Bias Weakness in Transactions – Lattice Attack Possible?

[Parabellum118]

Hello everyone, I think I have a problem!

I read an article saying that with enough transactions and a nonce bias of just 1, it's already possible to recover a private Bitcoin key 😯
ECDSA Cracking Methods (April 2025)
A survey paper by Edinburgh Napier University (William Buchanan et al.) summarizes that nonce biases, weak nonce selection, or even a single broken bit can be enough to recover a key using lattice algorithms like LLL.

So I thought, let me take my transactions, and with the help of ChatGPT I created a script based on that study. Before that, I extracted the RSZ data from the transactions using the tools from iceland2k14/rsz and double-checked them with 2coins.org/RSZ-Signature-From-Tx, and the data is correct.

I then converted the RSZ data to binary format, and during the first check, I already had a bit bias of 8 across 12 transactions 🤨 — in the upper area (MSG). I dug deeper and had ChatGPT generate a script that runs the analysis based on the study. As a result, I found that my transactions actually show a very strong bias, and R correlates with S and Z — theoretically, someone could recover my private key.

Then I tried it with a custom tool created by ChatGPT. Luckily, I wasn't able to recover the private key — I did get a lot of addresses, but mine wasn't among them. Still, I'm feeling uncertain.

There are a lot of RSZ recovery tools on GitHub, but most of them require a fully known nonce. Besides the fact that I've already moved my BTC to a new wallet — which tools are actually capable of recovering a private key with a bit bias of 4 to 8?

No quantum computer needed — it seems to work surprisingly fast. The study doesn't offer tools, it's just a paper.
Since I know the private key for my address, I’d like to try it myself.

Anyone here have experience with this?

[stanner.austin]

Hi
Technically with 80 sign set of RSZ with just 4 bit known on MSB or LSB can use lattice attack to find target private key in seconds.
Its millions in 1 onc chance.

Only possible and known reason to have this is following.
It can be bug in tool which use to sign transaction which known from long time.
it can be self testing or very old address, old time they don't know much about nonce liner attack or weak nonce.

Regards,

[sdfasdf]

Hello everyone, I think I have a problem!

I read an article saying that with enough transactions and a nonce bias of just 1, it's already possible to recover a private Bitcoin key 😯
ECDSA Cracking Methods (April 2025)
A survey paper by Edinburgh Napier University (William Buchanan et al.) summarizes that nonce biases, weak nonce selection, or even a single broken bit can be enough to recover a key using lattice algorithms like LLL.

So I thought, let me take my transactions, and with the help of ChatGPT I created a script based on that study. Before that, I extracted the RSZ data from the transactions using the tools from iceland2k14/rsz and double-checked them with 2coins.org/RSZ-Signature-From-Tx, and the data is correct.

I then converted the RSZ data to binary format, and during the first check, I already had a bit bias of 8 across 12 transactions 🤨 — in the upper area (MSG). I dug deeper and had ChatGPT generate a script that runs the analysis based on the study. As a result, I found that my transactions actually show a very strong bias, and R correlates with S and Z — theoretically, someone could recover my private key.

Then I tried it with a custom tool created by ChatGPT. Luckily, I wasn't able to recover the private key — I did get a lot of addresses, but mine wasn't among them. Still, I'm feeling uncertain.

There are a lot of RSZ recovery tools on GitHub, but most of them require a fully known nonce. Besides the fact that I've already moved my BTC to a new wallet — which tools are actually capable of recovering a private key with a bit bias of 4 to 8?

No quantum computer needed — it seems to work surprisingly fast. The study doesn't offer tools, it's just a paper.
Since I know the private key for my address, I’d like to try it myself.

Anyone here have experience with this?

Can you share the article paper link?

I then converted the RSZ data to binary format, and during the first check, I already had a bit bias of 8 across 12 transactions 🤨 — in the upper area (MSG). I dug deeper and had ChatGPT generate a script that runs the analysis based on the study. As a result, I found that my transactions actually show a very strong bias, and R correlates with S and Z — theoretically, someone could recover my private key.

I am all ready to try converting the RSZ data to a binary format. No bias leak. Can you share your code because I went to test how your bias code was working?