 Show Posts
|
|
Pages: [1] 2 »
|
|
Hello. How to find lsb or msb bit leak in lattice attack? Is there a method for this?
|
|
|
|
|
Hello.
I hope someone knows. 🙏 What does it mean that the R value starts with 0?
My other question is, what is the way to find the msb bits for lattice attack?
|
|
|
|
|
Yes, I asked a question and it was deleted. I don't understand why.
I've been searching on the internet, but I still haven't figured out how to use the leaked parts.
|
|
|
|
can I use your script with real values? I couldn't find a way. In short, the attacker influences the selection of the nonce in such a way that a portion of a secret can be derived from each signature. The secret to be leaked can be anything, but it is just a random value in the example code: secret_to_leak = randscalar()
The nonce, k, is computed by multiplying a small portion, si, of the secret, S, by a value, b, known only to the attacker. Since b is known by the attacker and si is a small value, k and si can be recovered. k = si * b obfuscates the fact that k is not random. So how can I find the value of b? Trial and error method for example? Is b an integer? |
|
|
|
Hello friends. I came across a source code on github. backdoor ecdsa. I displayed it with the rsz values I discovered. but I couldn't make any sense. What exactly are the leaked values and what do they do? Does anyone have knowledge about this? https://github.com/oreparaz/backdoor-ecdsa.git |
|
|
|
|
So how to find nonce leak?
|
|
|
|
|
hello. How can I find my rsa values (p, q, n, e) from my own public key? There is a lot of information about this, but I couldn't find a concrete example.
|
|
|
|
|
iceland2k14 I can't believe you're here. Very pleased to meet you.
You said in one of your articles, "There are several ways to find a nonce." Is there anything else you can suggest?
|
|
|
|
|
Hello friends.
How can we solve the relationship between the two nonces used in the bitcoin transfer signature? Does anyone have information about this? Or what formulas do you use to find the K value?
|
|
|
|
How do you find the nonce bit in lattice operations? I want to use https://github.com/bitlogik/lattice-attack, but I don't know how to fill the data.json file with my original data. Can anyone detail the process? |
|
|
|
I can't do this in Electrum. It wants private keys in WIF format but my list is in hex format  |
|
|
|
Thank you very much for your help, I will try it  |
|
|
|
|
Hello friends. I have a certain private key list, there are approximately 5000 keys. It takes time to check all these one by one. is there a software for this? Can I upload my private key list and perform balance check or address matching?
|
|
|
|
|
I don't actually have any range. It looked small to me.
So do you know a way to understand the relationship between two nonces?
|
|
|
|
|
Thank you very much, I will try again.
With your permission, I would like to ask a question; I saw that you also wrote about lattice attack. How can I find known bits? Do you have any knowledge about this topic
|
|
|
|
|
Hello, did you succeed in the attack?
|
|
|
|
|
So is there any way to understand this?
|
|
|
|
|
Is there no one who can check this?
|
|
|
|
|
So how did you find your G spot? and p is your prime? I'm trying to learn, but I don't have enough knowledge.
|
|
|
|
|
Hello, what is your formula to find k? I've been looking for this too and couldn't find a solution.
|
|
|
|
|
