@garlonicon
Because you can explain this lattice method in a full example
If you want, create a new thread, call it eg
Lattice method explainedTake puzzle 100 data (or something else)
Make a step by step explanation in the OP.
People can ask, contribute and you can edit the OP.
Would be cool
Now I only know basic things, like for example how ECDSA works. Understanding how lattices works is ongoing, I need more time to come up with something useful. All what I already know is based on ECDSA properties. For example, if you have a public key, then you can add or subtract any number or public key, or you can multiply and divide it by any known number. And based on that I know that any signature is just a relation between the public key and the "signature public key".
s=(z+rd)/k
sk=z+rd
sk-z=rd
rd=sk-z
d=(sk-z)/r
d=(s/r)k-(z/r)
d*G=(s/r)*k*G-(z/r)*G
Q=(s/r)*R-(z/r)*G
So, if you have some public key Q, then you can choose some "(z/r)", and then choose some "(r/s)". Just because:
(Q+(z/r)*G)*(r/s)*G=R
So, you can first choose some "(z/r)", then choose some "(r/s)", then you will get some "R", so you can convert it into "r" by taking "r=R.x", and then you can reach a valid "(r,s,z)" tuple for a given Q. All values will be random, but it doesn't matter for lattice if you have real data from the real blockchain or not. They are random. And the level of your randomness depends on how random is your picked "(z/r)" and "(r/s)", because it is just a linear transformation of adding some number and multiplying by some number to go from Q to R.
But in general, the properties of ECDSA allows you to pick any "(z/r)" and "(r/s)" values. That means, you can create any lattice you want. And then, the quality of your lattice can decide, if you can recover the keys or not, because if they are not random enough, then you will reach nothing. Trying to solve "x=2y" by adding "2x=4y" just won't work, that's why it should be random enough.
So, as you can see, I know ECDSA relations. But the most useful part is still missing, because I still don't know how to construct a proper lattice that would allow recovering some keys. I tried to use that to recover small keys, but my lattices failed for keys with 8 bits, so something is not right and I still have to dig deeper to produce some general solution for lattices.