|
Title: How to generate publick key from R,S,Z sighnature ? Post by: COBRAS on December 11, 2021, 03:58:13 AM Subj.
Looking for a python scrypt or code for transaction with 1 and many inputs/outputs. ??? Thanks. Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: OddyseyGames on December 11, 2021, 08:22:14 AM Hi. If I am not mistaken, then you can use this library for your purposes.
https://github.com/petertodd/python-bitcoinlib (https://github.com/petertodd/python-bitcoinlib) Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: stanner.austin on December 11, 2021, 09:33:00 AM @COBRAS
If you have Random(R)/sign(S)/message hash(Z) you can use simple algo. pub = (R*S-G*Z) / R Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: BlackHatCoiner on December 11, 2021, 01:24:51 PM I'm utterly confused by the title and the OP. Do you want to derive the public key from the R, S, Z values or from a transaction raw that may have many inputs/outputs? If it's the former, it's
python-bitcoinlib should have this. Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: pooya87 on December 11, 2021, 01:58:14 PM Do you want to derive the public key from the R, S, Z values or from a transaction raw that may have many inputs/outputs? If it's the former, it's impossible, It is possible.The logical way is to just read the transaction and almost all signatures come with their public key and viola you have the public key! The other way is to perform what is known as public key recovery operation (section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2). This way you can recover a number of possible public keys from signature and message. Cryptography libraries that support ECC should have this option. In bitcoin libraries you may find it used in message verification methods. Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: COBRAS on December 11, 2021, 02:35:51 PM Do you want to derive the public key from the R, S, Z values or from a transaction raw that may have many inputs/outputs? If it's the former, it's impossible, It is possible.The logical way is to just read the transaction and almost all signatures come with their public key and viola you have the public key! The other way is to perform what is known as public key recovery operation (section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2). This way you can recover a number of possible public keys from signature and message. Cryptography libraries that support ECC should have this option. In bitcoin libraries you may find it used in message verification methods. I thant filter rsz for needed pubkeyvand remove all what have not exact needed pubkey. Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: BlackHatCoiner on December 11, 2021, 02:40:03 PM The other way is to perform what is known as public key recovery operation (section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2). True. Learnt something new today. Quote from: section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2 Actions: Find public key Q as follows. 1. For j from 0 to h do the following. 1.1. Let x = r + jn. 1.2. Convert the integer x to an octet string X of length mlen using the conversion routine specified in Section 2.3.7, where mlen = (log2p)/8 or mlen = m/8. 1.3. Convert the octet string X to an elliptic curve point R using the conversion routine specified in Section 2.3.4. If this conversion routine outputs “invalid”, then do another iteration of Step 1. 1.4. If nR ≠ O, then do another iteration of Step 1. 1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification. 1.6. For k from 1 to 2 do the following. 1.6.1. Compute a candidate public key as: Q = r-1(sR − eG). 1.6.2. Verify that Q is the authentic public key. (For example, verify the signature of a certification authority in a certificate which has been truncated by the omission of Q from the certificate.) If Q is authenticated, stop and output Q. 1.6.3. Change R to −R. I'd be thankful if you represented the implementation of this as I don't understand what's R. Here's a pair of R, S, Z: Code: 20206c79208eeb03c8ecab3c17a3e9efae5953460c71dff6306ecda4a12533c8, 3604945cde5ea4f3d3f3d4eb007a589b6763c25d5f765bbbadbd554f70abd8ad, 836d795b585d8014d3f015791d183da57e7caf6a678135c345af78b2bfa9317a I googled and found a stackexchange post (https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work), but I can't seem to get this: Quote First, you find the two points R, R′ which have the value r as the x-coordinate r. Is R = r * G? Also, if you can derive the public key from R, S, Z why do we have to provide it in the scriptSig? It only takes space and hence, makes the transaction fee greater. Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: pooya87 on December 11, 2021, 03:05:47 PM I'd be thankful if you represented the implementation of this as I don't understand what's R. In python (https://github.com/tlsfuzzer/python-ecdsa/blob/4de8d5bf89089d1140eb99aa5d7eb2dc8e6337b6/src/ecdsa/ecdsa.py#L81) and in csharp (https://github.com/Autarkysoft/Denovo/blob/master/Src/Autarkysoft.Bitcoin/Cryptography/Asymmetric/EllipticCurve/EllipticCurveCalculator.cs#L487) and C (https://github.com/bitcoin-core/secp256k1/blob/aa5d34a8fe99b1f69306be20819f337dbd3283db/src/modules/recovery/main_impl.h#L137)In an ECDSA signature "r" is the x coordinate of the point "R". You can compute the full point R(x,y) by assuming y was even for this case. Quote Quote First, you find the two points R, R′ which have the value r as the x-coordinate r. Quote Also, if you can derive the public key from R, S, Z why do we have to provide it in the scriptSig? It only takes space and hence, makes the transaction fee greater. Because recovering public keys is an expensive operation and if we omit public keys from our scripts then verifying blocks and transactions become slower. Also we can recover multiple public keys (up to 4 for secp256k1) which would make verification that much slower.On top of that, we are using hash of the public key and public key has to exist to satisfy OP_SOMEHASH OP_EQUALVERIFY. Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: mamuu on December 11, 2021, 03:31:46 PM https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs
https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs/blob/master/getPubKeyFromRSZ.py Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: COBRAS on December 11, 2021, 04:40:30 PM https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs/blob/master/getPubKeyFromRSZ.py Thanks. To All !!! Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: fxsniper on December 13, 2021, 11:27:37 AM COBRAS,
Did you try idea puzzle #120 use that script flip/reverse convert from public key to R S Z and try use RSZ to recover private key. I try read from code it is very complex math I can not code. but it is good idea to try do it Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: COBRAS on December 13, 2021, 02:03:37 PM COBRAS, Did you try idea puzzle #120 use that script flip/reverse convert from public key to R S Z and try use RSZ to recover private key. I try read from code it is very complex math I can not code. but it is good idea to try do it I dont know any nethod how to get privkey from only one sighnature, so i recomend not qaste your time to try get privkey only from one z or rsz Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: fxsniper on December 21, 2021, 01:35:29 AM I dont know any nethod how to get privkey from only one sighnature, so i recomend not qaste your time to try get privkey only from one z or rsz Ok, I just understand method use RSZ is can use only if bad transaction/signature use same R value or other way use same nonce or use something duplicate or share it will can find difference, but if not have sorting duplicate it can not use to find keys https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs/blob/master/getPubKeyFromRSZ.py How to fix this script I found sometime script give result wrong by mission one zero at last y value for uncompressed pub key uncompressed public key 130 character but script give result 129 character compare result it is missing one zero Title: Re: How to generate publick key from R,S,Z sighnature ? Post by: COBRAS on December 21, 2021, 02:16:46 AM https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs https://github.com/Sean-Bradley/ECDSA_secp256k1_JordonMatrix_nodejs/blob/master/getPubKeyFromRSZ.py How to fix this script I found sometime script give result wrong by mission one zero at last y value for uncompressed pub key uncompressed public key 130 character but script give result 129 character compare result it is missing one zero https://github.com/iceland2k14/rsz |