 Show Posts
|
|
Pages: « 1 [2]
|
Guys Quick question, since I can't get my head around how Kangaroo works in terms of Maths, i was wondering if Kangaroo would still consider a private key within the range, a valid key even if it turns out to be just another colliding key of the 2^96 possible keys that resolve to an address on average .. actually thinking of this while writing, I don't see a reason why not .. but would like if someone could confirm
All the 2^96 possible spendable keys which leads to same address will have different pubkeys. The Kangaroo algo collide only with a particular given pubkey (+5 more according to symmetry and endomorphism). Therefore it will not be able to find any of those extra 2^96 possibilities. |
|
|
|
|
BSGS Algo is well known and documented.
If you want to code it c# or any of the language, please feel free to go ahead.
|
|
|
|
I am not very sure what is going on in this thread but the process of division related to secp256k1 is very simple. Just remember few important things... - Only Addition and Doubling is defined. Everything else is casted into other operators. For ex. Division is considered as inverse of Multiplication
- All operations are with a modulo. With private key operations it is equal to Order.
- There is no decimals or fractions. Every calculation should be considered in Integer maths only. That's why the use of modulo everywhere
Some simple python3 codes helper functions: N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
def inv(v): return pow(v, N-2, N)
def divnum(a, b): return hex( (a * inv(b) ) % N )
Examples: divnum(99, 55)
'0x99999999999999999999999999999998d668eaf0cf91f9bd7317d2547ced5a5c'
divnum(0x940da740da740da740da740da740da735182fee6b151ae969bbca677d6485661, 0xa28f5c28f5c28f5c28f5c28f5c28f5c1c0c8a34fecbec1e88034f1cc9dd08828)
'0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9d1c9e899ca306ad27fe1945de0242b95'
No Need to complicate things. |
|
|
|
As you can see, it works. There are 100 signatures. Lattice cannot reveal the solution, no matter that all signatures are in 240-bit range. By checking "z/r" and "r/s", you can make sure that all of my signatures are in the correct range, just assume that the private key is in 120-bit range, and do addition/multiplication to see the range of the signature nonces.
Signatures derived this way is most likely reaching to degenerate system of equations incomprehensible by Lattice reduction. |
|
|
|
|
How coin ensures ? are
Search is on.....
|
|
|
|
Sometimes i needed the RSZ values of BTC Signatures for testing and understanding and calculation purposes. A python3 script RSZ is made available in github. The script parse the data of rawtx to fetch all the inputs in the transaction and reconstructs the unsigned message for each of them to find the Z value. The result is given as R,S,Z,Pubkey for each of the inputs present in the rawtx dataIf txid is given, instead of rawtx then blockchain API is used to fetch the details of rawtx and then R,S,Z is calculatedHow to Use:python getz_input.py [-h] [-txid TXID] [-rawtx RAWTX] (base) C:\anaconda3\RSZ>python getz_input.py -txid 82e5e1689ee396c8416b94c86aed9f4fe793a0fa2fa729df4a8312a287bc2d5e
Starting Program...
======================================================================
[Input Index #: 0]
R: 009bf436ce1f12979ff47b4671f16b06a71e74269005c19178384e9d267e50bbe9
S: 00c7eabd8cf796a78d8a7032f99105cdcb1ae75cd8b518ed4efe14247fb00c9622
Z: 9f4503ab6cae01b9fc124e40de9f3ec3cb7a794129aa3a5c2dfec3809f04c354
PubKey: 04e3896e6cabfa05a332368443877d826efc7ace23019bd5c2bc7497f3711f009e873b1fcc03222f118a6ff696efa9ec9bb3678447aae159491c75468dcc245a6c
======================================================================
[Input Index #: 1]
R: 0094b12a2dd0f59b3b4b84e6db0eb4ba4460696a4f3abf5cc6e241bbdb08163b45
S: 07eaf632f320b5d9d58f1e8d186ccebabea93bad4a6a282a3c472393fe756bfb
Z: 94bbf25ba5b93ba78ee017eff80c986ee4e87804bee5770fae5b486f05608d95
PubKey: 04e3896e6cabfa05a332368443877d826efc7ace23019bd5c2bc7497f3711f009e873b1fcc03222f118a6ff696efa9ec9bb3678447aae159491c75468dcc245a6c (base) C:\anaconda3\RSZ>python getz_input.py -rawtx 01000000028370ef64eb83519fd14f9d74826059b4ce00eae33b5473629486076c5b3bf215000000008c4930460221009bf436ce1f12979ff47b4671f16b06a71e74269005c19178384e9d267e50bbe9022100c7eabd8cf796a78d8a7032f99105cdcb1ae75cd8b518ed4efe14247fb00c9622014104e3896e6cabfa05a332368443877d826efc7ace23019bd5c2bc7497f3711f009e873b1fcc03222f118a6ff696efa9ec9bb3678447aae159491c75468dcc245a6cffffffffb0385cd9a933545628469aa1b7c151b85cc4a087760a300e855af079eacd25c5000000008b48304502210094b12a2dd0f59b3b4b84e6db0eb4ba4460696a4f3abf5cc6e241bbdb08163b45022007eaf632f320b5d9d58f1e8d186ccebabea93bad4a6a282a3c472393fe756bfb014104e3896e6cabfa05a332368443877d826efc7ace23019bd5c2bc7497f3711f009e873b1fcc03222f118a6ff696efa9ec9bb3678447aae159491c75468dcc245a6cffffffff01404b4c00000000001976a91402d8103ac969fe0b92ba04ca8007e729684031b088ac00000000
Starting Program...
======================================================================
[Input Index #: 0]
R: 009bf436ce1f12979ff47b4671f16b06a71e74269005c19178384e9d267e50bbe9
S: 00c7eabd8cf796a78d8a7032f99105cdcb1ae75cd8b518ed4efe14247fb00c9622
Z: 9f4503ab6cae01b9fc124e40de9f3ec3cb7a794129aa3a5c2dfec3809f04c354
PubKey: 04e3896e6cabfa05a332368443877d826efc7ace23019bd5c2bc7497f3711f009e873b1fcc03222f118a6ff696efa9ec9bb3678447aae159491c75468dcc245a6c
======================================================================
[Input Index #: 1]
R: 0094b12a2dd0f59b3b4b84e6db0eb4ba4460696a4f3abf5cc6e241bbdb08163b45
S: 07eaf632f320b5d9d58f1e8d186ccebabea93bad4a6a282a3c472393fe756bfb
Z: 94bbf25ba5b93ba78ee017eff80c986ee4e87804bee5770fae5b486f05608d95
PubKey: 04e3896e6cabfa05a332368443877d826efc7ace23019bd5c2bc7497f3711f009e873b1fcc03222f118a6ff696efa9ec9bb3678447aae159491c75468dcc245a6c - Very Old Signatures
- When Witness Data is present in Signatures
- ETH or any other AltCoins
Ideally i might try to Update to include more not working cases, but No Promises  |
|
|
|
If you did not write the modmath program then you ought to take a look at its code on Github to see how it's getting the correct results. Maybe there are some ANDs being done there which you thought weren't necessary in Python because of its lack of overflow. (and while you're at the codebase, drop us a link to it please).
He is Talking about https://github.com/albertobsd/ecctools I think. |
|
|
|
Actually, it looks like I'm in over my head already  To run in Python3, only 2 input files are needed. BTC Address File, for collision purpose ... Line by line... Name = btc_alltypes_address.txt The Password file which is be to checked for brainwallet association. Again line by line.... Name = BugeHugePassFile.txt Each Password will check 4 BTC Address [Compressed, Uncompressed, P2SH, Bech32] Looks like .dll file for Windows user, while .so file for Linux user. Yes Exactly. Did OP @zielar managed to reach his satisfactory Speed through some tool. Will be interesting to know. |
|
|
|
@LoyceV The Values in Sigscript (Contains R,S, Pubkey) is not fixed but they have defined structure. One piece of the Structure is As shown by @MrFreeDragon in this Link https://pastebin.com/Q55PyUgBBut even in this structure the length is not always 0x21 or 0x20 or 0x41. it varies and therefore the length of R and S and Pubkey will vary. You will need to use dynamic sizing variables to extract them. Perhaps use a Awk script or Python. That might be easier. Don't know if the Bash Shell can do all of it. The basic way to decode and extract the variable size of the data can be taken by following code below... def get_rs(sig):
rlen = int(sig[2:4], 16)
r = sig[4:4+rlen*2]
# slen = int(sig[6+rlen*2:8+rlen*2], 16)
s = sig[8+rlen*2:]
return r, s
def split_sig_pieces(script):
sigLen = int(script[2:4], 16)
sig = script[2+2:2+sigLen*2]
r, s = get_rs(sig[4:])
pubLen = int(script[4+sigLen*2:4+sigLen*2+2], 16)
pub = script[4+sigLen*2+2:]
# assert(len(pub) == pubLen*2)
return r, s, pub
r, s, pub = split_sig_pieces(script) script: 8b4830450221008bf415b6c4bc7118a1d93ef8f6c63b0801d9abe2e41e390670acf9677ee58e5602200da3df76f11ae04758c947a975f84dd7dba990e00c146b451dc4fa514c6cb52d01410421557041f930252b79b0fa28e6587680053b3a3672ff0c1dca6a623c79bdc0b6125a7a2be5450e28e49731ba8f60231dd8eceeff170923717d97a1ca5a67acd4
R: 008bf415b6c4bc7118a1d93ef8f6c63b0801d9abe2e41e390670acf9677ee58e56
S: 0da3df76f11ae04758c947a975f84dd7dba990e00c146b451dc4fa514c6cb52d
pub: 0421557041f930252b79b0fa28e6587680053b3a3672ff0c1dca6a623c79bdc0b6125a7a2be5450e28e49731ba8f60231dd8eceeff170923717d97a1ca5a67acd4 This way you can not only extract all the Pubkeys but can also extract all the R & S values of the Signature, if needed. |
|
|
|
It may look too simple/generic. But it comes very handy for such kind of works.... The 3 Files required for this code can be obtained from this link https://github.com/iceland2k14/secp256k1Minor Update: To handle Big Password File @LoyceV bigger than System RAM import secp256k1 as ice
import time
import signal, sys
input_file_is_passw = True # Otherwise consider input file is hexkeys
#==============================================================================
btc = [line.split()[0] for line in open("btc_alltypes_address.txt",'r')]
print(f'{"-"*60}\n Read complete for Address File. \n{"-"*60}')
btc = set(btc)
#==============================================================================
def handler(signal_received, frame):
print('\nSIGINT or CTRL-C detected. Exiting gracefully. BYE')
sys.exit(0)
def chk(line, k, P):
ac = ice.pubkey_to_address(0, True, P)
au = ice.pubkey_to_address(0, False, P)
a3 = ice.pubkey_to_address(1, True, P)
ab = ice.pubkey_to_address(2, True, P)
if ac in btc or au in btc or a3 in btc or ab in btc:
with open('FoundTreasure.txt', 'a') as f:
f.write(f'PassWord = {line} Privatekey = {hex(k)} \n')
#==============================================================================
m = 0
with open("BugeHugePassFile.txt",'r') as f:
st = time.time()
signal.signal(signal.SIGINT, handler)
for line in f:
passw = line.rstrip()
if input_file_is_passw:
hexkey = ice.get_sha256(bytes(passw, 'utf8')).hex()
else:
hexkey = passw
kk = int(hexkey, 16)
P = ice.scalar_multiplication(kk)
chk(passw, kk, P)
m += 1
if m % 10000 == 0:
print(f'Speed: [{m/(time.time()-st):.0f}] {m} Line checked from File. Current line : {passw}', end='\r')
#==============================================================================
print(f'{" "*130}\r {m} Line checked from File. ', end='\r')
print(f'\n\n Work Done !!\n{"-"*60}') > python p2.py
------------------------------------------------------------
Read complete for Address File.
------------------------------------------------------------
Speed: [22503] 12000000 Line checked from File. Current line : 4f9ea3109cf4c4292265504599a40a27dc6a7689a149c4687848695855026393
SIGINT or CTRL-C detected. Exiting gracefully. BYE |
|
|
|
|
