A fun little Christmas themed brain teaser [Solved]

[Coding Enthusiast]

Edit: This puzzle is solved and the reward was claimed by hatshepsut93, congratulations. You can read the technical details in this post. Hope everyone enjoyed this and maybe learned a thing or two.

A couple of days ago I found myself among kindred souls in a topic in meta board talking about signing messages and whatnot. Kudos to DdmrDdmr that gave an idea for a fun little brain teaser for those who have a keen sense of adventure, a knack for solving puzzles and are not afraid to peep through the keyhole to kick start the year with their knowledge increased or boost your karma.
In order not to kidnap that thread anymore, I’ve started a new topic here.
As we approach 2020, whether you are celebrating Christmas with pine kones or Kwanzaa with a kerosene candle you can still kneel beside the fire with a keg of eggnog while warming your knuckles with kindling to solve a puzzle.

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Even Santa owns bitcoin.
-----BEGIN SIGNATURE-----
14B3NsuKDk5piqnw71U9kDuSmvMJnYprnr
IDe7ItP3r+hmjpsoVhMy2eNzSoE5v+E50sCUdBRWQDYJUMpKPv3rhuklK0wyEU13rnGRH09e084T5fgr39MGWKs=
-----END BITCOIN SIGNED MESSAGE-----

As the year us 2020, 20 merit reward shall be waiting for he who can figure out what two mysteries are hidden in this. 10 per mystery
Happy 2020 everyone...

[SFR10]

what two mysteries are hidden in this.

Just to be clear, we should look for hidden mysteries from the signed message "only" ^{[excluding other parts of the thread]}, am I right?
I'm not a puzzle person but here are my guesses:

• By "Santa" you mean "Satoshi Nakamoto".
• You used 20 letters on the message field ^{[representing year 2020]}.
• Base58 (P2PKH) format.
• New address for the new year.

[Coding Enthusiast]

Nearly 4 days and only 1 reply. That's just sad

Let's see how things are going to be like with an additional incentive. That is in additional to the joy of learning and receiving some merits.
Alas, I only have little to give but now the key holds 0.00202000BTC. <- 3rd mystery!

@SFR10 Why not give the whole thing another read

[franky1]

dont need merit or rewards. but i bet the secret has something to do with the letter k

or your just OCD about it
Insert Quote
kindred Kudos keen knack keyhole kick knowledge karma kidnap kones Kwanzaa kerosene kneel keg knuckles kindling.

too many K words
and yea cones became kones was a little obvious

[jakelyson]

[...]bet the secret has something to do with the letter k

or your just OCD about it
Insert Quote
kindred Kudos keen knack keyhole kick knowledge karma kidnap kones Kwanzaa kerosene kneel keg knuckles kindling.

I did not see that. I am obsessed with finding anagrams for "Even Santa owns bitcoin." and I only got this "bitcoin savant seen now". I guess I am wrong.

[Heisenberg_Hunter]

A wild guess has landed me here.  Let me try my luck out in solving this puzzle but I don't feel like they are right!!!

Here in the OP Christmas means the Halving day i.e May 20, 2020 (the major event which almost all the major miners, traders and general crypto enthusiasts are waiting for)

Since Pine Cones is a symbol for being a closed one/keeping something secret so that might mean block of the bitcoin network. Blocks tend to have the transactions binded together.

Kwanzaa is a giveaway celebration being held and hence they might mean that bitcoins are being given to miners once they solve the block during the halving day or later.

Another random theory, Kwanzaa is celebrated using 7 candles and the current bitcoin price is staying in the range of $7K?

can still kneel beside the fire with a keg of eggnog while warming your knuckles with kindling to solve a puzzle.

This means that miners can kneel in front of the computer screen with a keyboard and mouse while pressing the keys with their fingers to solve the hash and receive the bitcoins in return. 

Even Santa owns bitcoin.

This quote should be a modified version of "Nothing comes easy in Life, Even Santa comes with a Clause."

too many K words
and yea cones became kones was a little obvious

Noteworthy replacement of kones with cones. But why too much of K's in the OP? 

A couple of days
...snip...
kindling to solve a puzzle.

There are a total of 20 K's being mentioned in the OP and that might symbolize bitcoin reaching $20K after halving? Or the 20 K's were written to symbolize the year 2020?

Too much of speculative theories and I hope atleast one of them to be true! 

[franky1]

too many K words
and yea cones became kones was a little obvious

Noteworthy replacement of kones with cones. But why too much of K's in the OP? 

obviously. when in normal conversation people warm up their hands. but the OP strangely chose knuckles
instead of wood fire he chose kindling
instead of sit/lay/relax beside the fire he chose kneel..
instead of a wax candle.. kerosine
instead of a glass or a pitcher of eggnog. he chose keg of eggnog
seems to me he selectively chose words beginning with K that were okish replacements but not ones used in a normal conversation. thus it was obvious word replacement even without the Kones hint

[odolvlobo]

dont need merit or rewards. but i bet the secret has something to do with the letter k

I'm guessing that the k value for the signature is 2020, and with that information you could derive the private key. I'm to lazy to check it, though.

[Coding Enthusiast]

BTW the coins still sit there unclaimed even though the puzzle is almost solved!

[LoyceMobile]

I've been breaking my head over this since the start of the year, but I have no idea

[Coin_trader]

BTW the coins still sit there unclaimed even though the puzzle is almost solved!

The wallet has no balance and transaction history.

https://www.blockchain.com/btc/address/14B3NsuKDk5piqnw71U9kDuSmvMJnYprnr

Am I viewing the address correctly?

--
My guess is the private key is composed of the corresponding number of the alphabet in the riddle. Let's say a=1 b=2 and so on. Then all "capital letters" are the letter in the private key itself. I'm using only mobile so it's hard for me to combine all numbers. 

[Coding Enthusiast]

Old quote:

AFAIK knowing k value alone isn't enough. you need 2 signed message with same k value to derive the private key.

That's for the case when all you know about k value is that it is reused.
Hint: if a*b=c and you have a and c then you can calculate b

Since this is still unsolved after a couple of days, let me give more hints that would practically solve the puzzle short of revealing the private key itself!

So far we had a message that contained a lot of words starting with letter 'k' even one misspell to emphasize on letter 'k', if you counted them there are "20" of them. There is also "20" characters in the message that was signed. The total merit reward promises was also "20" and the year is "2020" I even put 0.00202000BTC reward up for grabs. So there is a theme here. The only other thing we have is a signed message.
As someone already guessed the first "mystery" (1 out of 3) and received the first 10 merits, the "k" used in this signature is 2020.

All that is left is to take a look at ECDSA equation ([1]) and solve it by having every variable except the private key.
We already have (r,s) from the signature, z from the message, n from curve and k was revealed already.

It is so easy, or is it?

[hatshepsut93]

AFAIK knowing k value alone isn't enough. you need 2 signed message with same k value to derive the private key.

It's actually the opposite - having two signatures with the same k allows you to compute k, and when you know k you go straight to extracting private key. So, when you already know k, one message is enough.

This is a really fun challange, I'm kinda stuck right now with my solution, but I already made some progress and learned a bit about ECDSA and Bitcoin, so even if I won't win, I'm already happy and I don't think the time I've spent is wasted.

Edit:

So, I've found a key, it resolves to a different address but the signature with k = 2020 is (almost, aside from recid) the same as the challenge:

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Even Santa owns bitcoin.
-----BEGIN SIGNATURE-----
1CNvS7ivEFrZWSbSSSc6fvQFgY7KNG16Aq
Hze7ItP3r+hmjpsoVhMy2eNzSoE5v+E50sCUdBRWQDYJUMpKPv3rhuklK0wyEU13rnGRH09e084T5fgr39MGWKs=
-----END BITCOIN SIGNED MESSAGE-----

Edit2: I think I understand what you did - you took a private key, signed a message with it, then switched the recid in the signature to lead to another public key, which you then also replaced in the signature. Is this correct? Though I still can't find any address with balance that corresponds to the private key that I found.

[Coding Enthusiast]

I already made some progress and learned a bit about ECDSA and Bitcoin, so even if I won't win, I'm already happy and I don't think the time I've spent is wasted.

I'm glad to hear it. That was my goal too. I hope you had fun with modular arithmetic.

So, I've found a key, it resolves to a different address but the signature with k = 2020 is (almost, aside from recid) the same as the challenge:

All the steps you have taken to compute this key were correct but there is another hidden first step that you should have taken to find the actual key that was used. The recid is telling you what that step is. But to make it easier here is another hint: BIP62.

then switched the recid in the signature to lead to another public key,

No, the recid is the correct value that should have been used.

[hatshepsut93]

I already made some progress and learned a bit about ECDSA and Bitcoin, so even if I won't win, I'm already happy and I don't think the time I've spent is wasted.

I'm glad to hear it. That was my goal too. I hope you had fun with modular arithmetic.

So, I've found a key, it resolves to a different address but the signature with k = 2020 is (almost, aside from recid) the same as the challenge:

All the steps you have taken to compute this key were correct but there is another hidden first step that you should have taken to find the actual key that was used. The recid is telling you what that step is. But to make it easier here is another hint: BIP62.

then switched the recid in the signature to lead to another public key,

No, the recid is the correct value that should have been used.

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Thanks, for the tip, this made it really easy.
-----BEGIN SIGNATURE-----
14B3NsuKDk5piqnw71U9kDuSmvMJnYprnr
Hze7ItP3r+hmjpsoVhMy2eNzSoE5v+E50sCUdBRWQDYJlkJK5tiSuNww2vW3ZE0gKR3iBoBDNipxj1hw2S2p6QY=
-----END BITCOIN SIGNED MESSAGE-----

Now I only need to find what to do with this private key...

[Coding Enthusiast]

Now I only need to find what to do with this private key...

Try importing it in bitcoin-core, or maybe play around with the script types in Electrum when you import a key

[hatshepsut93]

Now I only need to find what to do with this private key...

Try importing it in bitcoin-core, or maybe play around with the script types in Electrum when you import a key

Done! https://www.blockchain.com/btc/tx/a198aa79ed1dee8cc4f7501b000c8d9ef373aad826d4fa1bc15990d32e303c77 -> https://www.blockchain.com/btc/tx/9521384c888e5a91c579378728df9808427e4da4f5c7373f527efb79794b64e9

(bumped the fee)

I imported it in Electrum with p2wpkh flag, worked like a charm!

[Coding Enthusiast]

Done! https://www.blockchain.com/btc/tx/a198aa79ed1dee8cc4f7501b000c8d9ef373aad826d4fa1bc15990d32e303c77

I imported it in Electrum with p2wpkh flag, worked like a charm!

Congrats. Hope everyone enjoyed the puzzle.
Just FYI there is another hidden mystery that hasn't been found yet. As soon as your transaction is confirmed I will post a comment explaining the steps needed to solve this puzzle and also reveal that mystery too. Meanwhile try looking at the key from another perspective, maybe you could figure that out too.

[Coding Enthusiast]

Here is how you should have solved the puzzle.
We have
- the ECDSA equation ([1])
- Base64 signature with a recid so we had:
  - r = 0x37bb22d3f7afe8668e9b28561332d9e3734a8139bfe139d2c094741456403609
  - s = 0x50ca4a3efdeb86e9252b4c32114d77ae71911f4f5ed3ce13e5f82bdfd30658ab
  - v = 0x01
- z aka e is calculated easily from the message: 0xfb917a8e7c3dd70b329d7671cc388329749f5e90a39b7f2670a1311e90bb516a
- k = 2020

Also the above equation could be changed to by knowing the basic properties of modular arithmetic:
s*k=z+rd_A (mod n) => s*k - z = rd_A (mod n) => (s*k - z)r^-1 = d_A (mod n)

First thing to know is that all of the above is "modular arithmetic" so x^-1 or 1/x is not as simple as 1 divided by x. It is modular multiplicative inverse. That means 1/2 (mod n) is not 0.5 but instead it is 57896044618658097711785492504343953926418782139537452191302581570759080747169
ModInverse() method is found in all cryptography libraries.

With that we can calculate d_A (that is the private key) as

Code:

0xc5b25300c3f76cd0142b5bcca95fe307eb1cda05df153f81039edaa92ef96afd

But if you get the P2PKH address from this key you'll get 1CNvS7ivEFrZWSbSSSc6fvQFgY7KNG16Aq (compressed pubkey) or as hatshepsut93 found 13LDi5Sb5YG2MAebUNkAB58t1DcFPCAaxZ (uncompressed pubkey).
By the way when redid-27 is bigger than 4 that means the compressed public key was used.

So something must have been wrong. It takes us back to recid. recid-27 is 5 and when you subtract 4 (the fixed value added to indicate compressed public key) you'll get 1. This could be an indication that negative s was used instead.
As I posted above, In bitcoin to prevent malleability there is a consensus rule that mandates usage of low S values in signatures. Which is basically a simple modular subtraction.

With the new (s = secp256k1.N - s) we get a new key value:

Code:

0x53616e746120436c61757320626974636f696e2070726976617465206b657921

Now if you get the P2PKH address of this key you'll get 14B3NsuKDk5piqnw71U9kDuSmvMJnYprnr which is the correct address.

But where is the reward?
A single private key corresponds to a single public key point and from that public key you can create multiple script types (for simplicity addresses) one of which is P2WPKH which is known as a native SegWit address.

Code:

private key: Kz1nt4DTapTZdBhRCNca7QazvC4WSA2rCTk1prmGxtHDYqNehZNe
public key: 022c17a18e7e6b625506ee24f09ed0e4475ae399cd7b16d25693490c07ab2fe94f
address: bc1qyt8g2aucnnd00wmwruxzw6eluf5ut4cmd0ljuz

And the final "mystery" was that if you look at the private key posted here more closely or with another "eye" you can see that it is a simple human readable string! All you have to do is to convert the base58 or base16 to UTF8 to get:

Code:

Santa Claus bitcoin private key!