Final equations:
Code:
k=(z+rd)/s
d=(sk-z)/r
I try use this calculate puzzle #115 but it now work
Can you help to samplecalculate puzzle #115
Topic: lattice-attack || how to run without error - page 7. (Read 2848 times)
Final equations:
I try use this calculate puzzle #115 but it now work
Can you help to samplecalculate puzzle #115
Just use your public key as R-value in your signature.
Final signature:
Edit:Final equations:
If you know k, you can get d. If you know d, you can get k. It is a pair of connected numbers.
Code:
address=17s2b9ksz5y7abUm92cHwG8jEPCzK3dLnT
pubkey=02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
R=02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
SHA-256("120-bit puzzle")=c43bc2e003908850dda3ff2fec69c3028027260ea7eef98746260eb83abe0a18
SHA-256("garlonicon")=272fc6644fedff1a897d6034bed23f61859e99440ee699033307976590316723
s=(z+rd)/k
sk=z+rd
sk-z=rd
d=(sk-z)/r
d=(s/r)k-(z/r)
d+(z/r)=(s/r)k
Q+(z/r)=(s/r)R
z/r=SHA-256("120-bit puzzle")=c43bc2e003908850dda3ff2fec69c3028027260ea7eef98746260eb83abe0a18
s/r=SHA-256("garlonicon")=272fc6644fedff1a897d6034bed23f61859e99440ee699033307976590316723
R=02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
(s/r)R=02276385F22DF0977507516B945B57AC6A74EFEA22E957098B25BDE461696774A0
Q=(s/r)R-(z/r)
(z/r)*G=0315523C6FD9EBA6DB17B946888CA76AE0D3C2B53AB63901ABCAFA0D0A07552DEE
-(z/r)*G=0215523C6FD9EBA6DB17B946888CA76AE0D3C2B53AB63901ABCAFA0D0A07552DEE
Q=02B77D94ADE49B1FF647E012ACD91CF15A7DA1D553CC386E52D9C42E717FAEA4D0
z=(z/r)*r
r=ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
n=fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
z=2de0c47667be3d8a1a36140df763c4a6243ba04663863d761fa552d8d7791c03
s=(s/r)*r
s=2e92f964982c1337f36ca51cd0ca5cfce0526295a03597cc0ddf72babf55d065
Code:
Q=02B77D94ADE49B1FF647E012ACD91CF15A7DA1D553CC386E52D9C42E717FAEA4D0
z=2de0c47667be3d8a1a36140df763c4a6243ba04663863d761fa552d8d7791c03
r=ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
s=2e92f964982c1337f36ca51cd0ca5cfce0526295a03597cc0ddf72babf55d065
Edit:
Quote
if know private key how to calculate to know nonce in python
Code:
s=(z+rd)/k
sk=z+rd
k=(z+rd)/s
sk-z=rd
d=(sk-z)/r
Code:
k=(z+rd)/s
d=(sk-z)/r
Quote
if can modify lattice-attack or cam switch from weak nonce to calculate weak private key may be possible to use solve puzzle 120-160 bit
It is possible, but there is only one problem: you need two signatures. And you need two random signatures, not just two any signatures. Lattice is not that deterministic, you cannot use N and N-1 as your 120-bit nonce. I tried solving this Taproot testnet puzzle transaction: 448b81b2b3c2c8558d268e4f515ff38eb6367d156babbc3733a14834a5a6e7b0. My conclusion is: even for small keys (like 8-bit key) it is not so deterministic. You need a sufficiently random and weak key, you cannot just use any key.right it requires two sign for calculate
I would like to try to check weak nonce from key generate
if know private key how to calculate to know nonce in python
Quote
if can modify lattice-attack or cam switch from weak nonce to calculate weak private key may be possible to use solve puzzle 120-160 bit
It is possible, but there is only one problem: you need two signatures. And you need two random signatures, not just two any signatures. Lattice is not that deterministic, you cannot use N and N-1 as your 120-bit nonce. I tried solving this Taproot testnet puzzle transaction: 448b81b2b3c2c8558d268e4f515ff38eb6367d156babbc3733a14834a5a6e7b0. My conclusion is: even for small keys (like 8-bit key) it is not so deterministic. You need a sufficiently random and weak key, you cannot just use any key.
just random idea
if can modify lattice-attack or cam switch from weak nonce to calculate weak private key may be possible to use solve puzzle 120-160 bit
I mean lattice-attack can solve weak nonce 128 bit and 256 bit private key
if can modify to change calculate strong nonce but weak private key meybe can use for solve 120 bit puzzle
but 120 bit puzzle have only R and S one set only
if can modify lattice-attack or cam switch from weak nonce to calculate weak private key may be possible to use solve puzzle 120-160 bit
I mean lattice-attack can solve weak nonce 128 bit and 256 bit private key
if can modify to change calculate strong nonce but weak private key meybe can use for solve 120 bit puzzle
but 120 bit puzzle have only R and S one set only
it is just mathematics research and it needs some leaked information to calculate, can not attack ECDSA that no leak data
Last bit is posible to recovery maybe, or use nonse what probably has msb in zeros....
it is just mathematics research and it needs some leaked information to calculate, can not attack ECDSA that no leak data
There might be problem with your Ubuntu 20.04 or library's setup.py. I tried it on Debian 11 (inside VM) and could run the library without any problem.
Thank you ETFbitcoin
I do a quick test on Debian in WSL2 windows, it is works
I got same result run on Debian no problem
Some problems with install fpylll
Developer using Ubuntu >= 20.04
So try on Ubuntu 20.04
pip install git+https://github.com/bitlogik/lattice-attack
pip install git+https://github.com/fplll/fpylll.git
All command try installs not successful both on os windows and Linux
using conda not successful too
conda install -c conda-forge fpylll
all methods include update apt too
sudo add-apt-repository universe
sudo apt update
sudo apt install python3-fpylll
pip install Cython
all fail
There might be problem with your Ubuntu 20.04 or library's setup.py. I tried it on Debian 11 (inside VM) and could run the library without any problem.
Code:
git clone https://github.com/bitlogik/lattice-attack
cd lattice-attack/
sudo apt install python3-cryptography python3-fpylll
python3 gen_data.py # generate example data
python3 lattice_attack.py -f data.json # perform attack with example data
This is the output.
Code:
----- Lattice ECDSA Attack -----
Loading data from file data.json
Running with 6 bits of k (LSB)
Starting recovery attack (curve SECP256K1)
Constructing matrix
Solving matrix ...
LLL reduction
Key found \o/
0xb75d59be7755c7af999687b769aeac541422ace964eb92d00f1c9a8017b1b7f9
Some problems with install fpylll
Developer using Ubuntu >= 20.04
So try on Ubuntu 20.04
pip install git+https://github.com/bitlogik/lattice-attack
pip install git+https://github.com/fplll/fpylll.git
All command try installs not successful both on os windows and Linux
using conda not successful too
conda install -c conda-forge fpylll
all methods include update apt too
sudo add-apt-repository universe
sudo apt update
sudo apt install python3-fpylll
pip install Cython
all fail
All question you asked already answered on the repository.
From https://github.com/bitlogik/lattice-attack#use, data.json contain some information needed to perform lattice attack.
You can either make it manually or use gen_data.py
You need to specify what kind of error you encountered. Have you fulfilled requirements which mentioned at https://github.com/bitlogik/lattice-attack#requirements?
what is data.json 
From https://github.com/bitlogik/lattice-attack#use, data.json contain some information needed to perform lattice attack.
how to make it
You can either make it manually or use gen_data.py
Code:
python3 gen_data.py
Code:
python3 gen_data.py -f data1.json -m "HelloYou" -c SECP256R1 -b 8 -t MSB -n 50
how to run without error
You need to specify what kind of error you encountered. Have you fulfilled requirements which mentioned at https://github.com/bitlogik/lattice-attack#requirements?
any one make video for lattice-attack project
what is data.json ,how to make it
how to run without error
this is git https://github.com/bitlogik/lattice-attack
send video my mail : [email protected] or upload youtube send link please..
what is data.json
,how to make ithow to run without error
this is git https://github.com/bitlogik/lattice-attack
send video my mail : [email protected] or upload youtube send link please..
Jump to: