z = hashMessage(message)
    k = nonce
    x, y = scalarMult(k, g, p, n, g)
    r = x % n
    s = ((z + r * privateKey) * inverseMod(k, n)) % n
    return r, s, z

def generateSignatures(priv, p, n, g, a, numSignatures=10):
    sigs = []
    for _ in range(numSignatures):
        nonce = random.randrange(1, 2**bitRange)
        note = str(os.urandom(25)) + str(nonce)
        msg = bytes(note, 'utf-8')
        r, s, z = signMessage(priv, msg, nonce, p, n, g, a)
        sigs.append((z, r, s))
    return sigs

def main():
    p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
    a = 0
    b = 7
    g = (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
         0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
    n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
    h = 1

    priv = random.randrange(2**(bitRange-1), 2**bitRange)
    signatures = generateSignatures(priv, p, n, g, a)

    with open("sigs.json", 'w') as f:
        sigsHex = [[hex(x) if isinstance(x, int) else x for x in sig] for sig in signatures]
        json.dump(sigsHex, f)

    print(f"Private Key = {hex(priv)}")
    point = scalarMult(priv, g, p, n, g)
    print("Public Key (X, Y):", point)

if __name__ == "__main__":
    main()


send me sigs.json and the x y of the public key.

Here's my program. As you can see, private key and nonce values are 160 bits.

So it didn't work in the end?

OP did you write the script yourself or got it from somewhere?

Idk man, maybe i did something wrong in my script. can you verify that it randomly generates signatures with random utpo 200 bit key and nonce?

If you send me the sigs.json file (the output of the script) i can predict the private key using my other script.

import hashlib
import random
import os
import json

BIT_RANGE = 200

class EllipticCurve:
    def __init__(self, name, p, a, b, g, n, h):
        self.name = name
        self.p = p
        self.a = a
        self.b = b
        self.g = g
        self.n = n
        self.h = h

class ECDSA:
    def __init__(self, curve):
        self.curve = curve

    def inverse_mod(self, k, p):
        if k == 0:
            raise ZeroDivisionError('division by zero')
        if k < 0:
            return p - self.inverse_mod(-k, p)

        s, old_s = 0, 1
        t, old_t = 1, 0
        r, old_r = p, k

        while r != 0:
            quotient = old_r // r
            old_r, r = r, old_r - quotient * r
            old_s, s = s, old_s - quotient * s
            old_t, t = t, old_t - quotient * t

        return old_s % p

    def point_add(self, point1, point2):
        if point1 is None:
            return point2
        if point2 is None:
            return point1

        x1, y1 = point1
        x2, y2 = point2

        if x1 == x2 and y1 != y2:
            return None

        m = (y1 - y2) * self.inverse_mod(x1 - x2, self.curve.p) if x1 != x2 else \
            (3 * x1 * x1 + self.curve.a) * self.inverse_mod(2 * y1, self.curve.p)

        x3 = m * m - x1 - x2
        y3 = y1 + m * (x3 - x1)
        return (x3 % self.curve.p, -y3 % self.curve.p)

    def scalar_mult(self, k, point):
        if k % self.curve.n == 0 or point is None:
            return None
        if k < 0:
            return self.scalar_mult(-k, (point[0], -point[1] % self.curve.p))

        result = None
        addend = point
        while k:
            if k & 1:
                result = self.point_add(result, addend)
            addend = self.point_add(addend, addend)
            k >>= 1
        return result

    def make_keypair(self, private):
        public_key = self.scalar_mult(private, self.curve.g)
        return private, public_key

    def hash_message(self, message):
        message_hash = hashlib.sha512(message).digest()
        e = int.from_bytes(message_hash, 'big')
        return e >> (e.bit_length() - self.curve.n.bit_length())

    def sign_message(self, private_key, message, nonce):
        z = self.hash_message(message)
        k = nonce
        x, y = self.scalar_mult(k, self.curve.g)
        r = x % self.curve.n
        s = ((z + r * private_key) * self.inverse_mod(k, self.curve.n)) % self.curve.n
        return r, s, z

    def generate_signatures(self, priv, num_signatures=10):
        sigs = []
        for _ in range(num_signatures):
            nonce = random.randrange(1, 2**BIT_RANGE)
            note = str(os.urandom(25)) + str(nonce)
            msg = bytes(note, 'utf-8')
            private_key, public_key = self.make_keypair(priv)
            r, s, z = self.sign_message(priv, msg, nonce)
            sigs.append((z, r, s))
        return sigs

def main():
    curve = EllipticCurve(
        'secp256k1',
        p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f,
        a=0,
        b=7,
        g=(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
           0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8),
        n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141,
        h=1,
    )

    ecdsa = ECDSA(curve)
    priv = random.randrange(2**(BIT_RANGE-1), 2**BIT_RANGE)
    signatures = ecdsa.generate_signatures(priv)

    with open("sigs.json", 'w') as f:
        sigs_hex = [[hex(x) if isinstance(x, int) else x for x in sig] for sig in signatures]
        json.dump(sigs_hex, f)

    print(f"Private Key = {hex(priv)}")

if __name__ == "__main__":
    main()

can get rsz by yourself

https://github.com/albertobsd/rsz


Provide any proofs what your scrypt is work, pls

 

I can provide a million of them, but I feel like I'll be wasting my time.