So, let's see: First signature: Second signature:
Thank you garlonicon I try to understand math (still stuck with calculate by manual step by step)
|
|
|
Final equations: If you know k, you can get d. If you know d, you can get k. It is a pair of connected numbers. I try use this calculate puzzle #115 but it now work Can you help to samplecalculate puzzle #115
|
|
|
if can modify lattice-attack or cam switch from weak nonce to calculate weak private key may be possible to use solve puzzle 120-160 bit It is possible, but there is only one problem: you need two signatures. And you need two random signatures, not just two any signatures. Lattice is not that deterministic, you cannot use N and N-1 as your 120-bit nonce. I tried solving this Taproot testnet puzzle transaction: 448b81b2b3c2c8558d268e4f515ff38eb6367d156babbc3733a14834a5a6e7b0. My conclusion is: even for small keys (like 8-bit key) it is not so deterministic. You need a sufficiently random and weak key, you cannot just use any key. right it requires two sign for calculate I would like to try to check weak nonce from key generate if know private key how to calculate to know nonce in python
|
|
|
just random idea if can modify lattice-attack or cam switch from weak nonce to calculate weak private key may be possible to use solve puzzle 120-160 bit I mean lattice-attack can solve weak nonce 128 bit and 256 bit private key if can modify to change calculate strong nonce but weak private key meybe can use for solve 120 bit puzzle but 120 bit puzzle have only R and S one set only
|
|
|
Now kangaroo found problem same BitCrack both range search is very large kangaroo method still works but is stuck with a very large range of search
I do simple easy tests on both 120 bit and 160 bit (and 256) with keyspace (under 32 bit wide) nearby it is still found key but when used with a very large rank and nowhere is key store, so kangaroo is stunned
|
|
|
you write the code and i have resource to run i have 16 tesla A100 gpus with it we can scan unto 23 TKey/s
Holy shit! how you got 16 Tesla's A100 GPUS? aren't they expensive? i guess each one cost +10k$? Have you tested the speed of all the teslas GPUS? 23 TKey/s? in which programm Vanitysearch? use budget to rent use on google cloud may be better Cost: USD 13,000 per 1 month (maybe 10 USD per hour) I am not sure this price is correct or not. I never try use Tesla's A100 GPU
|
|
|
still have some errors when compiling (make) keygen.c: In function ‘main’: keygen.c:152:38: warning: unknown conversion type character ‘\x0a’ in format [-Wformat=] fprintf(stderr,"OpenSSL error: %l\n",err); ^~ keygen.c:152:20: warning: too many arguments for format [-Wformat-extra-args] fprintf(stderr,"OpenSSL error: %l\n",err); ^~~~~~~~~~~~~~~~~~~~~ keygen.c:135:4: warning: ignoring return value of ‘fread’, declared with attribute warn_unused_result [-Wunused-result] fread(buffer_key,1,bytes,fd); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ keygen.c:145:4: warning: ignoring return value of ‘fread’, declared with attribute warn_unused_result [-Wunused-result] fread(buffer_key,1,bytes,fd); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ keygen.c:158:4: warning: ignoring return value of ‘getrandom’, declared with attribute warn_unused_result [-Wunused-result] getrandom(buffer_key,bytes,GRND_NONBLOCK); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcc -O3 -o sharedsecret sharedsecret.c gmpecc.c util.o sha256.o base58.o rmd160.o -lgmp `libgcrypt-config --cflags --libs` sharedsecret.c: In function ‘main’: sharedsecret.c:82:2: warning: ignoring return value of ‘fgets’, declared with attribute warn_unused_result [-Wunused-result] fgets(buffer,1022,stdin); ^~~~~~~~~~~~~~~~~~~~~~~~ sharedsecret.c:90:2: warning: ignoring return value of ‘fgets’, declared with attribute warn_unused_result [-Wunused-result] fgets(buffer,1022,stdin); ^~~~~~~~~~~~~~~~~~~~~~~~
some I try to fix problems not found file and require file "gmp.h" and file "openssl/rand.h just random fix sudo apt-get install libgmp3-dev sudo apt install libgcrypt sudo apt install libgcrypt20-dev sudo apt install openssl sudo apt-get install libssl-dev
|
|
|
I have a problem with compiled all tools on WSL2 ubuntu can compile success only one is rehashaddress other code is error
Did this tools have a python code version that can be used keydivision keymath modmath
|
|
|
it is just mathematics research and it needs some leaked information to calculate, can not attack ECDSA that no leak data
|
|
|
There might be problem with your Ubuntu 20.04 or library's setup.py. I tried it on Debian 11 (inside VM) and could run the library without any problem.
Thank you ETFbitcoin I do a quick test on Debian in WSL2 windows, it is works I got same result run on Debian no problem
|
|
|
Some problems with install fpylll
Developer using Ubuntu >= 20.04 So try on Ubuntu 20.04
pip install git+https://github.com/bitlogik/lattice-attack pip install git+https://github.com/fplll/fpylll.git
All command try installs not successful both on os windows and Linux
using conda not successful too conda install -c conda-forge fpylll
all methods include update apt too
sudo add-apt-repository universe sudo apt update sudo apt install python3-fpylll
pip install Cython
all fail
|
|
|
Did I understand correct? before puzzle 120 address. it is one of 119 bit address and then next bit double or add will be puzzle 120 address right?
|
|
|
it can possible to calculate rollback to know the sample tame and wild? just idea would like to test check how far tame and wild on 120 bit
|
|
|
I think all method with "random" any technic or idea all it never works. but method calculate or algorithm may be can work possible
|
|
|
bitCrack scan every single address pro - scan every address cons - use too much time for scan reference from result https://hashkeys.club/64/results/Just an idea may be need to modify new one bitCrack engine to JumpCrack or SkipCrack or PatternCrack like to scan and jump to other number but it is can possible to missing that address found 100% but some one choose right jump maybe lucky range 64 bit is 18446744073709551616 if jump every trillion it can be scan all easy (yes with missing address) python code will be easy to code for scan by jump but will be very slow CUDA GPU scan will be answer for jump scan may be jump for 43 bit range and scan all on 32 bit range I think this idea may be some one can found key #64 just idea and it possible missing address 100%
|
|
|
Can possible do calculate kangaroo by do manual ? puzzle120 I would like to try my range by do manual made kangaroo
tame and wild is public key (point) and do multiply to number right? I will try do python script generate tame and wide each one a million line of set and compare it both by manual too
|
|
|
Everybody gave up? Where are the Heros? Where are the Geniuses? Let's solve that puzzle guys! #64!
I don't know may be this year some one can Happy new year!
|
|
|
No wallet uses the same r value for transactions / signatures. So our transactions / signatures are safe. If you can solve it for 2 different r (r1 and r2), then you can post it here and will get thousands of merits Happy new year! I don't know inside deep Signature algorithm calculate how to generate R but if nonce use create is 256 bit, that mean you need to find private key 256 bit number for can find out Happy new year!
|
|
|
I am not sure I am right or not just guess about nonce on signature I think should check at https://asecuritysite.com/signatures/ecd5and use with sample at https://hackernoon.com/hacking-a-bitcoin-wallet-642u36sahttps://allprivatekeys.com/random-vulnerabilityr = 0xd47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1 s1 = 0x44e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e s2 = 0x9a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab z1 = 0xc0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e z2 = 0x17b0f41c8c337ac1e18c98759e83a8cccbc368dd9d89e5f03cb633c265fd0ddc will get result k(nonce) = 55228977394393414412853003502097247104908965897402951232160234933662925082798 I not sure I calculate wrong or not I don't know some good code on python for check it I think all signature nonce is 256 bit not 128 bit (it not same bitcoin block is a 32-bit (4-byte) _ so it not easy to crack it for high 256 bit nonce
|
|
|
|