Topic: R,S,Z , K nonce and public key Signature samples - page 2. (Read 1045 times)

sorry......I can't recovery private key for this 2 rsz

my result:
k1 = 0
k2 = 1

Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address： 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe

Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address： 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz

show your private key .. ??

I had edit my post ~~ fix it  #130
public key 0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3

and Provide 5 sets of my own generated rsz for #130

# 130   rsz  1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130   rsz  2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130   rsz  3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130   rsz  4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130   rsz  5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

  1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua

These are not as easy as you may think.


Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

With k2 = k1 + 1.

the same r value , we can recovery private key ........

but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...

But we need to know the bits of  k ， from every set of r s z .........

if anyone can know the bits of k from every r s z and public key  ,  all bitcoin address that leaks the public key can recovery private key

Of course, currently only 252 bit k can be recovery by the lattice attack.

https://githubhelp.com/bitlogik/lattice-attack/issues/2 
The authors of the lattice-attack mentioned that they were also unable to crack more than k > 252 bits~~~

For the topic "down to 2 bits", note that we never found a private key using our LatticeAttack software below 4 know bits, hence the restriction put in place that prevent the user to run it with lower than 4 bits. But we never performed long running time. Using higher RECOVERY_SEQUENCE "effort" block size, combined with a loop "-l" can be a way to recover key with 3 or even 2 bits. That would just require long running times (several hours), and no guarantee of result.

Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you 

Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.

https://bitcointalk.org/index.php?topic=5394249.100

read it ....... garlonicon share his source code
Even if I have 100,000 puzzle #130 r , s, z
I still can't use lattice-attack crack ....Because the generated rsz and k values ​​are unknown....
I used my private key and public key to see nonce  K value ...

From the probability, more than 50% is a 256-bit nonce K value ~~ It must be 252 bit or less bit ......
Unless you can know from these 100,000 rsz which nonce k bits are less than 252 bit , and select 88 group for lattice attack...
This probability is lower than guessing any Bitcoin private key   

N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

if N <= 252 bit , we can use  #130 public key to produce 70 ~ 100  fake rsz ,  and  ECDSA  will broken ~~~ Now, ECDSA is still safe

would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you

I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only 1  rsz  is  known , but 1000 rsz can be produced using the public key,  the nonce K value will be 240~256 bits

50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit

However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use  lattice-attack

# 130  Public Key ( Fix  2024/06/25 )
0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3

Address:    1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua

I create some rsz as #130 , these are address  "1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua"  and the public keys are #130 public key
 

thats done. awhile ago.

Offtop, how if your twist attack?

Saw some comments of users looking for R,S,Z Signatures and public key sample for research purposes.

So i created a script where you can have a little more details than you need. Its a simple script so you can do your various research that you wish on ECDSA Secp256k1 signatures.

you can download it here. https://github.com/KrashKrash/ecdsa-rsz-signature



just a little more info for you who are just starting out to do the research, some call it z, some call it message(hash) some just call it h. but it means the same thing.

message or m  = the original message
H(m) or h or z = the hash of the message
H(m), h or z depending on who you talk to, is the hash of the message. same meaning.

I just want to have this information out here so you don't waste your time thinking what is h and what is z. Good luck on your research.