ecdsa123 (OP)
Jr. Member
Offline
Activity: 48
Merit: 105
|
|
December 13, 2022, 03:43:15 PM Last edit: August 31, 2024, 02:59:24 PM by ecdsa123 |
|
del
|
|
|
|
stanner.austin
Member
Offline
Activity: 68
Merit: 53
|
|
December 14, 2022, 10:33:31 AM |
|
@ecdsa123 Hello You have invalid data.. By using your private keys and nonce and hash data as Z, i get diff results and recovery work fine. valinv 0xeb9e061fe21f308537cde4b70c98d4d0f819630c4efe968cd9171765c4d4c96 Signature r1=37172049453198803628923372374682424137153412099188977901809252086397375163174, s1=36665125934301679295764426496089959157670212057714313825462899262019004181013 Signature r1_1=37172049453198803628923372374682424137153412099188977901809252086397375163174, s2=38201930909181021929363545653126029092310200493193739546604231428387022946196 Signature r2=40974080779974461932858835766108658066940207003253964846620894290420102383124, s3=115535488843869076151238217034945605348288249901213567246114164482038361011381 Signature r2_1=40974080779974461932858835766108658066940207003253964846620894290420102383124, s4=94479523762013111191490500533227932711756342618388816229238677867942525385058
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef3
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef3
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
|
|
|
|
stanner.austin
Member
Offline
Activity: 68
Merit: 53
|
|
December 14, 2022, 10:50:49 AM Merited by NotATether (3) |
|
Hello Here is code its same as link you posted nothing special. #!/usr/bin/env python3 import ecdsa import random import libnum import hashlib import sys G = ecdsa.SECP256k1.generator order = G.order() priv1 = 74151126465914553719682701372546590912032713247110001383204298192577238294259 #random.randrange(1,order) Public_key = ecdsa.ecdsa.Public_key(G, G * priv1) x1 = ecdsa.ecdsa.Private_key(Public_key, priv1) priv2 = 65602009300807068992382438511465994464148703102269145684254988072233619429415 #random.randrange(1,order) Public_key2 = ecdsa.ecdsa.Public_key(G, G * priv2) x2 = ecdsa.ecdsa.Private_key(Public_key2, priv2) k1 = 113430668354305125354139681412571553637810109882549088741100884487402919060793 #random.randrange(1, order) k2 = 88941376982568942091029320764989550225390065895384871037015643141890275775717 #random.randrange(1, order)
h1 = 45063904364969322573281122086971579379876583577391310824950725157431863085693 #int(hashlib.sha256(msg1.encode()).hexdigest(),base=16) h2 = 96925863066810859394685400246217607442326685412593308871569663983290139782035 #int(hashlib.sha256(msg2.encode()).hexdigest(),base=16) h3 = 70890957235815785946608014568730757332857823983374044998781188028671033610413 #int(hashlib.sha256(msg3.encode()).hexdigest(),base=16) h4 = 88400657509035765824159536685234267382896518494653799783594906135509259195161 #int(hashlib.sha256(msg4.encode()).hexdigest(),base=16) x1sig1 = x1.sign(h1, k1) x1sig2 = x1.sign(h3, k2) r1,s1 = x1sig1.r,x1sig1.s r2,s3 = x1sig2.r,x1sig2.s
#r1,s1 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,36665125934301679295764426496089959157670212057714313825462899262019004181013 #x1sig1.r,x1sig1.s #r2,s3 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,88414683103569280491867470526894992004240909646745888824999991880846576153983 #x1sig2.r,x1sig2.s #r1_1,s2 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,48387795993880540164497955151292140905876432678370698441361372722465054520609 #x2sig1.r,x2sig1.s #r2_1,s4 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,94479523762013111191490500533227932711756342618388816229238677867942525385058 #x2sig2.r,x2sig2.s
x2sig1 = x2.sign(h2, k1) x2sig2 = x2.sign(h4, k2) r1_1,s2 = x2sig1.r,x2sig1.s r2_1,s4 = x2sig2.r,x2sig2.s print("valinv " + hex(r1*r2*(s1*s4-s2*s3)% order ))
print (f"Signature r1={r1}, s1={s1}") print (f"Signature r1_1={r1_1}, s2={s2}") print (f"Signature r2={r2}, s3={s3}") print (f"Signature r2_1={r2_1}, s4={s4}")
valinv = libnum.invmod( r1*r2*(s1*s4-s2*s3),order) x1rec = ((h1*r2*s2*s3-h2*r2*s1*s3-h3*r1*s1*s4+h4*r1*s1*s3 ) * valinv) % order x2rec = ((h1*r2*s2*s4-h2*r2*s1*s4-h3*r1*s2*s4+h4*r1*s2*s3 ) * valinv) % order print ("\nPrivate key (x1):",hex(priv1)[2:]) print ("\nPrivate recovered (x1): ",hex(x1rec)[2:]) print ("\nPrivate1 Matched ?: ",priv1 ==x1rec) print ("\nPrivate key (x2):",hex(priv2)[2:]) print ("\nPrivate recovered (x2):",hex(x2rec)[2:]) print ("\nPrivate2 Matched ?: ",priv2 ==x2rec)
|
|
|
|
COBRAS
Member
Offline
Activity: 985
Merit: 23
|
|
December 14, 2022, 04:43:42 PM |
|
can you share code?
dont forget pay to member 1200
|
[
|
|
|
garlonicon
Copper Member
Legendary
Offline
Activity: 875
Merit: 2114
Pawns are the soul of chess
|
|
December 14, 2022, 08:44:33 PM |
|
normal calculate not work, modulo 0 Of course modulo zero, because ECDSA is safer than you think. If one transaction is just a tweaked version of another transaction, then you have only one of them, because linear translation will not give you anything new. If you want to solve x=2y, you won't reach anything by adding 2x=4y into your equations.
|
|
|
|
NotATether
Legendary
Offline
Activity: 1750
Merit: 7304
In memory of o_e_l_e_o
|
|
December 16, 2022, 05:16:47 AM |
|
If you want to solve x=2y, you won't reach anything by adding 2x=4y into your equations.
It's more like attempting to solve x = 2x rather than x = 2y. There is technically only one unique transaction anyway, and just like in systems of equations & matrices, you need to have at least as many equations than unknowns to have a chance at solving any of them.
|
|
|
|
stanner.austin
Member
Offline
Activity: 68
Merit: 53
|
|
December 21, 2022, 03:48:10 PM |
|
can you share code?
dont forget pay to member 1200 sure, when it will be work, maybe i will pay more. previous was invalid data my fault sorry # transaction 1 & 2 first privkey priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793 r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174 s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013 z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124 s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381 z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415 nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174 s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196 z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717 r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124 s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187 z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
normal calculate not work, modulo 0 any one help? Hello K1 fac77baf5d1dd051987bf8335065d59d14bd41fe778340f0ef1482457b7c6539 K2 c4a309118b2505dad8df1d6053573bab6b4629fc0bf296d19fe2847ec90b94e5 Signature r1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s1=5da53ccaaf8cc2926c3e6d0a5cdf93a3f3aa4f9da7b2839101c78c57cc71c4b2 Signature r1_1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s2=547586d2f6f6af809ed061a3619e51f480e976a7637fc09fa91db5f7fba1bf94 Signature r2=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s3=341b2787dc687cf04a1ae278a4a6384dd7c7480e5d4e5eb807a984f7158653fb Signature r2_1=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s4=93965abd5b6ac399cd51dd5cbb800574a43bec69e56664148dc155c8dccf7b93
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
There is some relation with odd/even i guess, if i add + 1 in private key 1 i am able to get results else inverse is zero.. So may be your tweaked data need to change some odd/even formula for h4 or may need to bigger number.
|
|
|
|
COBRAS
Member
Offline
Activity: 985
Merit: 23
|
|
December 22, 2022, 05:50:35 PM |
|
can you share code?
dont forget pay to member 1200 sure, when it will be work, maybe i will pay more. previous was invalid data my fault sorry # transaction 1 & 2 first privkey priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793 r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174 s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013 z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124 s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381 z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415 nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174 s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196 z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717 r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124 s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187 z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
normal calculate not work, modulo 0 any one help? Hello K1 fac77baf5d1dd051987bf8335065d59d14bd41fe778340f0ef1482457b7c6539 K2 c4a309118b2505dad8df1d6053573bab6b4629fc0bf296d19fe2847ec90b94e5 Signature r1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s1=5da53ccaaf8cc2926c3e6d0a5cdf93a3f3aa4f9da7b2839101c78c57cc71c4b2 Signature r1_1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s2=547586d2f6f6af809ed061a3619e51f480e976a7637fc09fa91db5f7fba1bf94 Signature r2=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s3=341b2787dc687cf04a1ae278a4a6384dd7c7480e5d4e5eb807a984f7158653fb Signature r2_1=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s4=93965abd5b6ac399cd51dd5cbb800574a43bec69e56664148dc155c8dccf7b93
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
There is some relation with odd/even i guess, if i add + 1 in private key 1 i am able to get results else inverse is zero.. So may be your tweaked data need to change some odd/even formula for h4 or may need to bigger number. Dont forget get money from ecdzaza123 before give code to him.
|
[
|
|
|
|