Topic: R,S,Z , K nonce and public key Signature samples (Read 913 times)
Intriguing all the same, this RetiredCoder his way of writing, of composing his posts and some facts intrigue me (1 example post de JohnnyTX 29/07/24) I'm probably wrong but satoshi_rider= RetiredCoder=satoshi why not 🤔?! I don't understand the meaning of some of his messages including the one in the signature of #130 involving a famous quote from Jules Verne?? nor why this one….nor even how it was a clue if not a message or rather an implied clue free to everyone to appreciate its significance. Why is it he who gives the explanation then the privkey on how to achieve it and not the solver…. strange brief
Code:
r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130
Code:
z2 = 0x33e7665705359f04f28b88cf897c603c9
Code:
r = 0xdb30127de06f6c9d04e4ebc9cdefb93433a37be972db697b21c22724f6cf69d2
s = 0xe759203cae759203cae759203cae7590ddcd6e80d38035c802aef0f1080384ed
z = Private key for Puzzle #135
Hi, can you multiply or add r to number and edit s,z after , so what signatures will be valid ?
the question is how RetiredCoder makes this valuable and connected
"r1_1 = 02de97092bfb7c02148a827b4f8b62db1e189a739c77815799df5e6fb35ae88a1f
r2_1 = 02838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc
delta = 031e283a9ebc4c50b0a93f27d411e69d0a97aad2a6d4ae26f5725f8b55fb5176f5
delta _k = 0xfffffffffffffffffffffffffffffffebaaedce6af487e246f4eac90b714b3bd
N- delta _k = 0x22175083b1fc19218d84
r1_2= 03de97092bfb7c02148a827b4f8b62db1e189a739c77815799df5e6fb35ae88a1f
r2_2= 03838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc
delta = 021e283a9ebc4c50b0a93f27d411e69d0a97aad2a6d4ae26f5725f8b55fb5176f5
delta _k = 0x22175083b1fc19218d84
PK = 33e7665705359f04f28b88cf897c603c9" I wasted maybe 48 hours coding
,Then, one out of the community claimed the puzzle and didn`t show up.
where are you? 
Code:
r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130
Code:
z2 = 0x33e7665705359f04f28b88cf897c603c9
Code:
r = 0xdb30127de06f6c9d04e4ebc9cdefb93433a37be972db697b21c22724f6cf69d2
s = 0xe759203cae759203cae759203cae7590ddcd6e80d38035c802aef0f1080384ed
z = Private key for Puzzle #135
Hi, can you multiply or add r to number and edit s,z after , so what signatures will be valid ?
Code:
r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130
Code:
z2 = 0x33e7665705359f04f28b88cf897c603c9
Code:
r = 0xdb30127de06f6c9d04e4ebc9cdefb93433a37be972db697b21c22724f6cf69d2
s = 0xe759203cae759203cae759203cae7590ddcd6e80d38035c802aef0f1080384ed
z = Private key for Puzzle #135
I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months
# 130 Although only one rsz is know , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits
# 130 Although only one rsz is know , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits
would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you
Friend, give me a code that allows you to create 1000 rsz using a public key.
Quote
can you share more numbers
Just use inversion, and get some ECC calculator:Code:
1/2=0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1
1/3=0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9d1c9e899ca306ad27fe1945de0242b81
1/4=0xbfffffffffffffffffffffffffffffff0c0325ad0376782ccfddc6e99c28b0f1
1/5=0x66666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7
1/6=0xd5555555555555555555555555555554463c62c03cbc85871fd9f975582d3661
1/7=0x49249249249249249249249249249248c79facd43214c011123c1b03a93412a5
1/8=0xdffffffffffffffffffffffffffffffee3590149d95f8c3447d812bb362f7919
1/9=0x8e38e38e38e38e38e38e38e38e38e38d842841d57dd303af6a9150f8e5737996
1/10=0xb33333333333333333333333333333324f7a676e477fa35d0646756291bf9414
1/11=0xa2e8ba2e8ba2e8ba2e8ba2e8ba2e8ba219b51835b55cc30ebfe2f6599bc56f58
1/12=0xeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa980759fd3760292e16fd62c011431bbd1
1/13=0x13b13b13b13b13b13b13b13b13b13b139834d5ea5c40a9dd3623dfe3727a53ca
1/14=0xa4924924924924924924924924924923c12744dd70aeb02669073cc83cb529f3
1/15=0x22222222222222222222222222222221f6c1fb51f53ce22a19938412c66da24d
1/16=0xeffffffffffffffffffffffffffffffecf03ef184454163803d538a40332dd2d
...
1/128=0x7dffffffffffffffffffffffffffffff5fe210b98a45bedd68698a894e7ab41e
1/129=0xa4b692da4b692da4b692da4b692da4b5c18a4ea054ff19b357b30348bd881e14
1/130=0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
1/131=0x7b1d501f44659e4a427157f05dcd30da4254182896bd4f03546ef0e3f6b28500
1/132=0xb83e0f83e0f83e0f83e0f83e0f83e0f753ee5548eea2d0690fdf28e557c9f4c8
1/133=0xe8e6fa39be8e6fa39be8e6fa39be8e6e7ba4dc37e2d648a225da5604eb9f12f2
1/134=0x05bb39503d226357e16ece540f4898d5f11332cbd9e4f81fe7a346e495db0176
1/135=0xe759203cae759203cae759203cae7590ddcd6e80d38035c802aef0f1080384ed
...
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413d=0x3fffffffffffffffffffffffffffffffaeabb739abd2280eeff497a3340d9050
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e=0x55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f=0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140
Quote
Code:
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
^repeated pattern^ |<---- 130 bits --->|
thank you!
Hi there.
Puzzle 130 was solved, but I don't know which script or technique was used
Anyway, gratz to the solver
Puzzle 130 was solved, but I don't know which script or technique was used
Anyway, gratz to the solver
It is just an inversion of 0x82, nothing special.
Well, thanks, I was too hasty this time. Quote
Code:
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
^repeated pattern^ |<---- 130 bits --->|
I can't understand special values
Which values? All values are special ;-) First 3 signatures use Satoshi private key #1 as a nonce, but signed real messages (not random). Nobody noticed?
The fourth signature signs again real message, and with the same key also a private key of Puzzle #130 as input, there is no "why", that's an intention.
Code:
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
^repeated pattern^ |<---- 130 bits --->|
Public Key 0x40f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb, 0x28c29cc6ec6f2ddf9f54f32da1ea727de71c2ef168528475f5233ba28c06c4a8
Interesting, right?
Code:
r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = SHA256('This is test 4.')
r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130
Interesting, right?
Recovered Bitcoin public key: 0240f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb
Bitcoin Address: 1AaEnbgVCKmG7RM8KYxjiQ2xaqn4NmyA7a
r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = 0x9cabe7317b243f04a211a282035b96caa14d646dc32ba0e326f52d43cef07d8c
why z2 will be Private key for Puzzle #130 ??
Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you
Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.
It looks like you all are crazy for nonces and signatures, so I have some special values for you
Code:
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=SHA256('This is test 1.')
PubKey=0x3e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de, 0x7903116327cab6891b810588e4c909273c7eb013aea2162fa63afa1f11562b3a
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=SHA256('This is test 2.')
PubKey=0xc79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081, 0x525bd76c21c8e2d45725a378c973a646d5971acd8f240322e5f1fdf0ed4f8589
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=SHA256('This is test 3.')
PubKey=0xc03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84, 0x97ffbac6bec2de2b8d9f9bcaeced8e56abdd0b3996b48153cf0a1a92dc2d5529
Recovered Bitcoin public key: 023e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de
Bitcoin Address: 1ak61eAXk4bxNbovZuqh4f1PxBaf1VUBV
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=0xe0f6c07e19eb2dfa2e0c3586a2a9f4b225dba10c353fc354baa2dabcc9d42051
---
Recovered Bitcoin public key: 03c79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081
Bitcoin Address: 1GLKrFmj8eUsHS7s91PTMh2L6rPtF1RzNj
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=0x48ef5d298a862b6f74338ebb5281f5212d8221a2fd8cce827be72779bffd25dd
---
Recovered Bitcoin public key: 03c03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84
Bitcoin Address: 17aj9BWZyDTqr6UnK7LScoCHdsbFRT6LZG
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=0x1e6a32d38fb096d19ad46186c6299f82b7bfd5a92d0d3b17142e8ff18b75e358
I can't understand special values
Public Key 0x40f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb, 0x28c29cc6ec6f2ddf9f54f32da1ea727de71c2ef168528475f5233ba28c06c4a8
Interesting, right?
Code:
r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = SHA256('This is test 4.')
r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130
Interesting, right?
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
Code:
N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
def inv(a):
return pow(a, N - 2, N)
r1 = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s1 = 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z1 = 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
HA = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 * inv(0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2)
HA = HA % N
print("HA: %064x" % HA )
r2 = 0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2 * HA
s2 = 0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11 * HA
z2 = 0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a * HA
z2 = z2 - s2
r2 = r2 % N
s2 = s2 % N
z2 = z2 % N
print("r1= 0x%064x " % r1 )
print("s1= 0x%064x " % s1 )
print("z1= 0x%064x " % z1 )
print("r2= 0x%064x " % r2 )
print("s2= 0x%064x " % s2 )
print("z2= 0x%064x " % z2 )
output:
HA: e809a06f968e72e232e96f55e26f809d22d922681acca6904f12c4ba1b53018d
r1 = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s1 = 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z1 = 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
r2= 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s2= 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z2= 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
r1 = r2 , s1 = s2 , z1 = z2 .......Your 2 rsz are from the same rsz
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
no....bruteforce nonce k , that is impossible
It's seem use 1 rsz convert to 2 rsz
even know that
k2 = k1 + 1
I still can't recovery private key
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
sorry......I can't recovery private key for this 2 rsz
my result:
k1 = 0
k2 = 1
Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address: 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe
Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address: 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz
show your private key .. ??
You try bruteforce 02d7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 ?
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
sorry......I can't recovery private key for this 2 rsz
my result:
k1 = 0
k2 = 1
Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address: 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe
Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address: 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz
show your private key .. ??
Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70
I had edit my post ~~ fix it #130
public key 0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3
and Provide 5 sets of my own generated rsz for #130
# 130 rsz 1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9
# 130 rsz 2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2
# 130 rsz 3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e
# 130 rsz 4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632
# 130 rsz 5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04
1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua
the same r value , we can recovery private key ........
These are not as easy as you may think.but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...
But we need to know the bits of k , from every set of r s z .........
But we need to know the bits of k , from every set of r s z .........
Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you
Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.
It looks like you all are crazy for nonces and signatures, so I have some special values for you
Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.
the same r value , we can recovery private key ........
but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...
But we need to know the bits of k , from every set of r s z .........
if anyone can know the bits of k from every r s z and public key , all bitcoin address that leaks the public key can recovery private key
Of course, currently only 252 bit k can be recovery by the lattice attack.
https://githubhelp.com/bitlogik/lattice-attack/issues/2
The authors of the lattice-attack mentioned that they were also unable to crack more than k > 252 bits~~~
For the topic "down to 2 bits", note that we never found a private key using our LatticeAttack software below 4 know bits, hence the restriction put in place that prevent the user to run it with lower than 4 bits. But we never performed long running time. Using higher RECOVERY_SEQUENCE "effort" block size, combined with a loop "-l" can be a way to recover key with 3 or even 2 bits. That would just require long running times (several hours), and no guarantee of result.
Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you
Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.
It looks like you all are crazy for nonces and signatures, so I have some special values for you
Code:
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=SHA256('This is test 1.')
PubKey=0x3e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de, 0x7903116327cab6891b810588e4c909273c7eb013aea2162fa63afa1f11562b3a
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=SHA256('This is test 2.')
PubKey=0xc79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081, 0x525bd76c21c8e2d45725a378c973a646d5971acd8f240322e5f1fdf0ed4f8589
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=SHA256('This is test 3.')
PubKey=0xc03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84, 0x97ffbac6bec2de2b8d9f9bcaeced8e56abdd0b3996b48153cf0a1a92dc2d5529
would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you
https://bitcointalk.org/index.php?topic=5394249.100
read it ....... garlonicon share his source code
Even if I have 100,000 puzzle #130 r , s, z
I still can't use lattice-attack crack ....Because the generated rsz and k values are unknown....
I used my private key and public key to see nonce K value ...
From the probability, more than 50% is a 256-bit nonce K value ~~ It must be 252 bit or less bit ......
Unless you can know from these 100,000 rsz which nonce k bits are less than 252 bit , and select 88 group for lattice attack...
This probability is lower than guessing any Bitcoin private key
N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
if N <= 252 bit , we can use #130 public key to produce 70 ~ 100 fake rsz , and ECDSA will broken ~~~ Now, ECDSA is still safe
I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months
# 130 Although only one rsz is know , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits
50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit
However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use lattice-attack
# 130 Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70
create #130 rsz
# 130 Although only one rsz is know , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits
50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit
However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use lattice-attack
# 130 Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70
create #130 rsz
Code:
# 130 rsz 1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9
# 130 rsz 2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2
# 130 rsz 3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e
# 130 rsz 4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632
# 130 rsz 5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04
....
....
....
would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you
I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months
# 130 Although only 1 rsz is known , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits
50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit
However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use lattice-attack
# 130 Public Key ( Fix 2024/06/25 )
0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3
Address: 1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua
I create some rsz as #130 , these are address "1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua" and the public keys are #130 public key
# 130 Although only 1 rsz is known , but 1000 rsz can be produced using the public key, the nonce K value will be 240~256 bits
50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit
However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use lattice-attack
# 130 Public Key ( Fix 2024/06/25 )
0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3
Address: 1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua
I create some rsz as #130 , these are address "1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua" and the public keys are #130 public key
Code:
# 130 rsz 1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9
# 130 rsz 2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2
# 130 rsz 3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e
# 130 rsz 4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632
# 130 rsz 5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04
....
....
....
Offtop, how if your twist attack?
thats done. awhile ago.
Offtop, how if your twist attack?
Saw some comments of users looking for R,S,Z Signatures and public key sample for research purposes.
So i created a script where you can have a little more details than you need. Its a simple script so you can do your various research that you wish on ECDSA Secp256k1 signatures.
you can download it here. https://github.com/KrashKrash/ecdsa-rsz-signature
just a little more info for you who are just starting out to do the research, some call it z, some call it message(hash) some just call it h. but it means the same thing.
message or m = the original message
H(m) or h or z = the hash of the message
H(m), h or z depending on who you talk to, is the hash of the message. same meaning.
I just want to have this information out here so you don't waste your time thinking what is h and what is z. Good luck on your research.
So i created a script where you can have a little more details than you need. Its a simple script so you can do your various research that you wish on ECDSA Secp256k1 signatures.
you can download it here. https://github.com/KrashKrash/ecdsa-rsz-signature
Code:
=== ECDSA Signature Details ===
BTC Address: 1JvF4Bn4yF6GThYEA7pfhp3j8Xb6wu2t8D
Private Key: edb01804beb2e95898648ae87f1fa072d53b3b6f4564e092065bac907f063b9d
Signature (r, s, z):
r: 634e6e5d85360927c64d66bdd616dc58ac6b72cd22fac01c544236b63734ad35
s: 7fe9088b3849cddb82f38ef9244a06c413addb38031ee01a38e675ff28579d8a
z: 6ad532092bb3f4ee012e61df35c95efc7d9e9fa5653c371bc843fa4b3627f01f
k (nonce): 695e5e4c01e8ac9d77b7ecdd9881d50bb397ff7e54e082240a19b714c4de7ef8
PubKey: 034f966cdcc502d17876270349736f6a20f13edb5eccb5a92d1c702a0e059a9ba9
Signature Verification: Valid
just a little more info for you who are just starting out to do the research, some call it z, some call it message(hash) some just call it h. but it means the same thing.
message or m = the original message
H(m) or h or z = the hash of the message
H(m), h or z depending on who you talk to, is the hash of the message. same meaning.
I just want to have this information out here so you don't waste your time thinking what is h and what is z. Good luck on your research.
Jump to: