Bitcoin Forum>Bitcoin>Development & Technical Discussion
Pages:
Author

Topic: Searching for K nonce - page 5. (Read 863 times)

krashfire
jr. member
Activity: 96
Merit: 6
Life aint interesting without any cuts and bruises
Re: Searching for K nonce
April 12, 2024, 04:49:21 AM
#1
I had made a little change in my code. im just hoping i could receive some advice on whether my method here is more efficient or sound?

i got really lucky because i was told that 6 weeks was really fast. but.. i am hoping to go faster.

so my question is,

 please take a look at my code in sagemath, and see what i might have miss out or can improve to make it much better?

and while im here, i was told the u1 value some sort of give a "hint" on the k nonce. i realise that it just really is the real mod n of k nonce only but its not k nonce itself,

please check my code to see where i can improve. thank you.


Code:


import random
p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

E = EllipticCurve(GF(p), [0, 7])

G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8))   # Base point

r=0x
s=0x
z=0x

def egcd(a, b):

    if a == 0:

        return (b, 0, 1)

    else:

        g, y, x = egcd(b % a, a)

        return (g, x - (b // a) * y, y)
def modinv(a, m):

    g, x, y = egcd(a, m)

    if g != 1:

        raise Exception('modular inverse does not exist')

    else:

        return x % m
def make_public(r,s,z):
    R = E.lift_x(Integer(r))
    w = int(modinv(s, n))
    u1 = int((z * w) % n)
    u2 = int((r * w) % n)
    #R=u1*G + u2*public_key
    #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n
    u_n2=modinv(u2,n)%n
    u_n1=- u1*modinv(u2,n)%n
    
    pub=u_n1*G + u_n2*R
    pub2=u_n1*G + u_n2*(-R)
    return pub,pub2

def verify(r, s,z,public_key):
    w = int(modinv(s, n))
    u1 = int((z * w) % n)
    u2 = int((r * w) % n)
    D=u1*G + u2*public_key
    x,y=D.xy()
    x=int(x)

    if (r % n) == (x % n):
        print( "signature matches")
         
    else:
        print("invalid signature")
           
def calc_u(r,s,z):
    mod_s= modinv(s,n)%n
    u1=mod_s*z%n
    u2=mod_s*r%n
    print("u1==",u1,"n-u1=",n-u1)
    print("u2==",u2,"n-u2=",n-u2)
    return u1,u2
u1, u2 = calc_u(r,s,z)

pub1,pub2=make_public(r,s,z)
print("public_key1",pub1)
print("pub1_x=",hex(pub1.xy()[0]))
print("public_key2",pub2)
print("pub2_x=",hex(pub2.xy()[0]))
verify(r,s,z,pub1)
verify(r,s,z,pub2)
print()

# Find the real mod n for k and K nonce

for i in range(1, n):
    k = (r * i + z) * modinv(s, n) % n
    R = E.lift_x(Integer(r))
    K = k * G
    u1 = (modinv(s, n) * z) % n
    u2 = (modinv(s, n) * r) % n
    if K == (u1 * G + u2 * R):
        print("Found real k:", k)
        break


Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: