krashfire (OP)
Jr. Member
Offline
Activity: 104
Merit: 6
Life aint interesting without any cuts and bruises
|
|
November 18, 2022, 05:55:13 PM Last edit: November 21, 2022, 11:43:38 PM by krashfire |
|
I am trying to create 100 RSZ with K nonce using my own signatures and public key. This code below gives random range from the ecdsa library. How can I modify this so I can recreate a 100 signatures with the same public key with k nonce known. def generates_signatures(number_sigs, message, kbits, data_type, curve): print("Preparing Data") d_key = random.randrange(ecdsa_lib.curve_n(curve)) print("Private key to be found (as demo) :") print(hex(d_key))
|
KRASH
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
BlackHatCoiner
Legendary
Online
Activity: 1512
Merit: 7359
Farewell, Leo
|
|
November 18, 2022, 06:17:56 PM |
|
1) What's "KP nonce". Did you mean "K nonce"? 2) What are you trying to accomplish? How can I modify this so I can recreate a 100 signatures with the same public key with k nonce known. Correct me if I'm wrong: Given d the private key, and k the random number that is used, you want to create signatures with different s values. As far as I can see from the code, there's only a variable d, so it's impossible (by altering only that part of the code).
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
krashfire (OP)
Jr. Member
Offline
Activity: 104
Merit: 6
Life aint interesting without any cuts and bruises
|
|
November 19, 2022, 02:48:44 AM |
|
1) What's "KP nonce". Did you mean "K nonce"? 2) What are you trying to accomplish? How can I modify this so I can recreate a 100 signatures with the same public key with k nonce known. Correct me if I'm wrong: Given d the private key, and k the random number that is used, you want to create signatures with different s values. As far as I can see from the code, there's only a variable d, so it's impossible (by altering only that part of the code). Hi... This is the full code
import argparse import random import json import ecdsa_lib def generates_signatures(number_sigs, message, kbits, data_type, curve): print("Preparing Data") d_key = random.randrange(ecdsa_lib.curve_n(curve)) print("Private key to be found (as demo) :") print(hex(d_key)) sigs = [] sz_curve = ecdsa_lib.curve_size(curve) kbi = int(2 ** kbits) print(f"Generating {number_sigs} signatures with curve {curve.upper()}") print(f" leaking {kbits} bits for k ({data_type}) ...") if message is not None: msg = message.encode("utf8") # Always hash message provided with SHA2-256, whatever hash_int = ecdsa_lib.sha2_int(msg) for _ in range(number_sigs): if message is None: # Use a random different message for each signature # Note : there is no associated message from the hash # Do not ever that in practice, this is insecure, only here for demo hash_int = random.randrange(ecdsa_lib.curve_n(curve)) # Compute signatures with k (nonce), r, s sig_info = ecdsa_lib.ecdsa_sign_kout(hash_int, d_key, curve) # pack and save data as : r, s, k%(2^bits) (partial k : "kp") sigs.append( { "r": sig_info[0], "s": sig_info[1], "kp": sig_info[2] % kbi if data_type == "LSB" else sig_info[2] >> (sz_curve - kbits), } ) if message is None: sigs[-1]["hash"] = hash_int ret = { "curve": curve.upper(), "public_key": ecdsa_lib.privkey_to_pubkey(d_key, curve), "known_type": data_type, "known_bits": kbits, "signatures": sigs, } if message is not None: ret["message"] = list(msg) return ret if __name__ == "__main__": parser = argparse.ArgumentParser( description="Generate random demo data for ECDSA attack." ) parser.add_argument( "-f", default="data.json", help="File name output", metavar="fileout", ) parser.add_argument( "-m", help="Message string", metavar="msg", ) parser.add_argument( "-c", default="secp256k1", help="Elliptic curve name", metavar="curve" ) parser.add_argument( "-b", default=6, type=int, help="Number of known bits (at least 4)", metavar="nbits", ) parser.add_argument( "-t", default="LSB", help="bits type : MSB or LSB", metavar="type" ) parser.add_argument( "-n", default=1000, type=int, help="Number of signatures to generate", metavar="num", ) arg = parser.parse_args() sigs_data = generates_signatures(arg.n, arg.m, arg.b, arg.t, arg.c) with open(arg.f, "w") as fout: json.dump(sigs_data, fout) print(f"File {arg.f} written with all data.")
] I need to recreate a lattice attack scenario against my own wallet. Hence I need to create at least 100 signatures for the attack.
|
KRASH
|
|
|
NotATether
Legendary
Offline
Activity: 1596
Merit: 6732
bitcoincleanup.com / bitmixlist.org
|
|
November 19, 2022, 08:53:37 AM |
|
1) What's "KP nonce". Did you mean "K nonce"?
From looking at his supplies code, he collects a list of nonces "K", module some bit size, I.e. the nonces are truncated by some amount of bits - which is variable and can be adjusted using the "kbits" parameter.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
krashfire (OP)
Jr. Member
Offline
Activity: 104
Merit: 6
Life aint interesting without any cuts and bruises
|
|
November 20, 2022, 12:39:46 AM |
|
1) What's "KP nonce". Did you mean "K nonce"?
From looking at his supplies code, he collects a list of nonces "K", module some bit size, I.e. the nonces are truncated by some amount of bits - which is variable and can be adjusted using the "kbits" parameter. Yes that's true. What my problem is. They are being generated randomly. I need it to be able to accept a sample RSZ and public key and it can generate another 100 signatures which output the same public key.
|
KRASH
|
|
|
NotATether
Legendary
Offline
Activity: 1596
Merit: 6732
bitcoincleanup.com / bitmixlist.org
|
|
November 21, 2022, 05:51:40 AM |
|
1) What's "KP nonce". Did you mean "K nonce"?
From looking at his supplies code, he collects a list of nonces "K", module some bit size, I.e. the nonces are truncated by some amount of bits - which is variable and can be adjusted using the "kbits" parameter. Yes that's true. What my problem is. They are being generated randomly. I need it to be able to accept a sample RSZ and public key and it can generate another 100 signatures which output the same public key. Why don't you simply make 100 raw transactions with the same input containing the pubkey, but with different amounts? You should certainly get 100 different RSZ tuples that way. You don't need to use a sample RSZ for this, you just need an input that is associated with the public key you type.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
krashfire (OP)
Jr. Member
Offline
Activity: 104
Merit: 6
Life aint interesting without any cuts and bruises
|
|
November 21, 2022, 09:14:21 AM |
|
1) What's "KP nonce". Did you mean "K nonce"?
From looking at his supplies code, he collects a list of nonces "K", module some bit size, I.e. the nonces are truncated by some amount of bits - which is variable and can be adjusted using the "kbits" parameter. Yes that's true. What my problem is. They are being generated randomly. I need it to be able to accept a sample RSZ and public key and it can generate another 100 signatures which output the same public key. Why don't you simply make 100 raw transactions with the same input containing the pubkey, but with different amounts? You should certainly get 100 different RSZ tuples that way. You don't need to use a sample RSZ for this, you just need an input that is associated with the public key you type. I don't have that much bitcoins to spend.
|
KRASH
|
|
|
ABCbits
Legendary
Offline
Activity: 2870
Merit: 7490
Crypto Swap Exchange
|
|
November 21, 2022, 11:47:35 AM Merited by PowerGlove (1) |
|
Why don't you simply make 100 raw transactions with the same input containing the pubkey, but with different amounts? You should certainly get 100 different RSZ tuples that way. You don't need to use a sample RSZ for this, you just need an input that is associated with the public key you type.
I don't have that much bitcoins to spend. 1. You can create signed raw transaction without broadcasting it, which means you never spend your Bitcoin. 2. You could use Testnet or Regtest network. Although you might need to obtain some coin from faucet (for testnet), perform initial node setup (for regtest) or make small change on your script.
|
|
|
|
krashfire (OP)
Jr. Member
Offline
Activity: 104
Merit: 6
Life aint interesting without any cuts and bruises
|
|
November 21, 2022, 11:42:47 PM |
|
Why don't you simply make 100 raw transactions with the same input containing the pubkey, but with different amounts? You should certainly get 100 different RSZ tuples that way. You don't need to use a sample RSZ for this, you just need an input that is associated with the public key you type.
I don't have that much bitcoins to spend. 1. You can create signed raw transaction without broadcasting it, which means you never spend your Bitcoin. 2. You could use Testnet or Regtest network. Although you might need to obtain some coin from faucet (for testnet), perform initial node setup (for regtest) or make small change on your script. oh i did not know that. ok will do. thank you.
|
KRASH
|
|
|
stanner.austin
Member
Online
Activity: 67
Merit: 53
|
|
November 22, 2022, 08:29:21 AM |
|
1) What's "KP nonce". Did you mean "K nonce"? 2) What are you trying to accomplish? How can I modify this so I can recreate a 100 signatures with the same public key with k nonce known. Correct me if I'm wrong: Given d the private key, and k the random number that is used, you want to create signatures with different s values. As far as I can see from the code, there's only a variable d, so it's impossible (by altering only that part of the code). Hi... This is the full code
import argparse import random import json import ecdsa_lib def generates_signatures(number_sigs, message, kbits, data_type, curve): print("Preparing Data") d_key = random.randrange(ecdsa_lib.curve_n(curve)) print("Private key to be found (as demo) :") print(hex(d_key)) sigs = [] sz_curve = ecdsa_lib.curve_size(curve) kbi = int(2 ** kbits) print(f"Generating {number_sigs} signatures with curve {curve.upper()}") print(f" leaking {kbits} bits for k ({data_type}) ...") if message is not None: msg = message.encode("utf8") # Always hash message provided with SHA2-256, whatever hash_int = ecdsa_lib.sha2_int(msg) for _ in range(number_sigs): if message is None: # Use a random different message for each signature # Note : there is no associated message from the hash # Do not ever that in practice, this is insecure, only here for demo hash_int = random.randrange(ecdsa_lib.curve_n(curve)) # Compute signatures with k (nonce), r, s sig_info = ecdsa_lib.ecdsa_sign_kout(hash_int, d_key, curve) # pack and save data as : r, s, k%(2^bits) (partial k : "kp") sigs.append( { "r": sig_info[0], "s": sig_info[1], "kp": sig_info[2] % kbi if data_type == "LSB" else sig_info[2] >> (sz_curve - kbits), } ) if message is None: sigs[-1]["hash"] = hash_int ret = { "curve": curve.upper(), "public_key": ecdsa_lib.privkey_to_pubkey(d_key, curve), "known_type": data_type, "known_bits": kbits, "signatures": sigs, } if message is not None: ret["message"] = list(msg) return ret if __name__ == "__main__": parser = argparse.ArgumentParser( description="Generate random demo data for ECDSA attack." ) parser.add_argument( "-f", default="data.json", help="File name output", metavar="fileout", ) parser.add_argument( "-m", help="Message string", metavar="msg", ) parser.add_argument( "-c", default="secp256k1", help="Elliptic curve name", metavar="curve" ) parser.add_argument( "-b", default=6, type=int, help="Number of known bits (at least 4)", metavar="nbits", ) parser.add_argument( "-t", default="LSB", help="bits type : MSB or LSB", metavar="type" ) parser.add_argument( "-n", default=1000, type=int, help="Number of signatures to generate", metavar="num", ) arg = parser.parse_args() sigs_data = generates_signatures(arg.n, arg.m, arg.b, arg.t, arg.c) with open(arg.f, "w") as fout: json.dump(sigs_data, fout) print(f"File {arg.f} written with all data.")
] I need to recreate a lattice attack scenario against my own wallet. Hence I need to create at least 100 signatures for the attack. Hello I don't know what so hard on this. You just need to replace this line d_key = random.randrange(ecdsa_lib.curve_n(curve)) with your own key for example d_key = 0x1000 this will generate your private key if its(0x1000 in hex) 1000 sign because default generation. In case you want to customize K_nonce not private key it self(D_key) you have to specify it while using at this line sig_info = ecdsa_lib.ecdsa_sign_kout(hash_int, d_key, curve) change to sig_info = ecdsa_lib.ecdsa_sign_kout(hash_int, d_key, curve,0x2222222222) 0x2222222222 is K_nonce this is just example.
|
|
|
|
NotATether
Legendary
Offline
Activity: 1596
Merit: 6732
bitcoincleanup.com / bitmixlist.org
|
|
November 22, 2022, 04:31:33 PM |
|
Why don't you simply make 100 raw transactions with the same input containing the pubkey, but with different amounts? You should certainly get 100 different RSZ tuples that way. You don't need to use a sample RSZ for this, you just need an input that is associated with the public key you type.
I don't have that much bitcoins to spend. 1. You can create signed raw transaction without broadcasting it, which means you never spend your Bitcoin. 2. You could use Testnet or Regtest network. Although you might need to obtain some coin from faucet (for testnet), perform initial node setup (for regtest) or make small change on your script. oh i did not know that. ok will do. thank you. Yes, if you get some testnet bitcoins from a faucet (you'd need a Bitcoin Core or other full node to use regtest because it makes a brand-new blockchain on your node, But most wallets support testnet node) and make transaction spends with dust amounts like 1000 sats, you should be able to generate 100 RSZs for about 0.001 testnet BTC.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
|