Bitcoin Forum

Economy => Digital goods => Topic started by: interiawp on October 23, 2021, 07:11:08 PM


Title: del
Post by: interiawp on October 23, 2021, 07:11:08 PM
del

Title: Re: python/sage script for sell
Post by: mamuu on October 23, 2021, 07:39:02 PM
Hi

Code:
example : 
141 bit pub key : 027765d6d5f593e63936d8200508040520927334e5facf0624bb577e1bf379c925


237 bit start : 204238422632563516529542231428170520420288375567849687937360593336821455
237 bit end : 204238422632563516529542231430958113570104703460541652721441638525069007

You can create a signature any way you want.
can you solve it if possible?

Title: Re: python/sage script for sell
Post by: a.a on October 23, 2021, 07:55:08 PM
Why not steal from some big wallet a small amount?

Title: Re: python/sage script for sell
Post by: COBRAS on October 23, 2021, 08:09:18 PM
Quote from: interiawp on October 23, 2021, 07:11:08 PM
Hello All

I will sell script for decode secp256k1 (privatekeys and nonces)

WARNING!

it works up to 240 bit.

Example:

we have 70 transaction from one pubkey

70 x ( r,s,z) where  nonce and privatekey cannot be more than 240 bit!

then we can recalculate nonces and privatekey!

if someone want just pm !

Proof of work ?


Title: Re: python/sage script for sell
Post by: COBRAS on October 23, 2021, 08:41:38 PM
Quote from: interiawp on October 23, 2021, 08:18:05 PM
yes, prepare at least 70 transaction with info where k less than 240 bit and private key less than 240 bit

and paste here like:

r1,s1,z1  pubkey
r2,s2,z2  pubkey

and so on...


or better for me :

make btc address with 0,1 byc ot 1 btc on account
make fake transaction as r,s,z as above:)

then it will be proof:)

of couse it works even for 254 bit -> but needs about 3k-5k transaction.

we have 8 barrier in secp256k1:

barrier one : 127 bit
barrier two : 130 bit
barrier three: 175 bit
barrier four : 240 bit
barrier five: : 254 bit
barrier six: 255 bit
barrier seven: 255 bit + 2**128 bit
barrier eight : 255 + 254 bit

the problem is not asynchronic, but during sqrt(n) we loose prescision of calculation.



So, you not tested your script ???? )))))

Title: Re: python/sage script for sell
Post by: a.a on October 23, 2021, 08:59:09 PM
Does it only work when secret of transaction is also less than 240 bit?

How many transactions do you need for 128 bit?

And what result do you get when you provide less than 70 transactions?


Title: Re: python/sage script for sell
Post by: COBRAS on October 24, 2021, 01:11:10 AM
Quote from: interiawp on October 23, 2021, 08:48:54 PM
I tested.

but prof of work it means you want to know that is correct. so only way to check that is working is give samples by you.

Never trust if someone talk is work, always check!

70 transactions - https://api.blockchair.com/bitcoin/dashboards/address/1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC?transaction_details=true

Proof please ??
Thx.

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 01:45:35 AM
Oh man... Cobras, are you stupid? He needs at least 70 outgoing transactions from a 240 bit address. Why outgoing you may ask? Because when you sign a transaction you use your privatekey, but when receiving a transaction you use just an address.

So your request is bullshit, because 1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC has supposedly more than a  240 bit privatekey and even if it had 240bit or less, never had any outgoing transaction.

Stop wasting our time Cobras!

Title: Re: python/sage script for sell
Post by: COBRAS on October 24, 2021, 03:11:45 AM
Quote from: a.a on October 24, 2021, 01:45:35 AM
Oh man... Cobras, are you stupid? He needs at least 70 outgoing transactions from a 240 bit address. Why outgoing you may ask? Because when you sign a transaction you use your privatekey, but when receiving a transaction you use just an address.

So your request is bullshit, because 1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC has supposedly more than a  240 bit privatekey and even if it had 240bit or less, never had any outgoing transaction.

Stop wasting our time Cobras!

I show him how to get transaction, this is example. Maybe you stupid ,man....

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 10:55:32 AM
Can you please clarify for Cobras, that it has to be outgoing transactions and not incoming transactions? He is kind of a very slow fella  ;D

Title: Re: python/sage script for sell
Post by: dlystyr on October 24, 2021, 11:05:07 AM
Quote from: interiawp on October 23, 2021, 08:18:05 PM
yes, prepare at least 70 transaction with info where k less than 240 bit and private key less than 240 bit

and paste here like:

r1,s1,z1  pubkey
r2,s2,z2  pubkey

and so on...


or better for me :

make btc address with 0,1 byc ot 1 btc on account
make fake transaction as r,s,z as above:)

then it will be proof:)

of couse it works even for 254 bit -> but needs about 3k-5k transaction.

we have 8 barrier in secp256k1:

barrier one : 127 bit
barrier two : 130 bit
barrier three: 175 bit
barrier four : 240 bit
barrier five: : 254 bit
barrier six: 255 bit
barrier seven: 255 bit + 2**128 bit
barrier eight : 255 + 254 bit

the problem is not asynchronic, but during sqrt(n) we loose prescision of calculation.



Why not prove by taking the funds out of SlushPool wallet then? 41,339 TX's, ~20k Outgoing - https://www.blockchain.com/btc/address/1CK6KHY6MHgYvmRQ4PAafKYDrg1ejbH1cE

Title: Re: python/sage script for sell
Post by: NotATether on October 24, 2021, 11:31:48 AM
Please prove that this script works by providing a private key of a random 120 bit address/pubkey (with output).

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 12:11:46 PM
k = nonce# random.randrange(1, curve.n)

Does this not mean that we reuse the nonce for all transactions?

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 01:24:34 PM
Lets test:

tra1= 1
z1= 80432933230601221097993727756010017129787501550380567129597359178965598318961
r1= 95781203938134771654748299032707231792956540686382340872008587989453366815619
s1= 7534182813406032375639570543805434153582981540120020674256382120866612731545

tra2= 2
z2= 85680514558167908477786333863388893581378252427409848818380410461316229181866
r2= 84387110444751472823093034301289748550849649710026789889116612056105290236666
s2= 15868173206225036603686021099703018179590395525753258826877174594462501530079

tra3= 3
z3= 102548060755430092557032225125812044091702107450760273047035460895048062052718
r3= 27406416767577587294750316503826186048488400834507872051943779772307226633113
s3= 29649827600148630504342805875898663176877984669003820299263529443079802600071

tra4= 4
z4= 112762186256989393169437822071227972337950204496999027396617246293615417123739
r4= 24533641989102775196628594221334796778083883960590329762923456368413461852299
s4= 16882387067703002986567484296970150975533444813169171948956607802923870347023

tra5= 5
z5= 102279196193793343325884084378657993486468399648088512512988733890200957279784
r5= 4186715484844983123419598414866818539075061038431735919514226083013167756155
s5= 8262954510115071207116675186488512957332248957748965006108287723178501039896

tra6= 6
z6= 76599337534901405117822248198667485404482686031169748143178670259003848287439
r6= 15851496704632343532719173064913915530730795724303043380989972174875820919342
s6= 26576261782157862061451463273657755133732897768366490380590654547180621157141

tra7= 7
z7= 74398756248746214977130745318145828522823513476562434939314347317864019408104
r7= 82938562188044339921427613336772663621899602829543541692100956778620655883715
s7= 39276923828201170271310196305299508032465347755337674976758619924891700833905

tra8= 8
z8= 93862483065024393549379332456158503628205024790587502021315239071043175114663
r8= 7411568948143399435509900026903834934761258989831647943158886146811354079538
s8= 23454514152056767665551790603659948673144210777974558960318258587233196371568

tra9= 9
z9= 87212835189063827733529626354248276448977979158329199208629242026076557818917
r9= 20889553213233893265958705672668442429273166902005987737459335431141560894844
s9= 27423452166008738427798130440666854429824905865512438279454635509066007514682

tra10= 10
z10= 83526908368291586317385663590170015031851022781584948450170378394060055282190
r10= 1551267817981681426867155210843143173739922432355325773348926277065615199124
s10= 7684997265909350501172737349863748207353273631798032611769190263974310544153

tra11= 11
z11= 70216054243675114296838106735481510568779895968275843537650562550505875665884
r11= 3576215969366506200887064213959692679458469437850773397125768328709003892693
s11= 8491746974080525764648769152663569501948698616778822026514700690845755846036

tra12= 12
z12= 89733062301906218205525418189137256626216977972801843205374974324400215840828
r12= 97313926167509765235969476588879256253496420668224173139454279120159942879086
s12= 19295737902082704812304176269762588020355607076724374854491642265193141823115

tra13= 13
z13= 96800310781779757299975867336276488799196141063184958927190190798527008705916
r13= 42070356969267196115116156358237620445959087770740309235322030690855700545810
s13= 10926583446370215596799000534456164698973709500742209976903140188036054436449

tra14= 14
z14= 81714449254712760707918304846809454665088582912931981051864732182561582298238
r14= 58073695671307170568419102195235996994583777317992518220245717338070878674156
s14= 19792817965853054888446030958771606050153179370949846426265966672150489443411

tra15= 15
z15= 76759150958316466797868455117596604431612737464895047156570412248139660287052
r15= 94586485973446155887959040710048915448470773770617838635783959877240432721656
s15= 28063041539553628419746310379638058010152764036311466792055721311420803812447

tra16= 16
z16= 92499754792222738144216780989904991819554086516524559478651643395189700685794
r16= 71939545401850453214874187169856165961828003540145583228587282096343059531899
s16= 27303410094905761075542191840103815065728404615300353026335925873266028888452

tra17= 17
z17= 71671985408282064775019373629276105193987188816974581745032636341614355842016
r17= 70383727207956972699666680095479428342891345798684662625048123721946335076625
s17= 47376653716826238909420876991580731676243753307099848962332872802844323211717

tra18= 18
z18= 63591528578379679141238250400599292221541599192036303519731712765210919464422
r18= 45500365351118977211406259758768764026063563859084757156591595546165493014663
s18= 34307171799239851805904487103725658652610855118455933742836940770589902022672

tra19= 19
z19= 107164927559473669756603524613052219740269009154417431689890768133047622836166
r19= 96627369325043872501790129338116851490620103479332311256810063548097534320654
s19= 31968298917126978087049365043290119448833740147636323787180781572364723707202

tra20= 20
z20= 85970834890705013834585655218850010892371629752141337733506872715042255792872
r20= 71829258547144965070289411632492360722073814888969159867632514135612440224933
s20= 17138487813600668308567888594176245081979974822887521540058184000576581472868

tra21= 21
z21= 105716729965293059122180239654378367863923370279795705920594244675929611838995
r21= 66046519851205321846729811244825018910171992561559320851253372782475190437050
s21= 15407097485325905671745310982896688957624093301348612787111637570846813762301

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 01:38:04 PM
I did not save the nonce. I just have the privatekey. Please provide the privatekey

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 01:45:22 PM
strange. It is correct.

Btw. I modified your script:

Code:
import collections
import hashlib
import random
import os

EllipticCurve_1 = collections.namedtuple('EllipticCurve', 'name p a b g n h')

curve = EllipticCurve_1(
    'secp256k1',
    # Field characteristic.
    p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f,
    # Curve coefficients.
    a=0,
    b=7,
    # Base point.
    g=(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
       0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8),
    # Subgroup order.
    n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141,
    # Subgroup cofactor.
    h=1,
)


# Modular arithmetic ##########################################################

def inverse_mod(k, p):
    """Returns the inverse of k modulo p.
    This function returns the only integer x such that (x * k) % p == 1.
    k must be non-zero and p must be a prime.
    """
    if k == 0:
        raise ZeroDivisionError('division by zero')

    if k < 0:
        # k ** -1 = p - (-k) ** -1  (mod p)
        return p - inverse_mod(-k, p)

    # Extended Euclidean algorithm.
    s, old_s = 0, 1
    t, old_t = 1, 0
    r, old_r = p, k

    while r != 0:
        quotient = old_r // r
        old_r, r = r, old_r - quotient * r
        old_s, s = s, old_s - quotient * s
        old_t, t = t, old_t - quotient * t

    gcd, x, y = old_r, old_s, old_t

    assert gcd == 1
    assert (k * x) % p == 1

    return x % p


# Functions that work on curve points #########################################

def is_on_curve(point):
    """Returns True if the given point lies on the elliptic curve."""
    if point is None:
        # None represents the point at infinity.
        return True

    x, y = point

    return (y * y - x * x * x - curve.a * x - curve.b) % curve.p == 0


def point_neg(point):
    """Returns -point."""
    assert is_on_curve(point)

    if point is None:
        # -0 = 0
        return None

    x, y = point
    result = (x, -y % curve.p)

    assert is_on_curve(result)

    return result


def point_add(point1, point2):
    """Returns the result of point1 + point2 according to the group law."""
    assert is_on_curve(point1)
    assert is_on_curve(point2)

    if point1 is None:
        # 0 + point2 = point2
        return point2
    if point2 is None:
        # point1 + 0 = point1
        return point1

    x1, y1 = point1
    x2, y2 = point2

    if x1 == x2 and y1 != y2:
        # point1 + (-point1) = 0
        return None

    if x1 == x2:
        # This is the case point1 == point2.
        m = (3 * x1 * x1 + curve.a) * inverse_mod(2 * y1, curve.p)
    else:
        # This is the case point1 != point2.
        m = (y1 - y2) * inverse_mod(x1 - x2, curve.p)

    x3 = m * m - x1 - x2
    y3 = y1 + m * (x3 - x1)
    result = (x3 % curve.p,
              -y3 % curve.p)

    assert is_on_curve(result)

    return result


def scalar_mult(k, point):
    """Returns k * point computed using the double and point_add algorithm."""
    assert is_on_curve(point)

    if k % curve.n == 0 or point is None:
        return None

    if k < 0:
        # k * point = -k * (-point)
        return scalar_mult(-k, point_neg(point))

    result = None
    addend = point

    while k:
        if k & 1:
            # Add.
            result = point_add(result, addend)

        # Double.
        addend = point_add(addend, addend)

        k >>= 1

    assert is_on_curve(result)

    return result


# Keypair generation and ECDSA ################################################

def make_keypair(private):
    """Generates a random private-public key pair."""
    private_key = private#random.randrange(1, curve.n)
    public_key = scalar_mult(private_key, curve.g)

    return private_key, public_key


def hash_message(message):
    """Returns the truncated SHA512 hash of the message."""
    message_hash = hashlib.sha512(message).digest()
    e = int.from_bytes(message_hash, 'big')

    # FIPS 180 says that when a hash needs to be truncated, the rightmost bits
    # should be discarded.
    z = e >> (e.bit_length() - curve.n.bit_length())

    assert z.bit_length() <= curve.n.bit_length()

    return z


def sign_message(private_key, message,nonce):
    z = hash_message(message)

    r = 0
    s = 0
    half_mod=57896044618658097711785492504343953926418782139537452191302581570759080747169
   
    while not r or not s:
        k = nonce# random.randrange(1, curve.n)
        x, y = scalar_mult(k, curve.g)

        r = x % curve.n
        s = ((z + r * private_key) * inverse_mod(k, curve.n)) % curve.n
        if s> half_mod:
            s=curve.n -s
        if s<0:
            s=s%curve.n
   
     
    return r, s,z

def verify_signature(public_key, message, signature):
    z=message
   
    r, s = signature

    w = inverse_mod(s, curve.n)
    u1 = (z * w) % curve.n
    u2 = (r * w) % curve.n

    x, y = point_add(scalar_mult(u1, curve.g),
                     scalar_mult(u2, public_key))

    if (r % curve.n) == (x % curve.n):
        return 'signature matches'
    else:
        return 'invalid signature'

def egcd(a, b):
    "Euclidean greatest common divisor"
    if a == 0:
        return (b, 0, 1)
    else:
        g, y, x = egcd(b % a, a)
        return (g, x - (b // a) * y, y)

def modinv(a, m):
    "Modular inverse"
    # in Python 3.8 you can simply return pow(a,-1,m)
    g, x, y = egcd(a, m)
    if g != 1:
        raise Exception('modular inverse does not exist')
    else:
        return x % m

   
 
   
def make_val(priv,nonce,msg,id):   

        private, public = make_keypair(priv)
         
        r,s,z = sign_message(private, msg,nonce)
         
        print()
        print("tra"+str(id)+"=", id)
       
        print("z"+str(id)+"=",z)
        print("r"+str(id)+"=",r)
        print("s"+str(id)+"=",s)
       
         
        return private,public,nonce,r,s,z
 
   
import random

a=2**119                                             # min nonce range
c=2**120                                  # max nonce range
priv=random.randrange(a,c)  # here put real privatekey for testing address

print("priv=",priv)

for i in range(1,22):
    priv=priv
    nonce=random.randrange(a,c)
    war= str(os.urandom(25)) + str(nonce)         # message for hash you can change
    msg= bytes(war, 'utf-8')
    make_val(priv,nonce,msg,i)
 

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 02:09:39 PM
Sent pm

Title: Re: python/sage script for sell
Post by: a.a on October 24, 2021, 07:34:08 PM
Your signing method seems to be wrong. Shouldn't you be using curve.p instead of curve.n?

Title: Re: python/sage script for sell
Post by: stilichovandal on October 24, 2021, 09:04:46 PM
interesting script.
let's make another test,

below are the transactions generated ..

tra1= 1
z1= 76876030023415608668423338825784187452811639173959320017817337455802041964103
r1= 29160437407760520088247392323108134391883974944341759721909486038392263934252
s1= 88057664668158915012604599595493011104336144057048137151796684081161455068940

tra2= 2
z2= 61263116138134401525028229058918539609568640472628708541655291156521288618248
r2= 11549193954947596960703021534561318910687537033109530363590706949861810191464
s2= 13855753320462738868894436900000308125592534663165802454975929237386525551901

tra3= 3
z3= 94120272562392704147662507148139386415636002525757800768256455290364818983329
r3= 13235484545503092834351146107583288106526331893492330386542837886995039286857
s3= 113471888736454597898872446719734211059501085408597184281019577940003149168065

tra4= 4
z4= 99367284209844177315046616821185029528460822746665482351687345968205433531175
r4= 21288395071614272342731373579454206117249664754398039513644770673861859644939
s4= 73413879352532156241008151728886908980344895524488338859086767531496556394060

tra5= 5
z5= 69060216405924095583792910129380620270055713256952020221932327399807627102551
r5= 73000033343383277415474287756201732147913599806018084676911334919205184318951
s5= 87072726453737444924441523106612425315322987277779002678423286525578748401182

tra6= 6
z6= 92618601610473019371617964490946613446123192049470928113333991628587023928412
r6= 28067093485624905318698514057355456753086537066210474707760282283107230161754
s6= 81570316168538325691556352611345952414389273074007052937069015984756717263806

tra7= 7
z7= 64467069221879581988935526952178802798904578325721403807573521890371858623272
r7= 40928812080096313007619676294314551308323264286042053123514365242236661911514
s7= 1025329956085058380108911065381202269358907493178639449598067535198228526723

tra8= 8
z8= 72495741802917349120327698487760807911457277460026498073086860211586960327565
r8= 66378711205276032381995546935653475100643276511913002418773726587229576821881
s8= 108667454887055533668950227498601121583301007111191340394989504444791689053341

tra9= 9
z9= 78468020509772362123932250401279947970863640371108253522122735757309805907599
r9= 19231849856468166709561956160822737309083319782875295366880812480857879465237
s9= 2515169593593730466049902241306205711031444354734218814410691392439616554389

tra10= 10
z10= 78060509642529765276222634915143859953530748675308663141797340870084401854707
r10= 56781478814500394128333645854821980053762351020682230423318068363007571952796
s10= 8225138324074299127136188647123494944401351632612802372258470782812066336142

tra11= 11
z11= 79779827977136050305633476576385475751837262413801195246508844247195592956474
r11= 42569001943452434099942841287472883596088766927308919058922517240095023952305
s11= 1407663125118136808095389526630427676124736628716353500388345820111796001963

tra12= 12
z12= 106595513637886365274814102808291057278198427947604804923492103024132298662073
r12= 82416951132458437959864195479573279283096423098842842786194452820181884122047
s12= 16199057421916147554949358350810895793907227884540563767261972649834152748107

tra13= 13
z13= 68489560520876775568471829325504723427546860570677632392865683298027878436623
r13= 97942681488182315702560424236758409557001611486493184883333474649302628551040
s13= 73733576094385257028905244483867697271765712587658384121942578933083863131832

tra14= 14
z14= 88824913088586937091819419238438566701164343626280360487024697411739517103707
r14= 54289814375981922050958676638679327321247871495949246283904693248453246656483
s14= 91832431429520445149775820905320653634764190190929933708848042218874834508501

tra15= 15
z15= 85652327308811831382436205738266460574222300027367907748239792342952828973440
r15= 16613711354407097236850928854924361601015689306227892348440906864631885091973
s15= 80840039291427506062454499523631109705679566193223311715899795877750967539328

tra16= 16
z16= 65060641157937371808555230733609853408909684112561988842072826300674063030547
r16= 104272014795452675535604260916341363821801933757316993779707566144315357534767
s16= 86623263268148577559494707215944538702409651713369659284047337653056673517623

tra17= 17
z17= 111828740236090006688693495832192963032795368231157257335682470941267007171558
r17= 89073547190536414618222055280881620385309523951183694730779807318963214062280
s17= 109852499300962433164815238778976004880948668774843008897372116247815588738702

tra18= 18
z18= 98824167654958447904489072947892095719405536039819629922932614656069882836190
r18= 80987801020493569105412481143009310543451106437305306879480172043706552070200
s18= 33017440135053449429258988709931326418137982872316712662094074998694479956568

tra19= 19
z19= 64307891501710594612236762901627124305599192466451363765179703547459709187480
r19= 21793799379832572713485577223088553086939424517472399285847216328442532064794
s19= 57621584260137986132128912542938486391934345981617370353522147947744830696635

tra20= 20
z20= 87311263504060842953223757709363617585048656968711362882688595327084899926608
r20= 58944493751340891960057257317550109107802599663133688394628165694699116166302
s20= 78661678553724693559058028336158306051073544759382911835052759016056395015517

tra21= 21
z21= 85846385515466853782022953566659546519630368523799342752436473930357927040631
r21= 6002735972245524477516556767980019540936244579324152202005870420240057764448
s21= 6096604835397983429571849012761639775661587856381434059954190328993227033547

Title: Re: python/sage script for sell
Post by: COBRAS on October 25, 2021, 01:05:00 AM
Message: Hello:


Sig 1 r,s:  106923403469002071464573643869707943966592504366901776923810957756971389802522 80644014881334606089034734916645373182384062016959511132596853876102905308683

Key:  792377483100611830733857591710555576


Found Key:  792377483100611830733857591710555576


---
Hello

Sig 1 r,s:  51496392411956281611216040617208993114191228038244851270986452420155730516939 78154197876022834302130548608667134295529625766386000530779695147903725696167

Key:  792377483100611830733857591710555576


Found Key:  792377483100611830733857591710555576

-----
Hello


Sig 1 r,s:  78845760925423278127109896178090076396844806233069150452205432985160611009863 69647486112828410636313537117172013006153788606821401126409200197358361408478


Key:  792377483100611830733857591710555576


Found Key:  792377483100611830733857591710555576

_----------

Check please, my r,s are good or not ???

Check someone please, and I will gift you privkey for 1 addres in pm. ;D

Title: Re: python/sage script for sell
Post by: COBRAS on October 25, 2021, 06:10:07 AM
Quote from: interiawp on October 24, 2021, 01:33:18 PM
it was easy : first nonce is....


so. your first r = 95781203938134771654748299032707231792956540686382340872008587989453366815619
nonce k = 1050579349868621761136446930980763481

do I need calculate priv?:)

so ..works!

Hi !!

Then I use my scrypt, I get:

Inputs:

Message. - 1

Nonce - 1050579349868621761136446930980763481

Privkey -
792377483100611830733857591710555576

I get R
 95781203938134771654748299032707231792956540686382340872008587989453366815619

S - 80727512625679490130821917141198584466211136904971132112411065595033151255463

And recover privkey, this is my out:

Privkey - 792377483100611830733857591710555576

Does a my R,S and nonse right for message "1" ?

Regards.

P.s. Congratulate you with your scrypt !!!

P.s. To All, provide me test messages, nonce, r,s I will try find a privkey and you will say me privkey valid or not.

Only 1 complet to 1 privkey for 1 pcs r,s,nonce,message.

?????

Title: Re: python/sage script for sell
Post by: stilichovandal on October 25, 2021, 07:13:13 AM
Quote from: interiawp on October 25, 2021, 06:26:14 AM
Quote from: stilichovandal on October 24, 2021, 09:04:46 PM
interesting script.
let's make another test,

below are the transactions generated ..

tra1= 1
z1= 76876030023415608668423338825784187452811639173959320017817337455802041964103
r1= 29160437407760520088247392323108134391883974944341759721909486038392263934252
s1= 88057664668158915012604599595493011104336144057048137151796684081161455068940

tra2= 2
z2= 61263116138134401525028229058918539609568640472628708541655291156521288618248
r2= 11549193954947596960703021534561318910687537033109530363590706949861810191464
s2= 13855753320462738868894436900000308125592534663165802454975929237386525551901

tra3= 3
z3= 94120272562392704147662507148139386415636002525757800768256455290364818983329
r3= 13235484545503092834351146107583288106526331893492330386542837886995039286857
s3= 113471888736454597898872446719734211059501085408597184281019577940003149168065

tra4= 4
z4= 99367284209844177315046616821185029528460822746665482351687345968205433531175
r4= 21288395071614272342731373579454206117249664754398039513644770673861859644939
s4= 73413879352532156241008151728886908980344895524488338859086767531496556394060

tra5= 5
z5= 69060216405924095583792910129380620270055713256952020221932327399807627102551
r5= 73000033343383277415474287756201732147913599806018084676911334919205184318951
s5= 87072726453737444924441523106612425315322987277779002678423286525578748401182

tra6= 6
z6= 92618601610473019371617964490946613446123192049470928113333991628587023928412
r6= 28067093485624905318698514057355456753086537066210474707760282283107230161754
s6= 81570316168538325691556352611345952414389273074007052937069015984756717263806

tra7= 7
z7= 64467069221879581988935526952178802798904578325721403807573521890371858623272
r7= 40928812080096313007619676294314551308323264286042053123514365242236661911514
s7= 1025329956085058380108911065381202269358907493178639449598067535198228526723

tra8= 8
z8= 72495741802917349120327698487760807911457277460026498073086860211586960327565
r8= 66378711205276032381995546935653475100643276511913002418773726587229576821881
s8= 108667454887055533668950227498601121583301007111191340394989504444791689053341

tra9= 9
z9= 78468020509772362123932250401279947970863640371108253522122735757309805907599
r9= 19231849856468166709561956160822737309083319782875295366880812480857879465237
s9= 2515169593593730466049902241306205711031444354734218814410691392439616554389

tra10= 10
z10= 78060509642529765276222634915143859953530748675308663141797340870084401854707
r10= 56781478814500394128333645854821980053762351020682230423318068363007571952796
s10= 8225138324074299127136188647123494944401351632612802372258470782812066336142

tra11= 11
z11= 79779827977136050305633476576385475751837262413801195246508844247195592956474
r11= 42569001943452434099942841287472883596088766927308919058922517240095023952305
s11= 1407663125118136808095389526630427676124736628716353500388345820111796001963

tra12= 12
z12= 106595513637886365274814102808291057278198427947604804923492103024132298662073
r12= 82416951132458437959864195479573279283096423098842842786194452820181884122047
s12= 16199057421916147554949358350810895793907227884540563767261972649834152748107

tra13= 13
z13= 68489560520876775568471829325504723427546860570677632392865683298027878436623
r13= 97942681488182315702560424236758409557001611486493184883333474649302628551040
s13= 73733576094385257028905244483867697271765712587658384121942578933083863131832

tra14= 14
z14= 88824913088586937091819419238438566701164343626280360487024697411739517103707
r14= 54289814375981922050958676638679327321247871495949246283904693248453246656483
s14= 91832431429520445149775820905320653634764190190929933708848042218874834508501

tra15= 15
z15= 85652327308811831382436205738266460574222300027367907748239792342952828973440
r15= 16613711354407097236850928854924361601015689306227892348440906864631885091973
s15= 80840039291427506062454499523631109705679566193223311715899795877750967539328

tra16= 16
z16= 65060641157937371808555230733609853408909684112561988842072826300674063030547
r16= 104272014795452675535604260916341363821801933757316993779707566144315357534767
s16= 86623263268148577559494707215944538702409651713369659284047337653056673517623

tra17= 17
z17= 111828740236090006688693495832192963032795368231157257335682470941267007171558
r17= 89073547190536414618222055280881620385309523951183694730779807318963214062280
s17= 109852499300962433164815238778976004880948668774843008897372116247815588738702

tra18= 18
z18= 98824167654958447904489072947892095719405536039819629922932614656069882836190
r18= 80987801020493569105412481143009310543451106437305306879480172043706552070200
s18= 33017440135053449429258988709931326418137982872316712662094074998694479956568

tra19= 19
z19= 64307891501710594612236762901627124305599192466451363765179703547459709187480
r19= 21793799379832572713485577223088553086939424517472399285847216328442532064794
s19= 57621584260137986132128912542938486391934345981617370353522147947744830696635

tra20= 20
z20= 87311263504060842953223757709363617585048656968711362882688595327084899926608
r20= 58944493751340891960057257317550109107802599663133688394628165694699116166302
s20= 78661678553724693559058028336158306051073544759382911835052759016056395015517

tra21= 21
z21= 85846385515466853782022953566659546519630368523799342752436473930357927040631
r21= 6002735972245524477516556767980019540936244579324152202005870420240057764448
s21= 6096604835397983429571849012761639775661587856381434059954190328993227033547




priv : 163933502030832404384531025411662545

it is correct, I must confirm that your script really works.

Title: Re: python/sage script for sell
Post by: a.a on October 25, 2021, 07:55:58 AM
Well check your pms

Title: Re: python/sage script for sell
Post by: lostrelic on October 25, 2021, 09:23:04 AM
Quote from: interiawp on October 25, 2021, 07:40:05 AM
maybe some one want test on range from 2**1 to 2**240 bit?

:D

I can’t DM you due to message limits can you send the script to DM and if successfully works you will be tipped for your work?

Regards Relic

Title: Re: python/sage script for sell
Post by: COBRAS on October 25, 2021, 01:42:41 PM
Quote from: interiawp on October 25, 2021, 07:40:05 AM
maybe some one want test on range from 2**1 to 2**240 bit?

:D

Easy.

Provide bitcoin transaction  message, nonce,r,s ???

Title: Re: python/sage script for sell
Post by: a.a on October 25, 2021, 03:19:38 PM
When providing nonce should we also provide the privatekey so that you can check if it is the correct one?

Title: Re: python/sage script for sell
Post by: COBRAS on October 25, 2021, 07:40:04 PM
Quote from: a.a on October 25, 2021, 03:19:38 PM
When providing nonce should we also provide the privatekey so that you can check if it is the correct one?

Yeas !!!

You can not provide a privkey. I not wary about privkey.

Title: Re: python/sage script for sell
Post by: a.a on October 25, 2021, 07:43:19 PM
Oh shut up cobras. Your script does not do shit. Interiawp is doing a lattice attack on the nonces to retrieve them. Your script does not even retrieve the nonce, but needs the nonce in the first place. So please spam your own garbage thread.

Title: Re: python/sage script for sell
Post by: COBRAS on November 01, 2021, 11:52:17 AM

R,s,z generates only for inputs transaction.

Is it posible generate with scrypt "virtual" test transaction to real publick key(empty, without money any old publick key for ex) and get valid r,s,z for this transaction and this real publick key ?

Thanks.
]

Title: Re: python/sage script for sell
Post by: COBRAS on November 10, 2021, 06:34:52 PM
If someone ready to buy go to my thread

https://bitcointalk.org/index.php?topic=5370215.0

Title: Re: python/sage script for sell
Post by: TheArchaeologist on November 10, 2021, 08:00:42 PM
Quote from: COBRAS on November 01, 2021, 11:52:17 AM
Is it posible generate with scrypt "virtual" test transaction to real publick key(empty, without money any old publick key for ex) and get valid r,s,z for this transaction and this real publick key ?
Transactions to a public key (so a P2PKH transaction), where this "real" public key is on the receiving end will not make any difference. You need signatures made by the corresponding private key and those will obviously only occur whenever an outgoing transaction is made for the lattice attack to work.

If you want to have some more info on how this kind of attack works read this study called "Biased Nonce Sense: Lattice Attacks against
Weak ECDSA Signatures in Cryptocurrencies". PDF here -> https://eprint.iacr.org/2019/023.pdf (https://eprint.iacr.org/2019/023.pdf)

Title: Re: python/sage script for sell
Post by: CryptoSh1va on November 29, 2021, 08:51:41 AM
Quote from: lostbitcoin on November 20, 2021, 01:06:08 AM
...fixed R value, not a random R value.
pm me

Title: Re: del
Post by: cixegz on December 27, 2021, 04:35:04 PM
this is normal math sqrt√(x)^2,
      test value: 4^2 = 16, next root return 4
                       -8^2= 64,next root return 8

how to bitcoin Publickey x and y use to  sqrt example: √(x,y)^2
how to calculate sqrt for bitcoin publickey teach me please

example1:x,y
px: e493dbf1c10d80f3581e4904930b1404cc6c13900ee0758474fa94abe8c4cd13   py: 51ed993ea0d455b75642e2098ea51448d967ae33bfbdfe40cfe97bdc47739922 #privatekey 4
px: 421f5fc9a21065445c96fdb91c0c1e2f2431741c72713b4b99ddcb316f31e9fc   py: 2b90f16d11dabdb616f6db7e225d1e14743034b37b223115db20717ad1cd6781 #privatekey 4^2 = 16
ans
px: e493dbf1c10d80f3581e4904930b1404cc6c13900ee0758474fa94abe8c4cd13   py: 51ed993ea0d455b75642e2098ea51448d967ae33bfbdfe40cfe97bdc47739922 #privatekey √16 = 4

example2:
px: 2f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01   py: a3b25758beac66b6d6c2f7d5ecd2ec4b3d1dec2945a489e84a25d3479342132b # -8
px: ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88   py: e57a6f571288ccffdcda5e8a7a1f87bf97bd17be084895d0fce17ad5e335286e # -8^ = 64
ans
px: 2f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01   py: 5c4da8a741539949293d082a132d13b4c2e213d6ba5b7617b5da2cb76cbde904 # √64 = 8

how does work explain. do u understad my problem ,i speak little english

Title: Re: python/sage script for sell
Post by: PrivatePerson on March 27, 2022, 07:23:18 PM
Quote from: a.a on October 24, 2021, 01:45:22 PM
strange. It is correct.

Btw. I modified your script:

Code:
import collections
import hashlib
import random
import os

EllipticCurve_1 = collections.namedtuple('EllipticCurve', 'name p a b g n h')

curve = EllipticCurve_1(
    'secp256k1',
    # Field characteristic.
    p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f,
    # Curve coefficients.
    a=0,
    b=7,
    # Base point.
    g=(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
       0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8),
    # Subgroup order.
    n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141,
    # Subgroup cofactor.
    h=1,
)


# Modular arithmetic ##########################################################

def inverse_mod(k, p):
    """Returns the inverse of k modulo p.
    This function returns the only integer x such that (x * k) % p == 1.
    k must be non-zero and p must be a prime.
    """
    if k == 0:
        raise ZeroDivisionError('division by zero')

    if k < 0:
        # k ** -1 = p - (-k) ** -1  (mod p)
        return p - inverse_mod(-k, p)

    # Extended Euclidean algorithm.
    s, old_s = 0, 1
    t, old_t = 1, 0
    r, old_r = p, k

    while r != 0:
        quotient = old_r // r
        old_r, r = r, old_r - quotient * r
        old_s, s = s, old_s - quotient * s
        old_t, t = t, old_t - quotient * t

    gcd, x, y = old_r, old_s, old_t

    assert gcd == 1
    assert (k * x) % p == 1

    return x % p


# Functions that work on curve points #########################################

def is_on_curve(point):
    """Returns True if the given point lies on the elliptic curve."""
    if point is None:
        # None represents the point at infinity.
        return True

    x, y = point

    return (y * y - x * x * x - curve.a * x - curve.b) % curve.p == 0


def point_neg(point):
    """Returns -point."""
    assert is_on_curve(point)

    if point is None:
        # -0 = 0
        return None

    x, y = point
    result = (x, -y % curve.p)

    assert is_on_curve(result)

    return result


def point_add(point1, point2):
    """Returns the result of point1 + point2 according to the group law."""
    assert is_on_curve(point1)
    assert is_on_curve(point2)

    if point1 is None:
        # 0 + point2 = point2
        return point2
    if point2 is None:
        # point1 + 0 = point1
        return point1

    x1, y1 = point1
    x2, y2 = point2

    if x1 == x2 and y1 != y2:
        # point1 + (-point1) = 0
        return None

    if x1 == x2:
        # This is the case point1 == point2.
        m = (3 * x1 * x1 + curve.a) * inverse_mod(2 * y1, curve.p)
    else:
        # This is the case point1 != point2.
        m = (y1 - y2) * inverse_mod(x1 - x2, curve.p)

    x3 = m * m - x1 - x2
    y3 = y1 + m * (x3 - x1)
    result = (x3 % curve.p,
              -y3 % curve.p)

    assert is_on_curve(result)

    return result


def scalar_mult(k, point):
    """Returns k * point computed using the double and point_add algorithm."""
    assert is_on_curve(point)

    if k % curve.n == 0 or point is None:
        return None

    if k < 0:
        # k * point = -k * (-point)
        return scalar_mult(-k, point_neg(point))

    result = None
    addend = point

    while k:
        if k & 1:
            # Add.
            result = point_add(result, addend)

        # Double.
        addend = point_add(addend, addend)

        k >>= 1

    assert is_on_curve(result)

    return result


# Keypair generation and ECDSA ################################################

def make_keypair(private):
    """Generates a random private-public key pair."""
    private_key = private#random.randrange(1, curve.n)
    public_key = scalar_mult(private_key, curve.g)

    return private_key, public_key


def hash_message(message):
    """Returns the truncated SHA512 hash of the message."""
    message_hash = hashlib.sha512(message).digest()
    e = int.from_bytes(message_hash, 'big')

    # FIPS 180 says that when a hash needs to be truncated, the rightmost bits
    # should be discarded.
    z = e >> (e.bit_length() - curve.n.bit_length())

    assert z.bit_length() <= curve.n.bit_length()

    return z


def sign_message(private_key, message,nonce):
    z = hash_message(message)

    r = 0
    s = 0
    half_mod=57896044618658097711785492504343953926418782139537452191302581570759080747169
   
    while not r or not s:
        k = nonce# random.randrange(1, curve.n)
        x, y = scalar_mult(k, curve.g)

        r = x % curve.n
        s = ((z + r * private_key) * inverse_mod(k, curve.n)) % curve.n
        if s> half_mod:
            s=curve.n -s
        if s<0:
            s=s%curve.n
   
     
    return r, s,z

def verify_signature(public_key, message, signature):
    z=message
   
    r, s = signature

    w = inverse_mod(s, curve.n)
    u1 = (z * w) % curve.n
    u2 = (r * w) % curve.n

    x, y = point_add(scalar_mult(u1, curve.g),
                     scalar_mult(u2, public_key))

    if (r % curve.n) == (x % curve.n):
        return 'signature matches'
    else:
        return 'invalid signature'

def egcd(a, b):
    "Euclidean greatest common divisor"
    if a == 0:
        return (b, 0, 1)
    else:
        g, y, x = egcd(b % a, a)
        return (g, x - (b // a) * y, y)

def modinv(a, m):
    "Modular inverse"
    # in Python 3.8 you can simply return pow(a,-1,m)
    g, x, y = egcd(a, m)
    if g != 1:
        raise Exception('modular inverse does not exist')
    else:
        return x % m

   
 
   
def make_val(priv,nonce,msg,id):   

        private, public = make_keypair(priv)
         
        r,s,z = sign_message(private, msg,nonce)
         
        print()
        print("tra"+str(id)+"=", id)
       
        print("z"+str(id)+"=",z)
        print("r"+str(id)+"=",r)
        print("s"+str(id)+"=",s)
       
         
        return private,public,nonce,r,s,z
 
   
import random

a=2**119                                             # min nonce range
c=2**120                                  # max nonce range
priv=random.randrange(a,c)  # here put real privatekey for testing address

print("priv=",priv)

for i in range(1,22):
    priv=priv
    nonce=random.randrange(a,c)
    war= str(os.urandom(25)) + str(nonce)         # message for hash you can change
    msg= bytes(war, 'utf-8')
    make_val(priv,nonce,msg,i)
 
Can you explain what this script does?
How to set input parameters?


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines