This message was too old and has been purged

[nottm28]

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.

Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?

funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.

And I took my time to sign a message. Never really thought it would come to something - but sometimes you never know. Maths is amazing but clearly not for this chap.

[Evil-Knievel]

This message was too old and has been purged

[bidji29]

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.

Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?

funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.

And I took my time to sign a message. Never really thought it would come to something - but sometimes you never know. Maths is amazing but clearly not for this chap.

Sorry guys, I was in the NXT thread. There, people also laughed at me when I tried to talk about a potential issue a few weeks ago, now I collected a 100,000 NXT bounty for identifying the bug.

I will be back shortly, to finish up this demonstration here.

The potential issue you bringed some days ago and the "bug" you found are two different things.

-You claimed it was possible to funds NXT account with unlimited funds, and you didn't proved that at all.
-The bug you discovered was an injected flaw by the NXT dev to make sure people audit the source code. You got it, congrats for the 100k bounty.

[Evil-Knievel]

This message was too old and has been purged

[kjj]

Code:

  k = 908        #random k

 

[Evil-Knievel]

This message was too old and has been purged

[TwinWinNerD]

I am actually looking forward to this.

[kjj]

Code:

  k = 908        #random k

 

Well, whenever you sign a message/transaction/block you have to pick some random k value. If you ever pick k twice the same, people can recover your private key, so you are advised to pick it completely randomly. In this example k was picked to be 908.

Yeah, I'm fully aware of the meaning of k and why you need to pick it at random.  My concern is that you are setting yourself up for a repeat.  Do you remember that time when you wrote a shitty not-so-random key generator, and then wrote a program that "found" your shitty weak keys?

If you use a shitty not-so-random k generator, and then you exploit your shitty ks, no one gives a fuck because you are exploiting your own lousy programming, not the software people are using, and not the math it is based on.

I could be wrong about that, of course.  Your latest scam might not depend on using shitty k values.  It is also entirely possible that you don't understand that message signing is done on hashes instead of integers.  Or, you may have "discovered" the property of key-recovery that gmaxwell mentioned earlier.

[itod]

Take the following python example program.

A question for Evil-Knievel: What does this function from the python example suppose to do:

Code:

  def halve( self ):

Guessing it is the opposite of 'double', in an attempt to create EC point divide. This looks rather naive, how are you going to solve problem of finding the X mod Y = Z if you only have Y and Z? It's impossible.

[Evil-Knievel]

This message was too old and has been purged

[itod]

Take the following python example program.

A question for Evil-Knievel: What does this function from the python example suppose to do:

Code:

  def halve( self ):

Guessing it is the opposite of 'double', in an attempt to create EC point divide. This looks rather naive, how are you going to solve problem of finding the X mod Y = Z if you only have Y and Z? It's impossible.

Point Havling is trivial, it is just multiplying by the "multiplicative inverse to the modulo group order of G of 2".

I know that it's trivial, but even that "trivial" is not in the code, there is a copy/paste code from the 'double' method.

That was not my question, question was what's the use of the 'halve' method at all? Hypothetical point divide?

[luv2drnkbr]

Now we can create a modified message, which will lead in the same signature WITHOUT KNOWING THE PRIVATE KEY!
Although this signature is the same it will (in this example) not get verified correctly. But with some "formula bingo" you can create a different signature which WILL validate.

I need some time on this to fully get a "out of the box runnable" proof of concept. But it really disencourages people, when there are some guys who give you bad ratings. In fact I will only continue working on this, when the User who rated me bad for this topic, removes his rating.

Put up or shut up.  There are plenty of messages in this thread.  If you can do what you say, prove it.  Otherwise GTFO.

[prezbo]

I'm confused. Even if this is true, what does modifying the message (the message hash, in fact) have to do with transaction malleability? If you change the script to be signed in the transaction that transaction will have a different tx hash anyway, even if the same signature is valid, not to mention even if you were able to construct such message hash you still can't figure out the message as long as the hash function is secure.