Title: Small puzzle about ECDSA and other ECC things (Solved) Post by: albert0bsd on July 13, 2023, 03:12:46 PM Hi everyone.
To keep me some busy i made a small Puzzle for the members of my group in telegram. The Prize is in this Address: 17hxfkNjHb2d68PFcUKHeLLwbcwnXBTa9C it have near 100$ USD at current price. The puzzle is contained here: Code: -----BEGIN BITCOIN SIGNED MESSAGE----- I did this yesterday and it bring some spark of interest so here are some clues Code: -----BEGIN BITCOIN SIGNED MESSAGE----- In case that the forum messup the message here is the previous signed message in a text file https://drive.google.com/file/d/1cWlCo7ycY2-jTg575wIukx1p9YJFS2If/view?usp=sharing i already checked it and it is valid I sugest to you read ALL the documentation available. ::) The ECDSA documentation is here: https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages Here is a tool to verify the signatures easily https://reinproject.org/bitcoin-signature-tool/#verify About this puzzle it don't need any big computer power, but some small calcualtions are needed. There is not a single tool that solve this puzzle with a single line command you need to know what are you doing. If someone found the solution notify me here or in telegram. Regards Solved Messages with their signatures: @cryptobank_miki https://t.me/keyhunters/25845 Code: -----BEGIN BITCOIN SIGNED MESSAGE----- @sazilariel https://t.me/keyhunters/26241 Code: -----BEGIN BITCOIN SIGNED MESSAGE----- Title: Re: Small puzzle about ECDSA and other ECC things Post by: digaran on July 13, 2023, 07:17:16 PM This address uncompressed
1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN Belongs to empty string SHA-256 hash used as private key : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Chop chop fellow hunters, dive into the world of keys and hashes. Note the address has 0.00313110 BTC and not 0.0016. Good luck with my clues.😉 Title: Re: Small puzzle about ECDSA and other ECC things Post by: albert0bsd on July 13, 2023, 11:57:58 PM Wow.. the puzzle was redeem so fast... but it already continue, i will send 0.0024 BTC to the first person to make a valid text signature with this address 17hxfkNjHb2d68PFcUKHeLLwbcwnXBTa9C.
Paste it here o in the telegram channel. Regards! Title: Re: Small puzzle about ECDSA and other ECC things Post by: digaran on July 14, 2023, 12:54:38 AM Wow.. the puzzle was redeem so fast... but it already continue, i will send 0.0024 BTC to the first person to make a valid text signature with this address 17hxfkNjHb2d68PFcUKHeLLwbcwnXBTa9C. So what was the answer anyways? Could you at least give us some closure. LolPaste it here o in the telegram channel. Regards! Title: Re: Small puzzle about ECDSA and other ECC things Post by: albert0bsd on July 14, 2023, 01:44:42 AM So what was the answer anyways? Could you at least give us some closure. Lol I will publish it when a second person solve the puzzle. Title: Re: Small puzzle about ECDSA and other ECC things Post by: albert0bsd on July 18, 2023, 03:58:52 AM How this small puzzle was made.
The following were my objectives. - Show the importance of K - Show some math - Show the properties of Endomorphism - To make you think outside the box Steps to make the puzzle... 1.- Search a remarkable address with privatekey in the public Domain 2.- Make a signature for that address 3.- Decode and extract the values of the Signature values ( R, S and Z ) 4.- Calculate K with some code in Python or C 5.- Use an endomorphims value of K to generate a new Unused Address 6.- Send the prize to that new Address and publish the Puzzle. Steps with the Values already used:
Code Code: echo -n | sha256sum
Code: Final X, Y : c8ed745a344428d2342f29f2aa1a13fae1361f64e2e86e1764ea3600449767e9 0a119788b20caec8a773785c8008eeba3286e35ceb4f7f4df158c280fc338caa
if you askme how to i get the Inverse of the original S value i use a C code, but then i realize that i can use my modmath tool for that: Code: ./modmath 1 / 0x3fbd468ed282d42df2e32c64e7894abad3471fb06819043948d63660848d1a65 Originaly i use a C code, but it can be more easily to use Python Code: N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 The output: Code: >>> hex(K) At this point we are in half way to solve the puzzle. The math part of th puzzle is to use Algebra to reorder the Signature proof ecuation: Originally S = K^-1 * (Z + R *dA ) % N It was just reorder: K = S^-1 * (Z + R *dA ) % N Usually if we already have the private key (dA) then the nonce (K) value is useless but as a practice exercise get the K value of each one of your Transactions is very good learning exercise.
Code: ./modmath 0x414bbbb61505e0304ec9399dff8967ce5619a10e5829d3b06ea44295c4166746 x 0xac9c52b33fa3cf1f5ad9e3fd77ed9ba4a880b9fc8ec739c2e0cfc810b51283ce Then we only need to use a tool like calculatefromkey or some page like https://www.bitaddress.org/ to get the compressed address from that KEY Now than you already know how the puzzle was made then you know how to solve it, but i wan to show you three approach to solve it.
If you get the RSZ values from the Second signature (Clues signature) Command: Code: ./verifymsg -v -a 17hxfkNjHb2d68PFcUKHeLLwbcwnXBTa9C -s "H+a3NLPvRfoVgYgZBhvSiGY1001ylS8D5IjRbkrJ/MjlsSTCZ+rC8OIHyCFRwSHwGtIWx+xGIeR4x3nTpl1FUvY=" -m "$(cat ~/text.txt)" If you carefully check all the values here you can notice that Y value from the Nonce in the first message is the same tha the Y value of the publickey of the prize adress You don't belive me? check: First signaute fragment Code: Final X, Y : c8ed745a344428d2342f29f2aa1a13fae1361f64e2e86e1764ea3600449767e9 0a119788b20caec8a773785c8008eeba3286e35ceb4f7f4df158c280fc338caa Second signature fragment Code: Calculated publickey uncompressed: 04ec24fc672cf31509d75fb84d2ae5b2faa862aa54344a2db451e42d620e5eac2a0a119788b20caec8a773785c8008eeba3286e35ceb4f7f4df158c280fc338caa Look carefully, if you don't know nothing about endomorphism you may ask to chatGPT or some other AI, or even ask in a forum, the may point you in the right way to solve it. At this point if you missed the Y value in those publickeys you may need some glasses (No offence but the values were there visible for everyone)
Once than you already calculate the K value you can use keyhunt to search it: Code: ./keyhunt -m address -f target.txt -e -r 414bbbb61505e0304ec9399dff8967ce5619a10e5829d3b06ea44295c4166746
Code: Behind the result of the equations there are some variables that should Be also a secret This in my indirect way to tell you that you need to search for all the secrets in the equations. What Equations? Code: This is a signed message with ECDSA. Well you need to search what kind of equatios are involved in the ECDSA process, i paste the proper link in the first post Code: Every single Byte counts, how many Bytes have this message? With message i mean all the text that is begin signed in that second signature. How many bytes it have, did you count it? The message is 652 bytes, but if you select the characters in a text editor it only select 646 characters that including the Return lines, Where comes this difference? Use hexedit : Code: 00000000 43 6C 75 65 73 0A CE 92 65 68 69 6E 64 20 74 68 65 20 72 65 73 75 6C 74 Clues...ehind the result If you see the Values of the characters and check for printable Characters maybe you will notice that some of them are missing in the printable part: Those characters are: B and Λ (Beta and Lambda). You may not be an "expert" in soma field of study but you have google or all those new AI. Check this questions on ChatGPT: Code: Q: Is there something oddly in the Text of the clues ? As you see you can use the AI as entry point of information What about the other clues? Code: - How do we know the math used in ECDSA is right? Those are just valid question that you may ask to your self and search or think in what are some conditions mathematically needed to do something or prevent something. That is all... Regards Title: Re: Small puzzle about ECDSA and other ECC things (Solved) Post by: DaCryptoRaccoon on July 18, 2023, 09:22:29 AM Great puzzle Alberto.
I hope to see more of them in future. ;) Title: Re: Small puzzle about ECDSA and other ECC things (Solved) Post by: digaran on July 18, 2023, 10:33:25 AM So what was the answer to this puzzle? I mean what did we learn from it exactly?
Title: Re: Small puzzle about ECDSA and other ECC things (Solved) Post by: albert0bsd on July 18, 2023, 12:01:00 PM So what was the answer to this puzzle? I mean what did we learn from it exactly? - Calculate the K value when you have the privatekey - understand that K nonce is like another privatekey - Endomorphims - Use algebra to reorder the equations. - To use every single hint, or oddly data. - To search on any search engine available. Great puzzle Alberto. I hope to see more of them in future. ;) Thank you, I am going to make some of them, but I am not be able to sponsor more prizes like that, but I may add another kind of reward. |