Title: New Weak Signature Challenge Post by: johoe on January 30, 2017, 12:05:10 PM Looks like someone put a challenge for breaking weak signatures:
https://blockchain.info/de/tx/695b04afbc477d045d396f062eeff5e950e5e44f91b7e2b273c5a74e27306177 When spending the first three outputs of this transaction, a weak signature was used. The first output used k=1 when spent. This was broken immediately by a bot. The second output used the same k as a previous transaction of 19iAvuzfb8uH2SZLYcbb5wtbBZdn1o3vRm. The latter is probably a weak brainwallet or something similar. I didn't break it though. amaclin, can you explain? The third output has k=private key. I solved the challenge and collected. The fourth output is still unsolved. The other four outputs are not yet spent. I guess we still have to wait for the challenge. Or maybe the address is weak for some other reason. Title: Re: New Weak Signature Challenge Post by: adaseb on January 30, 2017, 06:34:18 PM So its like https://bitcointalk.org/index.php?topic=1306983.0;all
except with very little reward Title: Re: New Weak Signature Challenge Post by: amaclin on January 30, 2017, 08:52:42 PM amaclin, can you explain? I visit this board not very often. For fast reply PM me with a linkLooks like someone put a challenge for breaking weak signatures: I think somebody is testing his bot for redeeming leaked private keys.I was talking with some guys about cryptography and ecdsa, may be one of them decided to join our company exploring blockchain in real-time Quote https://blockchain.info/de/tx/695b04afbc477d045d396f062eeff5e950e5e44f91b7e2b273c5a74e27306177 This is not his first attemptWhen spending the first three outputs of this transaction, a weak signature was used. Quote The first output used k=1 when spent. This was broken immediately by a bot. I am sure that 1ASPNUU belongs to the author of these transactionsQuote The second output used the same k as a previous transaction of 19iAvuzfb8uH2SZLYcbb5wtbBZdn1o3vRm. You are right. But I can not tell you more info. I have a key-value database {priv32->pub32}The latter is probably a weak brainwallet or something similar. I didn't break it though. amaclin, can you explain? but I do not store when and where I got these datas Quote The third output has k=private key. I solved the challenge and collected. congrats!(its a pity that my math is not so strong. i will try to solve it too.) Quote The fourth output is still unsolved. I doubt that this challenge would be public contest.The other four outputs are not yet spent. I guess we still have to wait for the challenge. Or maybe the address is weak for some other reason. For my point of view somebody is testing signing bitcoin transactions with deterministic-generated signatures for resolving the private keys of his victims later by analyzing the blockchain. The function k () can depends on digest, public key and some other data. for example k = digest or k = inv (digest) or even k = sha256 ( digest | pubkey ) By the way, I have some research about 2-of-3 msig addresses with a key of 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH Title: Re: New Weak Signature Challenge Post by: amaclin on January 30, 2017, 08:58:36 PM So its like https://bitcointalk.org/index.php?topic=1306983.0;all except with very little reward Note: I sent a message about this transaction in few hours after it was broadcasted. https://bitcointalk.org/index.php?topic=932434.0 Title: Re: New Weak Signature Challenge Post by: BTCMORGAN on February 03, 2017, 05:41:52 AM So its like https://bitcointalk.org/index.php?topic=1306983.0;all except with very little reward Note: I sent a message about this transaction in few hours after it was broadcasted. https://bitcointalk.org/index.php?topic=932434.0 Is there a website that simplifies the process of computing the private key from a weak signature? Title: Re: New Weak Signature Challenge Post by: adaseb on February 03, 2017, 07:08:05 PM So if we created our cold storage with Bitaddress.org should we be worried?
Title: Re: New Weak Signature Challenge Post by: Decoded on February 04, 2017, 11:07:30 AM So if we created our cold storage with Bitaddress.org should we be worried? No. If it's legit cold storage and you generated it properly (You used an offline computer running bitaddress hopefully in a secure environment), you shouldn't be worried. Bitaddress is generated 100% by you, so your greatest worry should be malware, not collisions. Title: Re: New Weak Signature Challenge Post by: johoe on February 04, 2017, 10:43:24 PM Is there a website that simplifies the process of computing the private key from a weak signature? I doubt it. There is a website that explains the math behind it, but it isn't a step by step guide or even an automatic JavaScript program. Note that there are very few broken signatures, maybe once every few months. And they are usually exploited quickly (which is only possible if the addresses are reused). And some people have bots running that can do this immediately. |