Thank you very much, I will try again.
With your permission, I would like to ask a question; I saw that you also wrote about lattice attack. How can I find known bits? Do you have any knowledge about this topic
Topic: Nonce k, k+1 python code (Read 203 times)
Hello friends. Inspired by the table on iceland's rsz, I created code in phyton for the cases where k,k+1...k+m. Since there is no such example whose private key I know, I ask you to check it. If it works, I will publish it on github. As far as I can see, there is no such resource, we can all benefit from it. Can anyone who sees it please check it out and give their opinions?
Syntax Error: There is a syntax error in the last line of your code. The ^ operator is used for bitwise XOR in Python, but it seems you intended to use it for exponentiation. For exponentiation, you should use **.Code:
def h(n):
return hex(n).replace("0x","")
def extended_gcd(aa, bb):
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient*x, x
y, lasty = lasty - quotient*y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)
def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
R1 = 0x49bf1b1c8364c4179bd82a3be28b1a326c2c1b2d120c3264865ecbc4dbaed4b3
S1 = 0x4ad0d60d72880bf0a51d88d0d5138ffa3593273bd0b3d48a5afe04023db9c2c9
Z1 = 0x1362d682d8872a0451e5f0d86f743a62bf0730b57ddddc901668d837cbfa2f48
R2 = 0x00ad7991e3b3d36f6f17a22fad1faddc53e7c124e5b6626db172c79299fce5cfb6
S2 = 0x10ecd8352675027f74edc18180ac083d75a1488497c6c3078a5966015514ac46
Z2 = 0xfec02a5d53eb20a6e470b7c321e0da83ea6d677f600f67033abf4b0e6b8745aa
m = 1
print (h(((S2*m*R1 + Z1*R2 - Z2*R1) * (S1*R2 - S2*R1)^(-1)) % N))
Incorrect usage of ^: Even after fixing the syntax error, using ^ for exponentiation won't work as intended. In Python, the correct operator for exponentiation is **.
Missing division function: The division in the last line of your code should be a modular division, but it's currently missing. You'll need to implement a modular division function to ensure correctness.
code: print(h(((S2 * m * R1 + Z1 * R2 - Z2 * R1) * modinv(S1 * R2 - S2 * R1, N)) % N))
Is there no one who can check this?
Hello friends. Inspired by the table on iceland's rsz, I created code in phyton for the cases where k,k+1...k+m. Since there is no such example whose private key I know, I ask you to check it. If it works, I will publish it on github. As far as I can see, there is no such resource, we can all benefit from it. Can anyone who sees it please check it out and give their opinions?
Code:
def h(n):
return hex(n).replace("0x","")
def extended_gcd(aa, bb):
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient*x, x
y, lasty = lasty - quotient*y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)
def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
R1 = 0x49bf1b1c8364c4179bd82a3be28b1a326c2c1b2d120c3264865ecbc4dbaed4b3
S1 = 0x4ad0d60d72880bf0a51d88d0d5138ffa3593273bd0b3d48a5afe04023db9c2c9
Z1 = 0x1362d682d8872a0451e5f0d86f743a62bf0730b57ddddc901668d837cbfa2f48
R2 = 0x00ad7991e3b3d36f6f17a22fad1faddc53e7c124e5b6626db172c79299fce5cfb6
S2 = 0x10ecd8352675027f74edc18180ac083d75a1488497c6c3078a5966015514ac46
Z2 = 0xfec02a5d53eb20a6e470b7c321e0da83ea6d677f600f67033abf4b0e6b8745aa
m = 1
print (h(((S2*m*R1 + Z1*R2 - Z2*R1) * (S1*R2 - S2*R1)^(-1)) % N))
Jump to: