R,S,Z , K nonce and public key Signature samples

Sergey Magalyas

newbie

Activity: 14

Merit: 0

Quote from: krashfire on June 25, 2024, 01:11:27 AM

Quote from: jacky19790729 on June 24, 2024, 05:21:41 AM

I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only one rsz is know , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits

would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you

Friend, give me a code that allows you to create 1000 rsz using a public key.

garlonicon

copper member

Activity: 821

Merit: 1992

Quote

can you share more numbers

Just use inversion, and get some ECC calculator:

Code:

1/2=0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1
1/3=0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9d1c9e899ca306ad27fe1945de0242b81
1/4=0xbfffffffffffffffffffffffffffffff0c0325ad0376782ccfddc6e99c28b0f1
1/5=0x66666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7
1/6=0xd5555555555555555555555555555554463c62c03cbc85871fd9f975582d3661
1/7=0x49249249249249249249249249249248c79facd43214c011123c1b03a93412a5
1/8=0xdffffffffffffffffffffffffffffffee3590149d95f8c3447d812bb362f7919
1/9=0x8e38e38e38e38e38e38e38e38e38e38d842841d57dd303af6a9150f8e5737996
1/10=0xb33333333333333333333333333333324f7a676e477fa35d0646756291bf9414
1/11=0xa2e8ba2e8ba2e8ba2e8ba2e8ba2e8ba219b51835b55cc30ebfe2f6599bc56f58
1/12=0xeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa980759fd3760292e16fd62c011431bbd1
1/13=0x13b13b13b13b13b13b13b13b13b13b139834d5ea5c40a9dd3623dfe3727a53ca
1/14=0xa4924924924924924924924924924923c12744dd70aeb02669073cc83cb529f3
1/15=0x22222222222222222222222222222221f6c1fb51f53ce22a19938412c66da24d
1/16=0xeffffffffffffffffffffffffffffffecf03ef184454163803d538a40332dd2d
...
1/128=0x7dffffffffffffffffffffffffffffff5fe210b98a45bedd68698a894e7ab41e
1/129=0xa4b692da4b692da4b692da4b692da4b5c18a4ea054ff19b357b30348bd881e14
1/130=0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
1/131=0x7b1d501f44659e4a427157f05dcd30da4254182896bd4f03546ef0e3f6b28500
1/132=0xb83e0f83e0f83e0f83e0f83e0f83e0f753ee5548eea2d0690fdf28e557c9f4c8
1/133=0xe8e6fa39be8e6fa39be8e6fa39be8e6e7ba4dc37e2d648a225da5604eb9f12f2
1/134=0x05bb39503d226357e16ece540f4898d5f11332cbd9e4f81fe7a346e495db0176
1/135=0xe759203cae759203cae759203cae7590ddcd6e80d38035c802aef0f1080384ed
...
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413d=0x3fffffffffffffffffffffffffffffffaeabb739abd2280eeff497a3340d9050
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e=0x55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f=0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140

For example: https://www.boxentriq.com/code-breaking/big-number-calculator

Kpot87

jr. member

Activity: 43

Merit: 1

Quote from: garlonicon on July 30, 2024, 07:48:24 AM

Quote

Code:

s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
            ^repeated pattern^        |<----       130 bits       --->|

It is just an inversion of 0x82, nothing special. If you multiply 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e by 0x82, you will get 0x1affffffffffffffffffffffffffffffddb0714c547ca8e64d3b2ff8d9f5b8e1dc as a result, which is equal to one, if you apply modulo n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 on that.

can you share more numbers like 0x1affffffffffffffffffffffffffffffddb0714c547ca8e64d3b2ff8d9f5b8e1dc
thank you!

JDScreesh

jr. member

Activity: 47

Merit: 13

Hi there.

Puzzle 130 was solved, but I don't know which script or technique was used Huh

Anyway, gratz to the solver

COBRAS

member

Activity: 873

Merit: 22

$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk

Lattice for rs and pub

https://bitcointalksearch.org/topic/--5504929

JohnnyTX

newbie

Activity: 5

Merit: 0

Quote from: garlonicon on July 30, 2024, 07:48:24 AM

It is just an inversion of 0x82, nothing special.

Well, thanks, I was too hasty this time.

garlonicon

copper member

Activity: 821

Merit: 1992

Quote

Code:

s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
^repeated pattern^ |<---- 130 bits --->|

It is just an inversion of 0x82, nothing special. If you multiply 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e by 0x82, you will get 0x1affffffffffffffffffffffffffffffddb0714c547ca8e64d3b2ff8d9f5b8e1dc as a result, which is equal to one, if you apply modulo n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 on that.

JohnnyTX

newbie

Activity: 5

Merit: 0

Quote from: jacky19790729 on July 29, 2024, 01:04:13 PM

I can't understand special values

Which values? All values are special ;-)
First 3 signatures use Satoshi private key #1 as a nonce, but signed real messages (not random). Nobody noticed?
The fourth signature signs again real message, and with the same key also a private key of Puzzle #130 as input, there is no "why", that's an intention.

~~And finally the value of s2 shows the weakness of the private key here~~:

Code:

s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
^repeated pattern^ |<---- 130 bits --->|

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: JohnnyTX on July 29, 2024, 07:22:10 AM

Public Key 0x40f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb, 0x28c29cc6ec6f2ddf9f54f32da1ea727de71c2ef168528475f5233ba28c06c4a8

Code:

r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = SHA256('This is test 4.')

r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130

Interesting, right?

Recovered Bitcoin public key: 0240f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb
Bitcoin Address： 1AaEnbgVCKmG7RM8KYxjiQ2xaqn4NmyA7a

r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = 0x9cabe7317b243f04a211a282035b96caa14d646dc32ba0e326f52d43cef07d8c

why z2 will be Private key for Puzzle #130 ??

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: JohnnyTX on June 25, 2024, 09:15:25 AM

Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you Wink

Code:

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=SHA256('This is test 1.')
PubKey=0x3e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de, 0x7903116327cab6891b810588e4c909273c7eb013aea2162fa63afa1f11562b3a

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=SHA256('This is test 2.')
PubKey=0xc79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081, 0x525bd76c21c8e2d45725a378c973a646d5971acd8f240322e5f1fdf0ed4f8589

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=SHA256('This is test 3.')
PubKey=0xc03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84, 0x97ffbac6bec2de2b8d9f9bcaeced8e56abdd0b3996b48153cf0a1a92dc2d5529

Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.

Recovered Bitcoin public key: 023e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de
Bitcoin Address： 1ak61eAXk4bxNbovZuqh4f1PxBaf1VUBV
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=0xe0f6c07e19eb2dfa2e0c3586a2a9f4b225dba10c353fc354baa2dabcc9d42051

---
Recovered Bitcoin public key: 03c79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081
Bitcoin Address： 1GLKrFmj8eUsHS7s91PTMh2L6rPtF1RzNj
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=0x48ef5d298a862b6f74338ebb5281f5212d8221a2fd8cce827be72779bffd25dd

---
Recovered Bitcoin public key: 03c03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84
Bitcoin Address： 17aj9BWZyDTqr6UnK7LScoCHdsbFRT6LZG
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=0x1e6a32d38fb096d19ad46186c6299f82b7bfd5a92d0d3b17142e8ff18b75e358

I can't understand special values

JohnnyTX

newbie

Activity: 5

Merit: 0

Public Key 0x40f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb, 0x28c29cc6ec6f2ddf9f54f32da1ea727de71c2ef168528475f5233ba28c06c4a8

Code:

r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = SHA256('This is test 4.')

r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130

Interesting, right?

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: JohnnyTX on June 25, 2024, 12:55:44 PM

Code:

# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a

Code:

N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

def inv(a):
return pow(a, N - 2, N)

r1 = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s1 = 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z1 = 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

HA = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 * inv(0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2)
HA = HA % N
print("HA: %064x" % HA )

r2 = 0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2 * HA
s2 = 0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11 * HA
z2 = 0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a * HA

z2 = z2 - s2
r2 = r2 % N
s2 = s2 % N
z2 = z2 % N

print("r1= 0x%064x " % r1 )
print("s1= 0x%064x " % s1 )
print("z1= 0x%064x " % z1 )
print("r2= 0x%064x " % r2 )
print("s2= 0x%064x " % s2 )
print("z2= 0x%064x " % z2 )

output:
HA: e809a06f968e72e232e96f55e26f809d22d922681acca6904f12c4ba1b53018d
r1 = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s1 = 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z1 = 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
r2= 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s2= 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z2= 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

r1 = r2 , s1 = s2 , z1 = z2 .......Your 2 rsz are from the same rsz Cry

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: COBRAS on June 25, 2024, 03:39:34 PM

Code:

# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a

You try bruteforce 02d7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 ?

no....bruteforce nonce k , that is impossible

It's seem use 1 rsz convert to 2 rsz
even know that
k2 = k1 + 1
I still can't recovery private key

COBRAS

member

Activity: 873

Merit: 22

$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk

Quote from: jacky19790729 on June 25, 2024, 02:00:33 PM

Quote from: JohnnyTX on June 25, 2024, 12:55:44 PM

Code:

# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a

With k2 = k1 + 1.

sorry......I can't recovery private key for this 2 rsz

my result:
k1 = 0
k2 = 1

Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address： 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe

Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address： 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz

show your private key .. ??

You try bruteforce 02d7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 ?

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: JohnnyTX on June 25, 2024, 12:55:44 PM

Code:

# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a

With k2 = k1 + 1.

sorry......I can't recovery private key for this 2 rsz

my result:
k1 = 0
k2 = 1

Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address： 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe

Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address： 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz

show your private key .. ??

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: JohnnyTX on June 25, 2024, 12:55:44 PM

Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

I had edit my post ~~ fix it #130
public key 0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3

and Provide 5 sets of my own generated rsz for #130

# 130 rsz 1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130 rsz 2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130 rsz 3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130 rsz 4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130 rsz 5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua

JohnnyTX

newbie

Activity: 5

Merit: 0

Quote from: jacky19790729 on June 25, 2024, 11:01:32 AM

the same r value , we can recovery private key ........

These are not as easy as you may think.

Quote from: jacky19790729 on June 25, 2024, 11:01:32 AM

but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...

But we need to know the bits of k ， from every set of r s z .........

Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

Code:

# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a

With k2 = k1 + 1.

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: JohnnyTX on June 25, 2024, 09:15:25 AM

Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you Wink

Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.

the same r value , we can recovery private key ........

but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...

But we need to know the bits of k ， from every set of r s z .........

if anyone can know the bits of k from every r s z and public key , all bitcoin address that leaks the public key can recovery private key

Of course, currently only 252 bit k can be recovery by the lattice attack.

https://githubhelp.com/bitlogik/lattice-attack/issues/2
The authors of the lattice-attack mentioned that they were also unable to crack more than k > 252 bits~~~

For the topic "down to 2 bits", note that we never found a private key using our LatticeAttack software below 4 know bits, hence the restriction put in place that prevent the user to run it with lower than 4 bits. But we never performed long running time. Using higher RECOVERY_SEQUENCE "effort" block size, combined with a loop "-l" can be a way to recover key with 3 or even 2 bits. That would just require long running times (several hours), and no guarantee of result.

JohnnyTX

newbie

Activity: 5

Merit: 0

Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you Wink

Code:

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=SHA256('This is test 1.')
PubKey=0x3e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de, 0x7903116327cab6891b810588e4c909273c7eb013aea2162fa63afa1f11562b3a

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=SHA256('This is test 2.')
PubKey=0xc79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081, 0x525bd76c21c8e2d45725a378c973a646d5971acd8f240322e5f1fdf0ed4f8589

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=SHA256('This is test 3.')
PubKey=0xc03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84, 0x97ffbac6bec2de2b8d9f9bcaeced8e56abdd0b3996b48153cf0a1a92dc2d5529

Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.

jacky19790729

jr. member

Activity: 82

Merit: 8

Quote from: krashfire on June 25, 2024, 01:11:27 AM

would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you

https://bitcointalk.org/index.php?topic=5394249.100

read it ....... garlonicon share his source code
Even if I have 100,000 puzzle #130 r , s, z
I still can't use lattice-attack crack ....Because the generated rsz and k values are unknown....
I used my private key and public key to see nonce K value ...

From the probability, more than 50% is a 256-bit nonce K value ~~ It must be 252 bit or less bit ......
Unless you can know from these 100,000 rsz which nonce k bits are less than 252 bit , and select 88 group for lattice attack...
This probability is lower than guessing any Bitcoin private key Cry

N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

if N <= 252 bit , we can use #130 public key to produce 70 ~ 100 fake rsz , and ECDSA will broken ~~~ Now, ECDSA is still safe

Topic: R,S,Z , K nonce and public key Signature samples (Read 751 times)