R,S,Z , K nonce and public key Signature samples - page 2.

krashfire

member

Activity: 127

Merit: 14

Life aint interesting without any cuts and bruises

Quote from: jacky19790729 on June 24, 2024, 05:21:41 AM

I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only one rsz is know , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits

50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit

However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use lattice-attack

# 130 Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

create #130 rsz

Code:

# 130 rsz 1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130 rsz 2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130 rsz 3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130 rsz 4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130 rsz 5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

....
....
....

would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you

jacky19790729

jr. member

Activity: 82

Merit: 8

I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only 1 rsz is known , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits

50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit

However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use lattice-attack

# 130 Public Key ( Fix 2024/06/25 )
0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3

Address: 1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua

I create some rsz as #130 , these are address "1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua" and the public keys are #130 public key

Code:

# 130 rsz 1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130 rsz 2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130 rsz 3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130 rsz 4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130 rsz 5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

....
....
....

krashfire

member

Activity: 127

Merit: 14

Life aint interesting without any cuts and bruises

Quote from: Kpot87 on June 22, 2024, 12:50:33 PM

Offtop, how if your twist attack?

thats done. awhile ago.

Kpot87

jr. member

Activity: 43

Merit: 1

Offtop, how if your twist attack?

krashfire

member

Activity: 127

Merit: 14

Life aint interesting without any cuts and bruises

Saw some comments of users looking for R,S,Z Signatures and public key sample for research purposes.

So i created a script where you can have a little more details than you need. Its a simple script so you can do your various research that you wish on ECDSA Secp256k1 signatures.

you can download it here. https://github.com/KrashKrash/ecdsa-rsz-signature

Code:

=== ECDSA Signature Details ===

BTC Address: 1JvF4Bn4yF6GThYEA7pfhp3j8Xb6wu2t8D
Private Key: edb01804beb2e95898648ae87f1fa072d53b3b6f4564e092065bac907f063b9d

Signature (r, s, z):
  r: 634e6e5d85360927c64d66bdd616dc58ac6b72cd22fac01c544236b63734ad35
  s: 7fe9088b3849cddb82f38ef9244a06c413addb38031ee01a38e675ff28579d8a
  z: 6ad532092bb3f4ee012e61df35c95efc7d9e9fa5653c371bc843fa4b3627f01f
  k (nonce): 695e5e4c01e8ac9d77b7ecdd9881d50bb397ff7e54e082240a19b714c4de7ef8
PubKey: 034f966cdcc502d17876270349736f6a20f13edb5eccb5a92d1c702a0e059a9ba9

Signature Verification: Valid

just a little more info for you who are just starting out to do the research, some call it z, some call it message(hash) some just call it h. but it means the same thing.

message or m = the original message
H(m) or h or z = the hash of the message
H(m), h or z depending on who you talk to, is the hash of the message. same meaning.

I just want to have this information out here so you don't waste your time thinking what is h and what is z. Good luck on your research.

Topic: R,S,Z , K nonce and public key Signature samples - page 2. (Read 761 times)