Bitcoin Forum
December 13, 2017, 10:25:32 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: New Weak Signature Challenge  (Read 970 times)
johoe
Full Member
***
Offline Offline

Activity: 217


View Profile
January 30, 2017, 12:05:10 PM
 #1

Looks like someone put a challenge for breaking weak signatures:

https://blockchain.info/de/tx/695b04afbc477d045d396f062eeff5e950e5e44f91b7e2b273c5a74e27306177

When spending the first three outputs of this transaction, a weak signature was used.

The first output used k=1 when spent.  This was broken immediately by a bot.
The second output used the same k as a previous transaction of  19iAvuzfb8uH2SZLYcbb5wtbBZdn1o3vRm.  The latter is probably a weak brainwallet or something similar.  I didn't break it though.  amaclin, can you explain?
The third output has k=private key.  I solved the challenge and collected.
The fourth output is still unsolved.

The other four outputs are not yet spent.  I guess we still have to wait for the challenge.  Or maybe the address is weak for some other reason.

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
adaseb
Legendary
*
Offline Offline

Activity: 1442



View Profile
January 30, 2017, 06:34:18 PM
 #2

So its like https://bitcointalk.org/index.php?topic=1306983.0;all

except with very little reward

FORTUNEJACK.COM[
                            
5 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
January 30, 2017, 08:52:42 PM
 #3

amaclin, can you explain?
I visit this board not very often. For fast reply PM me with a link

Looks like someone put a challenge for breaking weak signatures:
I think somebody is testing his bot for redeeming leaked private keys.
I was talking with some guys about cryptography and ecdsa, may be one of them
decided to join our company exploring blockchain in real-time

Quote
https://blockchain.info/de/tx/695b04afbc477d045d396f062eeff5e950e5e44f91b7e2b273c5a74e27306177
When spending the first three outputs of this transaction, a weak signature was used.
This is not his first attempt

Quote
The first output used k=1 when spent.  This was broken immediately by a bot.
I am sure that 1ASPNUU belongs to the author of these transactions

Quote
The second output used the same k as a previous transaction of  19iAvuzfb8uH2SZLYcbb5wtbBZdn1o3vRm.  
The latter is probably a weak brainwallet or something similar.  I didn't break it though.  amaclin, can you explain?
You are right. But I can not tell you more info. I have a key-value database {priv32->pub32}
but I do not store when and where I got these datas

Quote
The third output has k=private key.  I solved the challenge and collected.
congrats!
(its a pity that my math is not so strong. i will try to solve it too.)

Quote
The fourth output is still unsolved.
The other four outputs are not yet spent.  I guess we still have to
wait for the challenge.  Or maybe the address is weak for some other reason.
I doubt that this challenge would be public contest.
For my point of view somebody is testing signing bitcoin transactions with deterministic-generated
signatures for resolving the private keys of his victims later by analyzing the blockchain.
The function k () can depends on digest, public key and some other data.
for example k = digest or k = inv (digest) or even k = sha256 ( digest | pubkey )


By the way,
I have some research about 2-of-3 msig addresses with a key of 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
January 30, 2017, 08:58:36 PM
 #4

So its like https://bitcointalk.org/index.php?topic=1306983.0;all

except with very little reward

Note: I sent a message about this transaction in few hours after it was broadcasted.
https://bitcointalk.org/index.php?topic=932434.0
BTCMORGAN
Newbie
*
Offline Offline

Activity: 15


View Profile
February 03, 2017, 05:41:52 AM
 #5

So its like https://bitcointalk.org/index.php?topic=1306983.0;all

except with very little reward

Note: I sent a message about this transaction in few hours after it was broadcasted.
https://bitcointalk.org/index.php?topic=932434.0


Is there a website that simplifies the process of computing the private key from a weak signature?
adaseb
Legendary
*
Offline Offline

Activity: 1442



View Profile
February 03, 2017, 07:08:05 PM
 #6

So if we created our cold storage with Bitaddress.org should we be worried?

FORTUNEJACK.COM[
                            
5 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
Decoded
Legendary
*
Offline Offline

Activity: 924


Crypto-News.net: News from Crypto World


View Profile WWW
February 04, 2017, 11:07:30 AM
 #7

So if we created our cold storage with Bitaddress.org should we be worried?

No. If it's legit cold storage and you generated it properly (You used an offline computer running bitaddress hopefully in a secure environment), you shouldn't be worried.

Bitaddress is generated 100% by you, so your greatest worry should be malware, not collisions.



              ▄▄▄██████▄▄▄
          ▄██████████████████▄
       ▄████████████████████████▄
 ▄▄  ▄████████████████████████████▄
███████████████████████████████████▄
 ▀▀█████████████████████████████████▄
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ▀████████████████████████████████▀
    ▀██████████████████████████████▀
     ▀▀██████████████████████████▀
        ▀██████████████████████▀
           ▀▀▀████████████▀▀▀
.
.....
.....
.....
.....
.....
.....





johoe
Full Member
***
Offline Offline

Activity: 217


View Profile
February 04, 2017, 10:43:24 PM
 #8

Is there a website that simplifies the process of computing the private key from a weak signature?

I doubt it. There is a website that explains the math behind it, but it isn't a step by step guide or even an automatic JavaScript program.

Note that there are very few broken signatures, maybe once every few months. And they are usually exploited quickly (which is only possible if the addresses are reused). And some people have bots running that can do this immediately.


Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!