Author

Topic: R,S,Z , K nonce and public key Signature samples (Read 765 times)

newbie
Activity: 14
Merit: 0
I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only one rsz  is  know , but 1000 rsz can be produced using the public key,  the nonce K value will be 240~256 bits


would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you

Friend, give me a code that allows you to create 1000 rsz using a public key.
copper member
Activity: 821
Merit: 1992
Quote
can you share more numbers
Just use inversion, and get some ECC calculator:
Code:
1/2=0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1
1/3=0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9d1c9e899ca306ad27fe1945de0242b81
1/4=0xbfffffffffffffffffffffffffffffff0c0325ad0376782ccfddc6e99c28b0f1
1/5=0x66666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7
1/6=0xd5555555555555555555555555555554463c62c03cbc85871fd9f975582d3661
1/7=0x49249249249249249249249249249248c79facd43214c011123c1b03a93412a5
1/8=0xdffffffffffffffffffffffffffffffee3590149d95f8c3447d812bb362f7919
1/9=0x8e38e38e38e38e38e38e38e38e38e38d842841d57dd303af6a9150f8e5737996
1/10=0xb33333333333333333333333333333324f7a676e477fa35d0646756291bf9414
1/11=0xa2e8ba2e8ba2e8ba2e8ba2e8ba2e8ba219b51835b55cc30ebfe2f6599bc56f58
1/12=0xeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa980759fd3760292e16fd62c011431bbd1
1/13=0x13b13b13b13b13b13b13b13b13b13b139834d5ea5c40a9dd3623dfe3727a53ca
1/14=0xa4924924924924924924924924924923c12744dd70aeb02669073cc83cb529f3
1/15=0x22222222222222222222222222222221f6c1fb51f53ce22a19938412c66da24d
1/16=0xeffffffffffffffffffffffffffffffecf03ef184454163803d538a40332dd2d
...
1/128=0x7dffffffffffffffffffffffffffffff5fe210b98a45bedd68698a894e7ab41e
1/129=0xa4b692da4b692da4b692da4b692da4b5c18a4ea054ff19b357b30348bd881e14
1/130=0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
1/131=0x7b1d501f44659e4a427157f05dcd30da4254182896bd4f03546ef0e3f6b28500
1/132=0xb83e0f83e0f83e0f83e0f83e0f83e0f753ee5548eea2d0690fdf28e557c9f4c8
1/133=0xe8e6fa39be8e6fa39be8e6fa39be8e6e7ba4dc37e2d648a225da5604eb9f12f2
1/134=0x05bb39503d226357e16ece540f4898d5f11332cbd9e4f81fe7a346e495db0176
1/135=0xe759203cae759203cae759203cae7590ddcd6e80d38035c802aef0f1080384ed
...
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413d=0x3fffffffffffffffffffffffffffffffaeabb739abd2280eeff497a3340d9050
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e=0x55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f=0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
1/0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140
For example: https://www.boxentriq.com/code-breaking/big-number-calculator
jr. member
Activity: 43
Merit: 1
Quote
Code:
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
            ^repeated pattern^        |<----       130 bits       --->|
It is just an inversion of 0x82, nothing special. If you multiply 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e by 0x82, you will get 0x1affffffffffffffffffffffffffffffddb0714c547ca8e64d3b2ff8d9f5b8e1dc as a result, which is equal to one, if you apply modulo n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 on that.
can you share more numbers like 0x1affffffffffffffffffffffffffffffddb0714c547ca8e64d3b2ff8d9f5b8e1dc
thank you!
jr. member
Activity: 47
Merit: 13
Hi there.

Puzzle 130 was solved, but I don't know which script or technique was used  Huh

Anyway, gratz to the solver  Smiley
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
newbie
Activity: 5
Merit: 0
It is just an inversion of 0x82, nothing special.
Well, thanks, I was too hasty this time.
copper member
Activity: 821
Merit: 1992
Quote
Code:
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
            ^repeated pattern^        |<----       130 bits       --->|
It is just an inversion of 0x82, nothing special. If you multiply 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e by 0x82, you will get 0x1affffffffffffffffffffffffffffffddb0714c547ca8e64d3b2ff8d9f5b8e1dc as a result, which is equal to one, if you apply modulo n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 on that.
newbie
Activity: 5
Merit: 0
I can't understand  special values
Which values? All values are special ;-)
First 3 signatures use Satoshi private key #1 as a nonce, but signed real messages (not random). Nobody noticed?
The fourth signature signs again real message, and with the same key also a private key of Puzzle #130 as input, there is no "why", that's an intention.

And finally the value of s2 shows the weakness of the private key here:
Code:
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
            ^repeated pattern^        |<----       130 bits       --->|

jr. member
Activity: 82
Merit: 8
Public Key 0x40f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb, 0x28c29cc6ec6f2ddf9f54f32da1ea727de71c2ef168528475f5233ba28c06c4a8

Code:
r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = SHA256('This is test 4.')

r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130

Interesting, right?
 

Recovered Bitcoin public key: 0240f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb
Bitcoin Address: 1AaEnbgVCKmG7RM8KYxjiQ2xaqn4NmyA7a

r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = 0x9cabe7317b243f04a211a282035b96caa14d646dc32ba0e326f52d43cef07d8c

why z2 will be Private key for Puzzle #130   ??
jr. member
Activity: 82
Merit: 8
Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you  Wink

Code:
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=SHA256('This is test 1.')
PubKey=0x3e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de, 0x7903116327cab6891b810588e4c909273c7eb013aea2162fa63afa1f11562b3a

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=SHA256('This is test 2.')
PubKey=0xc79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081, 0x525bd76c21c8e2d45725a378c973a646d5971acd8f240322e5f1fdf0ed4f8589

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=SHA256('This is test 3.')
PubKey=0xc03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84, 0x97ffbac6bec2de2b8d9f9bcaeced8e56abdd0b3996b48153cf0a1a92dc2d5529

Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.


Recovered Bitcoin public key: 023e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de
Bitcoin Address: 1ak61eAXk4bxNbovZuqh4f1PxBaf1VUBV
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=0xe0f6c07e19eb2dfa2e0c3586a2a9f4b225dba10c353fc354baa2dabcc9d42051

---
Recovered Bitcoin public key: 03c79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081
Bitcoin Address: 1GLKrFmj8eUsHS7s91PTMh2L6rPtF1RzNj
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=0x48ef5d298a862b6f74338ebb5281f5212d8221a2fd8cce827be72779bffd25dd

---
Recovered Bitcoin public key: 03c03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84
Bitcoin Address: 17aj9BWZyDTqr6UnK7LScoCHdsbFRT6LZG
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=0x1e6a32d38fb096d19ad46186c6299f82b7bfd5a92d0d3b17142e8ff18b75e358

I can't understand  special values
newbie
Activity: 5
Merit: 0
Public Key 0x40f08294791bb07e908196847f79ad162ba0dff28eb312b1669ee2c8a72f7bfb, 0x28c29cc6ec6f2ddf9f54f32da1ea727de71c2ef168528475f5233ba28c06c4a8

Code:
r1 = 0x7029db68c1420fe2d41c1fd7b86ea0739bc8e6d0a7c58f754b93e5ff6c8040
s1 = 0xdbe4b484c838fce2aa65d85901f94f6fad6ad5f604d805c30ce05c58371c6991
z1 = SHA256('This is test 4.')

r2 = 0xdfb77cd83e2251dc96caad4c45cf98fcf76b8c24aa349c2dbba548029571331f
s2 = 0x352b52b52b52b52b52b52b52b52b52b4e7c1db2bf914fdd54560dc7fb517156e
z2 = Private key for Puzzle #130

Interesting, right?
 
jr. member
Activity: 82
Merit: 8
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a


Code:
N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

def inv(a):
    return pow(a, N - 2, N)
    
r1 = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s1 = 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z1 = 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

HA = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 * inv(0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2)
HA = HA % N
print("HA:  %064x" % HA )

r2 = 0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2 * HA
s2 = 0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11 * HA
z2 = 0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a * HA

z2 = z2 - s2
r2 = r2 % N
s2 = s2 % N
z2 = z2 % N

print("r1= 0x%064x " % r1 )
print("s1= 0x%064x " % s1 )
print("z1= 0x%064x " % z1 )
print("r2= 0x%064x " % r2 )
print("s2= 0x%064x " % s2 )
print("z2= 0x%064x " % z2 )

output:
HA:  e809a06f968e72e232e96f55e26f809d22d922681acca6904f12c4ba1b53018d
r1 = 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s1 = 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z1 = 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
r2= 0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s2= 0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z2= 0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

r1 = r2 ,   s1 = s2 ,    z1 = z2 .......Your 2 rsz are from the same rsz  Cry Cry Cry
jr. member
Activity: 82
Merit: 8
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b
# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
You try bruteforce 02d7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 ?

no....bruteforce nonce k  , that is impossible

It's seem use 1  rsz  convert  to 2 rsz 
even know that
 k2 = k1 + 1
I still can't recovery private key
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
With k2 = k1 + 1.

sorry......I can't recovery private key for this 2 rsz

my result:
k1 = 0
k2 = 1

Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address: 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe

Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address: 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz

show your private key .. ??



You try bruteforce 02d7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410 ?


jr. member
Activity: 82
Merit: 8
Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
With k2 = k1 + 1.

sorry......I can't recovery private key for this 2 rsz

my result:
k1 = 0
k2 = 1

Recovered Bitcoin public key: 028629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404
Bitcoin Address: 1Ln1NYjtCamBG2UZDTKcHqcaNLP8TUrKFe

Recovered Bitcoin public key: 0395c632a7af384a67104afd5b6a4a5d882e782d232519c59084f0744d08093876
Bitcoin Address: 1P5TaCC8ZQohntb3NwRXQE5zFzB2De2Dvz

show your private key .. ??
jr. member
Activity: 82
Merit: 8
Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

I had edit my post ~~ fix it  #130
public key 0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3

and Provide 5 sets of my own generated rsz for #130

# 130   rsz  1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130   rsz  2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130   rsz  3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130   rsz  4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130   rsz  5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

  1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua
newbie
Activity: 5
Merit: 0
the same r value , we can recovery private key ........
These are not as easy as you may think.

but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...

But we need to know the bits of  k , from every set of r s z .........

Well, then I have two more for you, but this public key doesn't point to the puzzle #130 it seems...
# Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

Code:
# rsz 1
r=0xd7232c0eed9a80a6e53d74b57d80cd892816b46c69157f8e543ee76dc21f8410
s=0xe6665792427b98ebd93cd43f694e03383c84af34b00e5f471c5cec5a24541808
z=0xc3479c8d5591597a4b12018ccacd0215528e584aa18125d63fac5c0c0c92588b

# rsz 2
r=0xafc4670c63a5677641ba51b0eb413f7d8be3cfeb100f2c2097eb57dd673d58c2
s=0xe14e5906641085412561a083c002b76d6ac5a54372a9c811edc9e3b86b2dde11
z=0x1b636df9eef267995d6918047ba3bafca25f693a47ff73c7c0d500cd4aa9783a
With k2 = k1 + 1.

jr. member
Activity: 82
Merit: 8
Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you  Wink
Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.

the same r value , we can recovery private key ........

but we are interested in recovering the private key of #puzzle 130 from a large set of r s z and public key ...

But we need to know the bits of  k , from every set of r s z .........

if anyone can know the bits of k from every r s z and public key  ,  all bitcoin address that leaks the public key can recovery private key

Of course, currently only 252 bit k can be recovery by the lattice attack.

https://githubhelp.com/bitlogik/lattice-attack/issues/2 
The authors of the lattice-attack mentioned that they were also unable to crack more than k > 252 bits~~~

For the topic "down to 2 bits", note that we never found a private key using our LatticeAttack software below 4 know bits, hence the restriction put in place that prevent the user to run it with lower than 4 bits. But we never performed long running time. Using higher RECOVERY_SEQUENCE "effort" block size, combined with a loop "-l" can be a way to recover key with 3 or even 2 bits. That would just require long running times (several hours), and no guarantee of result.

newbie
Activity: 5
Merit: 0
Hi there!
It looks like you all are crazy for nonces and signatures, so I have some special values for you  Wink

Code:
r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x24c8a42e8fe11d670633fa66ebedb1672c71a517a30cbbaa9e14f2d5a15a3783
z=SHA256('This is test 1.')
PubKey=0x3e42b3151f310f5f417f11b4c32d8360b22109dcc6432339243332b56cd596de, 0x7903116327cab6891b810588e4c909273c7eb013aea2162fa63afa1f11562b3a

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0x768a0e3b0cfb3c8d9b7899f59f480555176ef25eefa1e96d3ac575ba4ffe85fd
z=SHA256('This is test 2.')
PubKey=0xc79fa242694e3148c8d50e667010e0c221f6004d108692c5040ff139595ed081, 0x525bd76c21c8e2d45725a378c973a646d5971acd8f240322e5f1fdf0ed4f8589

r=0x678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6
s=0xd17c5ed9fb37692cd152f381c4a3f16a896f96d26100310fe818d6963c402b25
z=SHA256('This is test 3.')
PubKey=0xc03657988e2baf31a1a1061a87fa3da20f166dc8a22c02658f6d325dec722d84, 0x97ffbac6bec2de2b8d9f9bcaeced8e56abdd0b3996b48153cf0a1a92dc2d5529

Btw. I think that those who do serious research of this topic do not need your script, but all contributions are welcome, of course.
jr. member
Activity: 82
Merit: 8
would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you


https://bitcointalk.org/index.php?topic=5394249.100

read it ....... garlonicon share his source code
Even if I have 100,000 puzzle #130 r , s, z
I still can't use lattice-attack crack ....Because the generated rsz and k values ​​are unknown....
I used my private key and public key to see nonce  K value ...

From the probability, more than 50% is a 256-bit nonce K value ~~ It must be 252 bit or less bit ......
Unless you can know from these 100,000 rsz which nonce k bits are less than 252 bit , and select 88 group for lattice attack...
This probability is lower than guessing any Bitcoin private key   Cry Cry

N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

if N <= 252 bit , we can use  #130 public key to produce 70 ~ 100  fake rsz ,  and  ECDSA  will broken ~~~ Now, ECDSA is still safe

member
Activity: 127
Merit: 14
Life aint interesting without any cuts and bruises
I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only one rsz  is  know , but 1000 rsz can be produced using the public key,  the nonce K value will be 240~256 bits

50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit

However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use  lattice-attack

# 130  Public Key
0x8629507d9eef1748ec67ca2c4ab641fa0951d7f0bb0cf226f1c0f465a4e29404, 0x2237204a53021490adfec9f0b3f0732f5024181d50fde2dcfc7a428c992b8d70

create #130 rsz   
Code:
# 130   rsz  1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130   rsz  2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130   rsz  3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130   rsz  4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130   rsz  5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

....
....
....




would you mind sharing your code on how you leak the RSZ and how you create more sample for the given public key. thank you
jr. member
Activity: 82
Merit: 8
I have been learning about ECDSA ( r s z, public key ,private key ) for about 2 months

# 130 Although only 1  rsz  is  known , but 1000 rsz can be produced using the public key,  the nonce K value will be 240~256 bits

50% - nonce is 256 bit
25% - nonce is 254 bit
25% - nonce is 253~240 bit

However, more than 64 rsz must be leaked at the same time to leak more than 12 bits to use  lattice-attack

# 130  Public Key ( Fix  2024/06/25 )
0x633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852, 0xb078a17cc1558a9a4fa0b406f194c9a2b71d9a61424b533ceefe27408b3191e3

Address:    1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua

I create some rsz as #130 , these are address  "1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua"  and the public keys are #130 public key
 
Code:
# 130   rsz  1
r=0x56a37728d3036203ba57a2399ba282351b55e7b7a2660080a510732f373f18f8
s=0x6bf0c1501792f3184866f56a82b69ad17cb169105ed85350ca30f3e2070e032e
z=0x0042fe8868fbfa3d16b603af849bb81a35d6292651ab36a23af4c427d4265bf9

# 130   rsz  2
r=0x84812aade108ee63f12098f31e0819b36fcd4a4433fdbd29dbc8d94082e1a822
s=0xa7da5a2552d02a4551a23381fe4bcca9f1108d66cb0137712d9325d2a1fe4b4a
z=0x50825e90bcae246a62602d3719d895da1108545b3c09527ed1dbf599034cf0a2

# 130   rsz  3
r=0x1567a88d2dc54158afc135433f5bd7cb673a73ecd978626504fa7a972fc88eb0
s=0x0340b27310b89895c166c839b5a27fd6de1a271a8765de608c07e96539827850
z=0x503f919c88920407436211529abf8f8d2459d8aec963181dbaf822e20f162d0e

# 130   rsz  4
r=0x3facca914bf602c454b2e1332e4bd9db3482cdc648bc9f79328fed36de7babca
s=0xfe9797f9323c74e8b5d91937c4ea704f0a73e3aae536d8f051e7c77214a4a5a9
z=0xdde32a1d171f66168bc88211c5bbd1f0de2bc8aa504b70af8591f7619b6a3632

# 130   rsz  5
r=0x63444d8aa42965428ea68fa74976fe38772ba59e6e1b4f8682e6f6178ee4c1e9
s=0x33f53e75c58b289d094932407c4f1eac3156a0029c9a33f257485a0c3b5b497d
z=0xfe4573a2009e9f7985f8f366949757f001aaccc81da635ea3868c1d70b9a2e04

....
....
....


member
Activity: 127
Merit: 14
Life aint interesting without any cuts and bruises
Offtop, how if your twist attack?
thats done. awhile ago.
jr. member
Activity: 43
Merit: 1
Offtop, how if your twist attack?
member
Activity: 127
Merit: 14
Life aint interesting without any cuts and bruises
Saw some comments of users looking for R,S,Z Signatures and public key sample for research purposes.

So i created a script where you can have a little more details than you need. Its a simple script so you can do your various research that you wish on ECDSA Secp256k1 signatures.

you can download it here. https://github.com/KrashKrash/ecdsa-rsz-signature

Code:

=== ECDSA Signature Details ===

BTC Address: 1JvF4Bn4yF6GThYEA7pfhp3j8Xb6wu2t8D
Private Key: edb01804beb2e95898648ae87f1fa072d53b3b6f4564e092065bac907f063b9d

Signature (r, s, z):
  r: 634e6e5d85360927c64d66bdd616dc58ac6b72cd22fac01c544236b63734ad35
  s: 7fe9088b3849cddb82f38ef9244a06c413addb38031ee01a38e675ff28579d8a
  z: 6ad532092bb3f4ee012e61df35c95efc7d9e9fa5653c371bc843fa4b3627f01f
  k (nonce): 695e5e4c01e8ac9d77b7ecdd9881d50bb397ff7e54e082240a19b714c4de7ef8
PubKey: 034f966cdcc502d17876270349736f6a20f13edb5eccb5a92d1c702a0e059a9ba9

Signature Verification: Valid



just a little more info for you who are just starting out to do the research, some call it z, some call it message(hash) some just call it h. but it means the same thing.

message or m  = the original message
H(m) or h or z = the hash of the message
H(m), h or z depending on who you talk to, is the hash of the message. same meaning.

I just want to have this information out here so you don't waste your time thinking what is h and what is z. Good luck on your research.
Jump to: