Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: COBRAS on March 16, 2021, 10:57:52 PM



Title: Help please. How to run this code for bitcoin ?
Post by: COBRAS on March 16, 2021, 10:57:52 PM
ECDSA with Partially Known Nonces

https://github.com/malb/bdd-predicate


Code was used not understand for me input data

I think code can provide interesting experiments.

Br.


Title: Re: Help please. How to run this code for bitcoin ?
Post by: NotATether on March 17, 2021, 06:58:37 AM
I read the source and it looks like this tool is using some kind of lattice attack[1][2] against weak k nonces that aren't "uniformly generated at random" (to quote the paper below)

You won't get great performance out of this though, because it's a CPU implementation with no GPU acceleration. Even the abstract of Breitner and Heninger (2019) (https://www.researchgate.net/publication/336437771_Biased_Nonce_Sense_Lattice_Attacks_Against_Weak_ECDSA_Signatures_in_Cryptocurrencies) says they only computed hundreds of bitcoin private keys with this software so obviously the speed is not great (in the millions/second range that we are all used to).


[1]: https://en.wikipedia.org/wiki/Lattice-based_cryptography
[2]: https://crypto.stackexchange.com/questions/26547/how-can-a-lattice-attack-be-applied-to-ecdsa-signatures