Latest posts of: krashfire

Show Posts
Pages: « 1 2 3 [4] 5 6 »

Bitcoin / Development & Technical Discussion / Create 100 R,s,z signatures from public key

on: February 07, 2023, 10:20:15 AM

Python code for those of you who are looking to create 100 or more R,s,z signatures. The sigs are created via the public key.

However, it is important to note that these signatures would not be unique and would not have any real-world meaning or value. Here is an example in Python using the cryptography library:

Code:


import os
import hashlib
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec

private_key = ec.generate_private_key(ec.SECP256K1(), default_backend())
public_key = private_key.public_key()

for i in range(100):
    data = os.urandom(32)
    signature = private_key.sign(data, ec.ECDSA(hashes.SHA256()))

    # Extract the values of 'r', 's', 'z' from the signature
    r, s = signature
    z = int.from_bytes(hashlib.sha256(data).digest(), 'big')

    # Print the values of 'r', 's', 'z'
    print("r:", r)
    print("s:", s)
    print("z:", z)

If you need to make more, change the 100 here to any amount you need.

Code:

for i in range(100):

Just giving you guys a little help.

Cheers.

And here is the code to generate 100 signatures with k nonce reveal.

Code:

 

import ecdsa
import random

# Define the secp256k1 curve
curve = ecdsa.SECP256k1

# Generate 100 random private keys
private_keys = [ecdsa.SigningKey.generate(curve=curve) for i in range(100)]

# Create signatures using the private keys and random messages (z)
signatures = []
for i in range(100):
    z = random.randint(0, 2**256)
    private_key = private_keys[i]
    public_key = private_key.get_verifying_key()
    signature = private_key.sign_digest(z.to_bytes(32, 'big'), sigencode=ecdsa.util.sigencode_der)
    r, s = ecdsa.util.sigdecode_der(signature, curve.generator.order())
    signatures.append((z, r, s))

# Get the nonce (k) for each signature
nonce = []
for i in range(100):
    z, r, s = signatures[i]
    k = ecdsa. SigningKey.from_public_key(public_key, curve=curve).verifying_key.recover_session_key(z.to_bytes(32, 'big'), (r, s), hashfunc=ecdsa.util.sha256, sigdecode=ecdsa.util.sigdecode_der)
    nonce.append(k)

# The 100 signatures, Z values, and nonce values are stored in the signatures, Z, and nonce lists, respectively.

Bitcoin / Development & Technical Discussion / Re: A Small Subgroup Attack bitcoin

on: February 07, 2023, 03:18:03 AM

Quote from: Kostelooscoin on February 06, 2023, 01:54:53 PM g0^i mod (q-1) What is i in g0^i mod (q-1) i is range.

Bitcoin / Development & Technical Discussion / Re: Recreated Fault Sig Attack on Bitcoin Wallet

on: February 04, 2023, 04:34:56 AM

This is in python code.

Code:

#This example twist attack on secp256k1 uses the Python library 'ecdsa'

import ecdsa

#Generate a random private key
priv_key = ecdsa.util.randrange(2**256)

#Generate a public key from the private key
pub_key = ecdsa.SigningKey.from_secret_exponent(priv_key, curve=ecdsa.SECP256k1).verifying_key

#Generate a random point on the curve
P = ecdsa.ellipticcurve.Point(ecdsa.SECP256k1.curve, ecdsa.util.randrange(ecdsa.SECP256k1.curve.p()), ecdsa.util.randrange(ecdsa.SECP256k1.curve.p()))

#Calculate the twist attack
Q = P + pub_key.pubkey.point

#Verify that the attack was successful
if Q.x() == pub_key.pubkey.point.x() and Q.y

Bitcoin / Development & Technical Discussion / Re: Recreated Fault Sig Attack on Bitcoin Wallet

on: February 04, 2023, 04:24:44 AM

Cobra.. that one is a paid version. I don't have money.
So I code it myself. Just a simple twist attack in JavaScript.

This works.

Code:

The following code is an example of an ECDSA secp256k1 twist attack.

// Generate a random private key
var privateKey = crypto.randomBytes(32);

// Generate a public key from the private key
var publicKey = secp256k1.publicKeyCreate(privateKey);

// Generate a random message
var message = crypto.randomBytes(32);

// Sign the message with the private key
var signature = secp256k1.sign(message, privateKey);

// Generate a twisted public key
var twistedPublicKey = secp256k1.publicKeyTweakAdd(publicKey, crypto.randomBytes(32));

// Verify the signature with the twisted public key
var valid = secp256k1.verify(message, signature, twistedPublicKey);

// Output the result
console.log("Signature is valid: " + valid);

Test it man.

Other / Beginners & Help / Re: Bitcoin Address

on: February 02, 2023, 12:03:55 PM

Quote from: Dave1 on February 02, 2023, 12:00:39 PM Quote from: krashfire on February 02, 2023, 11:56:03 AM Just wondering out loud here.. Is it possible to create/choose our own Bitcoin address & public key? Do you mean vanity address? Like this one? [GUIDE] How To Create Vanity Address (Segwit) or Pretty Addy Giveaway - part 2 by LoyceV. oh wow.. it really could. Lol.. nice.

Other / Beginners & Help / Bitcoin Address

on: February 02, 2023, 11:56:03 AM

Just wondering out loud here.. Is it possible to create/choose our own Bitcoin address & public key?

Bitcoin / Development & Technical Discussion / Re: Recreated Fault Sig Attack on Bitcoin Wallet

on: January 31, 2023, 07:41:59 PM

Quote from: COBRAS on January 31, 2023, 12:12:32 PM Quote from: krashfire on January 31, 2023, 10:02:05 AM Quote from: COBRAS on January 31, 2023, 01:15:35 AM Quote from: ymgve2 on January 31, 2023, 01:05:40 AM Quote from: COBRAS on January 31, 2023, 01:01:06 AM This is without russian, English only https://github.com/demining/Twist-Attack In the middle of that tutorial, it tells you to download a completely opaque "attacksafe" binary and run it. Some of the attack types listed for that program in the tutorial are pure nonsense and can't be done by a single program (like "supply chain attack" or "rowhammer attack") which makes me suspect it's just a trojan. you can try calculate yourself pubkeys Q11...Q64 without use safeattack and find priv https://github.com/demining/CryptoDeepTools/tree/bbd83042e7405508cd2e646ad1b0819da0f9c58d/18TwistAttack Question how to calculate Q11...Q64, using Sighnature and Base points P11..P64 ?? Thanks cobra.. I will be trying that attack next. Need to modify haved sighnature for send to fake base point(publick key) and after recalculate senders sighnature and get from recalculated sighnature new pubkey of sender. I ask at crypto.stackexchange now answer how to make attack !!! https://crypto.stackexchange.com/questions/103993/how-to-calculate-points-for-twist this attack can be imlosible to make it, or work only from bug sughnatures I think .. unfortunately. Bat maybe we can copy result of cryptodeep. I waiting then you start to try this attack. Br ok will do!

Bitcoin / Development & Technical Discussion / Re: secp256k1 formula calculations

on: January 31, 2023, 07:31:58 PM

Quote from: witcher_sense on January 31, 2023, 04:01:45 PM Quote from: garlonicon on January 31, 2023, 03:48:56 PM Quote Code: k= (z + rs) % n But there is no private key "d" here, so I am certain this formula is invalid. If it would be possible to calculate "k" from publicly known values r,s,z, then you could do that for every signature, and move any coins in this way. Just for reference, the correct formula is the following (we still need private key to obtain nonce value): k = (z + d r) * s^-1 mod n Just to be sure, I again ask ChatGPT Code: The mathematical formula to calculate k nonce from r,s,z signatures is: k = (z + r*s) / s mod n where n is the order of the elliptic curve. Yeah This forum should ban CHATGPT as well.

Bitcoin / Development & Technical Discussion / Re: Recreated Fault Sig Attack on Bitcoin Wallet

on: January 31, 2023, 10:02:05 AM

Quote from: COBRAS on January 31, 2023, 01:15:35 AM Quote from: ymgve2 on January 31, 2023, 01:05:40 AM Quote from: COBRAS on January 31, 2023, 01:01:06 AM This is without russian, English only https://github.com/demining/Twist-Attack In the middle of that tutorial, it tells you to download a completely opaque "attacksafe" binary and run it. Some of the attack types listed for that program in the tutorial are pure nonsense and can't be done by a single program (like "supply chain attack" or "rowhammer attack") which makes me suspect it's just a trojan. you can try calculate yourself pubkeys Q11...Q64 without use safeattack and find priv https://github.com/demining/CryptoDeepTools/tree/bbd83042e7405508cd2e646ad1b0819da0f9c58d/18TwistAttack Question how to calculate Q11...Q64, using Sighnature and Base points P11..P64 ?? Thanks cobra.. I will be trying that attack next.

Bitcoin / Development & Technical Discussion / Re: secp256k1 formula calculations

on: January 31, 2023, 07:15:42 AM

ChatGPT also gave me this formula to find K nonce Value Code: k= (z + r*s) % n

Bitcoin / Development & Technical Discussion / Re: secp256k1 formula calculations

on: January 31, 2023, 06:52:21 AM

Quote from: witcher_sense on January 31, 2023, 06:31:23 AM I already have given you a link to a correct formula in your previous thread: Quote from: witcher_sense on December 31, 2022, 09:14:16 AM Quote from: krashfire on December 31, 2022, 06:03:08 AM What is the formula to calculate private keys if you already have all the R,S,Z(H) K Value? Where d= private_key. d = (k * s - z) * r^-1 mod n Source: https://learnmeabitcoin.com/technical/ecdsa (Why do you need to generate a random point each time? (Mathematical Explanation) Why not just use it instead of inventing your own? Also, your resulting private key shouldn't be a floating point number, which is why it is better to use floor division (//) instead of real division ( / ) that always gives you floats (even when you divide intehers without remainder) Quote from: witcher_sense on January 31, 2023, 06:31:23 AM I already have given you a link to a correct formula in your previous thread: Quote from: witcher_sense on December 31, 2022, 09:14:16 AM Quote from: krashfire on December 31, 2022, 06:03:08 AM What is the formula to calculate private keys if you already have all the R,S,Z(H) K Value? Where d= private_key. d = (k * s - z) * r^-1 mod n Source: https://learnmeabitcoin.com/technical/ecdsa (Why do you need to generate a random point each time? (Mathematical Explanation) Why not just use it instead of inventing your own? Also, your resulting private key shouldn't be a floating point number, which is why it is better to use floor division (//) instead of real division ( / ) that always gives you floats (even when you divide intehers without remainder) yeah yeah...I forgot about that ..thanks for reminding.

Bitcoin / Development & Technical Discussion / Re: secp256k1 formula calculations

on: January 31, 2023, 06:51:38 AM

Quote from: garlonicon on January 31, 2023, 06:22:46 AM It is invalid, because: 1. You have to calculate it modulo "n". 2. The correct formula is "s=(z+rd)/k", so your private key "d" is "(sk-z)/r". Also, if 256-bit numbers are too big for you to start with, then compute everything on smaller numbers first: https://www.coindesk.com/markets/2014/10/19/the-math-behind-the-bitcoin-protocol/ thank you garlonicon. I got this answer from ChatGPT... Damn.

Bitcoin / Development & Technical Discussion / secp256k1 formula calculations

on: January 31, 2023, 05:44:57 AM

Hi, i need help to check my code. Code: import ecdsa z = int(input("Enter value of z: ")) r = int(input("Enter value of r: ")) k = int(input("Enter value of k: ")) s = int(input("Enter value of s: ")) private_key = (z + (r * k)) / s print("Private Key =", private_key) and after giving my inputs, i got this output, Private Key = 2.378864885847563e+77 I just wanna make sur. is my formula written correctly? and how do i actually read that answer? i tried googling but i cant get an answer on how do I read it as integer.

Bitcoin / Development & Technical Discussion / algorithimLLL

on: January 22, 2023, 01:04:51 AM

Hi, below is the full code i modified from
https://blog.trailofbits.com/2020/06/11/ecdsa-handle-with-care/

Code:


import ecdsa
import random
import libnum
import olll
import hashlib
import sys

 

order = 115792089237316195423570985008687907852837564279074904382605163141518161494337
pub = (xxx, xxx)

print ("Curve SECP256k1")
print ("Order:",order)
print ("pub:",pub)


priv = random.randrange(1,order)
 
Public_key = pub
Private_key = ecdsa.ecdsa.Private_key(Public_key, priv)
 
k1 = random.randrange(1, pow(2,127))
k2 = random.randrange(1, pow(2,127))

m1 =xxxx
m2 =xxxx
r1 =xxxx
r2 =xxxx
s1 =xxxx
s2 =xxxx

print ("k1: ",k1)
print ("k2: ",k2)

print ("Private key: ",Private_key)

s1_inv = libnum.invmod(s1, order)
s2_inv = libnum.invmod(s2, order)
 
matrix = [[order, 0, 0, 0], [0, order, 0, 0],
[r1*s1_inv, r2*s2_inv, (2**128) / order, 0],
[m1*s1_inv, m2*s2_inv, 0, 2**128]]
 
search_matrix = olll.reduction(matrix, 0.75)
r1_inv = libnum.invmod(r1, order)
 
for search_row in search_matrix:
    possible_k1 = search_row[0]
    try_private_key = (r1_inv * ((possible_k1 * s1) - m1)) % order
    print(f"try_private_key",try_private_key)

it keeps giving a result that is not to the right address after my input and its not random results. it just stays on the same 4 result even though with K (random) and Private Key (random). thats fine but its not pointing to the correct address.

my question is,
1)where i am going wrong with my code?
2)what should i add or change? Huh

3) i tried different loop codes that checks the "try_private_key" to the public key but its not working.
how do i add a proper loop code to check the private key against public key?

please give your own input in the xxx boxes to understand what i meant. Thanks for your help.

Bitcoin / Development & Technical Discussion / Re: Reuse Nonce Faulty Sig Attack

on: January 21, 2023, 03:17:08 PM

Quote from: BlackHatCoiner on January 19, 2023, 06:15:07 PM Quote from: ymgve2 on January 19, 2023, 04:08:38 PM The article is about fault injection, where a faulty signature (in this case, made with a r value that's different from what it should be) and a valid signature is used to extract the private key. Correct me if I'm wrong, but the author generates two signatures using the same k. Sig 1 (the good) and Sig 2 (the faulty). So with s1 != s2, r1 = r2, which is one equation away from working out d. Then, for some reason, he increases r2 by 1 (as we can see in his test), and recovers the private key. My question is: what's different? We know that reusing k can make an attacker calculate the private key. Why adding up 1 in r2? Right?! Waste my time in researching his method. And I don't know why no one is calling this "professor" out yet. Felt scammed. Geez... 😂

Bitcoin / Development & Technical Discussion / Reuse Nonce Faulty Sig Attack

on: January 18, 2023, 06:31:19 PM

In this article, https://medium.com/asecuritysite-when-bob-met-alice/ecdsa-signatures-can-be-cracked-with-one-good-signature-and-one-bad-one-2d8bc71949e9 Author incremented the R signature. Which I find quite difficult coz this method also requires you knowing the priv key to calculate for the faulty s signature. So my question is... How can I safely increment the S and Hash value? I tried Code: sf= sig.s + 1 hf= h +1 Obviously, Its wrong. Coz the private key does not correspond to the correct address. How do increment the S and H signatures Correctly so I can find out the K and X Value? Because I assume if I can correctly increment the signatures of S and H. I can solve K. When I solve K=nonce, I get D=Private Key.

Bitcoin / Bitcoin Discussion / Bitcoin & Anonymity

on: January 12, 2023, 03:51:42 PM

I have read that authorities are able to track the bitcoins if they are being move illegally. For example, if a wallet was hack and also most cryptocurrency exchange would require you to show ID when you sign up. So my questions are.. 1) How are the authorities able to track our bitcoins? 2) How do we continue to remain anonymous while trading bitcoins? 3) Are there cryptocurrency exchanges that does not require our ID to trade in large quantity?

Bitcoin / Development & Technical Discussion / Secp256k1 Bitcoin signatures formula

on: January 11, 2023, 04:02:25 AM

Just putting it out here for those of you who, like me are very new in ECDSA Secp256k1 and wondering how to calculate the signatures or need hte formulas. The M here means the same as Z signature in bitcoin transaction ..so input your Z in the M boxes. Most importantly, the formulas are given there as well. why does different people call it Z, M or sometimes even call it H(m). i have no idea. confusing for me too earlier on but i caught up. https://rawcdn.githack.com/nlitsme/bitcoinexplainer/aa50e86e8c72c04a7986f5f7c43bc2f98df94107/ecdsacrack.html For those of you who needs to decompress your public key and get the XY Coordinates, https://github.com/RoyNahar/bitcoin-public-key-decompress-tool

Bitcoin / Development & Technical Discussion / Re: Any particular meaning to this?

on: January 09, 2023, 11:21:38 AM

Quote from: MikeJ_NpC on January 09, 2023, 07:59:38 AM Just wondering if this has any particular meaning when k=s/z .. R = b55eb357d551df1ea45560dc28ece4480ddcd107556eae7013efb626807844b5 S = efe14a1269ce270b12f3b79d28cfb99dfadb78e0843e9a595e9d1b0ed9bbcc72 Z = 70f6de768e8171c6032de22b261b956c451b7e18455391b1974f9e3a0db3288e K = 6ec4814e7f2a2443682a4ab10414ceb588450c78edacd8d88e8b33a449549141 255 bits Z/(s-r) 9dee90db0dee84e616163205eacf40008e385268c7ba7e2728ca48ecf0cfdebf Z/S= 6ec4814e7f2a2443682a4ab10414ceb588450c78edacd8d88e8b33a449549141 R/S= a720acf15893484e6e4f0c672c2c021beb500f0909e58691efd78a0c763e781a RS-ZS= 385c2ba2d969240b0624c1b628173366630b02901c38adb9614c56682ce9e6d9 ------------------------------------------------------------------------------ R = 8150645bf933f56f8602d0fb4e0cc489d81306a8ef3820d432ab9283494cb446 S = 00ac92983cf66c37c538466f9edfd9e84269265cae9e7cf0921f3b4daea14e81 Z = 0901cfe3604490e210116e59ac4c6e70fe13906bf3353b7a939124923596a6a5 K = 4473659e5a51a4c38962819611abc3be7dcacb6425c221f12c4c4523d1c70141 255 bits Z/(s-r) 3e4701efe9995b1d6a653863dc0ab51d06c5aeef8eba29258ac7ebf4eb3b2afc Z/S= 4473659e5a51a4c38962819611abc3be7dcacb6425c221f12c4c4523d1c70141 R/S= 42bacc977ea718caa040f256d2de8a079daf9b43053f3f3f5b2bacd00fd4170d RS-ZS= fe4766f92455740716de70c0c132c647da93acc58ec5bd89eeb1c6390e43570d ------------------------------------------------------------------------------ R = a264d82a2e4f73fe0b7b372c38b800d1ddf909e4fa35d1f1c6f169850995583f S = 35549d363eb4269c7adc7e58829b31d26857d965ed3203a59eaf0b9d081d6d17 Z = 7c6edb2418f3a47448feb0c5d37eed57af6d760be163fc189aad0ddf78adcfac K = 6a75355aecc57c2caa1477fdc0894d5b7ec900618f0005219e82da4d3fac4141 255 bits Z/(s-r) 3675969e760e47259cf75b2a83ed5e434e0242bc173533e799c7a72a211086d3 Z/S= 6a75355aecc57c2caa1477fdc0894d5b7ec900618f0005219e82da4d3fac4141 R/S= d05631dd05a213699ca169dc12368a58cde1fd3066759c8340b75b8d3d557c3e RS-ZS= 65e0fc8218dc973cf28cf1de51ad3cfd4f18fcced7759761a234813ffda93afd ------------------------------------------------------------------------------ R = 8b9b8d768542c661093324e9d2b923c5484e15ddafa5f475673c760799e70638 S = 64541149eaa861e9ccba699d6f22bcebb8d078b973832481ee0c77098902861b Z = b4b662d72bc1600802b72e1804d2ec64cc8ab8dc05787a39a12bd37e54f876f4 K = 5c151fc2f4d9dcc82a446a50bb6afe02b9e634868ff0de69dbb6343c94faa141 255 bits Z/(s-r) 3037fa0148519229b557820e1f76665fa6441d3129b5e2d01427625e6bd7d338 Z/S= 5c151fc2f4d9dcc82a446a50bb6afe02b9e634868ff0de69dbb6343c94faa141 R/S= 43b88735114de87a80c9f6ba76310b552c15a68a92438473875d276412ab66c3 RS-ZS= e7a367721c740bb256858c69bac60d512cde4eeab19b46456b7951b44de706c3 ------------------------------------------------------------------------------ R = 6ecd2a1673eba655284baee2de883974cd98323d3894866fb1160ad0fef4dba7 S = 62d043284d08762c04c428165f506e832a36f0d13c7e62a1bcbffc7180bf2703 Z = 2ba63745571cd0f0d086e0b4eee6bb88dcc60d0d10802605a5d70f45b03edb92 K = 12c69dba9ed779d614bb968217e6f9dfb408afd46d7a0800a4859153f5231141 253 bits Z/(s-r) 987a9fbebcbfcb2cf74c8507fb6aab812c1b969c61d134c445e86b765813c1c3 Z/S= 12c69dba9ed779d614bb968217e6f9dfb408afd46d7a0800a4859153f5231141 R/S= 949fb6060dd27f4146e27dee2983fe6c43307bb17910d2be3fba2d1eda88fa6f RS-ZS= 81d9184b6efb056b3226e76c119d048c8f27cbdd0b96cabd9b349bcae565e92e ------------------------------------------------------------------------------ R = 3e12863eafb1aa6290242da45eaee2f7ee0f38680f5d5df1e9ee5d814bb64a78 S = dfbee44acffe7f218057755f19e08ac35db2c08a4bea610ab9e55c5559d98170 Z = fa52cd0de76fb04a950d80ad49a518a1c9214fa20985fd8c162c34cfa5371586 K = 11ee9700953f6ae522a258a2e3de46a4a490d90f9d5acebd9b7fb791329eb141 253 bits Z/(s-r) d7e6b33deca4d28bb36bb387107ec88d3d3474c0a4b1a9665cb59f8a140ca79f Z/S= 11ee9700953f6ae522a258a2e3de46a4a490d90f9d5acebd9b7fb791329eb141 R/S= bd5fd0fc47bb0655470b8c3120f2840c3402f3d1c0f74f05281507d4c65cf993 RS-ZS= ab7139fbb27b9b702469338e3d143d678f721ac2239c80478c95504393be4852 ------------------------------------------------------------------------------ R = 33abbee0b3211631885ef3824a3fdcf8495a77c4a4daa13b55583b0ee7b1909f S = 16fd121e9546a38f8388d04e78e9c587508e20d42a8af1bc8b8ab4e62825f97b Z = 68990c0dc9a4dcb8fc51d2628c16c98b028ea5922170d7f8760214ba24e3e31c K = 416218687691b9dd98dbfe61c84c5fa654a605196999073cb49e574e842f5141 255 bits Z/(s-r) fb9eb22a4733207aaeb6a571d9db8478dca31b02fa0cc7d68ad31a10a99e9052 Z/S= 416218687691b9dd98dbfe61c84c5fa654a605196999073cb49e574e842f5141 R/S= c046f98fefeea4e381a8099c7609b31cffa1ba50ca0f6d3343d2f1f9065c7cfa RS-ZS= 7ee4e127795ceb05e8cc0b3aadbd5376aafbb537607665f68f349aaa822d2bb9 ------------------------------------------------------------------------------ etc etc etc.... ------------------------------------------------------------------------------ Not really sure. Share your codes for us to understand further.

Bitcoin / Bitcoin Discussion / Breaking RSA Encryption with Quantum Computer

on: January 09, 2023, 11:19:21 AM

https://news.bitcoin.com/chinese-researchers-claim-success-in-breaking-rsa-encryption-with-quantum-computer-experts-debate-veracity-of-discovery/ Is this true? A Quantum computer could break RSA encryption now? I thought it should take another 10 years at least

Pages: « 1 2 3 [4] 5 6 »