ecdsa123 (OP)
Full Member
 Offline
Activity: 211
Merit: 105
Dr WHO on disney+
|
 |
December 13, 2022, 03:43:15 PM |
|
as we see we have 4 transactions: 2 transaction for one pubkey nonce1 and nonce2 are used for thsi transaction as below: r1=r3 r2=r4 so we have transaction according https://billatnapier.medium.com/ecdsa-revealing-the-private-key-from-four-signed-message-two-keys-and-shared-nonces-secp256k1-5758f1258b1dIf any can help i will pay $1200:) privkey1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
privkey2= 65602009300807068992382438511465994464148703102269145684254988072233619429415
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
signature matches
#transaction from first privkey1
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013
z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s2= 88414683103569280491867470526894992004240909646745888824999991880846576153983
z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
##transaction from second privkey2
r3= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s3= 48387795993880540164497955151292140905876432678370698441361372722465054520609
z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
r4= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s4= 94479523762013111191490500533227932711756342618388816229238677867942525385058
z4= 88400657509035765824159536685234267382896518494653799783594906135509259195161
|
|
|
|
|
|
|
|
|
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
stanner.austin
Member
 Online
Activity: 67
Merit: 53
|
|
December 14, 2022, 10:33:31 AM |
|
@ecdsa123 Hello You have invalid data.. By using your private keys and nonce and hash data as Z, i get diff results and recovery work fine. valinv 0xeb9e061fe21f308537cde4b70c98d4d0f819630c4efe968cd9171765c4d4c96
Signature r1=37172049453198803628923372374682424137153412099188977901809252086397375163174, s1=36665125934301679295764426496089959157670212057714313825462899262019004181013
Signature r1_1=37172049453198803628923372374682424137153412099188977901809252086397375163174, s2=38201930909181021929363545653126029092310200493193739546604231428387022946196
Signature r2=40974080779974461932858835766108658066940207003253964846620894290420102383124, s3=115535488843869076151238217034945605348288249901213567246114164482038361011381
Signature r2_1=40974080779974461932858835766108658066940207003253964846620894290420102383124, s4=94479523762013111191490500533227932711756342618388816229238677867942525385058
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef3
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef3
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
|
|
|
|
|
ecdsa123 (OP)
Full Member
Offline
Activity: 211
Merit: 105
Dr WHO on disney+
|
|
December 14, 2022, 10:38:24 AM |
|
can you share code?
|
|
|
|
stanner.austin
Member
Online
Activity: 67
Merit: 53
|
|
December 14, 2022, 10:50:49 AM Merited by NotATether (3) |
|
Hello Here is code its same as link you posted nothing special. #!/usr/bin/env python3
import ecdsa
import random
import libnum
import hashlib
import sys
G = ecdsa.SECP256k1.generator
order = G.order()
priv1 = 74151126465914553719682701372546590912032713247110001383204298192577238294259 #random.randrange(1,order)
Public_key = ecdsa.ecdsa.Public_key(G, G * priv1)
x1 = ecdsa.ecdsa.Private_key(Public_key, priv1)
priv2 = 65602009300807068992382438511465994464148703102269145684254988072233619429415 #random.randrange(1,order)
Public_key2 = ecdsa.ecdsa.Public_key(G, G * priv2)
x2 = ecdsa.ecdsa.Private_key(Public_key2, priv2)
k1 = 113430668354305125354139681412571553637810109882549088741100884487402919060793 #random.randrange(1, order)
k2 = 88941376982568942091029320764989550225390065895384871037015643141890275775717 #random.randrange(1, order)
h1 = 45063904364969322573281122086971579379876583577391310824950725157431863085693 #int(hashlib.sha256(msg1.encode()).hexdigest(),base=16)
h2 = 96925863066810859394685400246217607442326685412593308871569663983290139782035 #int(hashlib.sha256(msg2.encode()).hexdigest(),base=16)
h3 = 70890957235815785946608014568730757332857823983374044998781188028671033610413 #int(hashlib.sha256(msg3.encode()).hexdigest(),base=16)
h4 = 88400657509035765824159536685234267382896518494653799783594906135509259195161 #int(hashlib.sha256(msg4.encode()).hexdigest(),base=16)
x1sig1 = x1.sign(h1, k1)
x1sig2 = x1.sign(h3, k2)
r1,s1 = x1sig1.r,x1sig1.s
r2,s3 = x1sig2.r,x1sig2.s
#r1,s1 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,36665125934301679295764426496089959157670212057714313825462899262019004181013 #x1sig1.r,x1sig1.s
#r2,s3 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,88414683103569280491867470526894992004240909646745888824999991880846576153983 #x1sig2.r,x1sig2.s
#r1_1,s2 = 37172049453198803628923372374682424137153412099188977901809252086397375163174,48387795993880540164497955151292140905876432678370698441361372722465054520609 #x2sig1.r,x2sig1.s
#r2_1,s4 = 40974080779974461932858835766108658066940207003253964846620894290420102383124,94479523762013111191490500533227932711756342618388816229238677867942525385058 #x2sig2.r,x2sig2.s
x2sig1 = x2.sign(h2, k1)
x2sig2 = x2.sign(h4, k2)
r1_1,s2 = x2sig1.r,x2sig1.s
r2_1,s4 = x2sig2.r,x2sig2.s
print("valinv " + hex(r1*r2*(s1*s4-s2*s3)% order ))
print (f"Signature r1={r1}, s1={s1}")
print (f"Signature r1_1={r1_1}, s2={s2}")
print (f"Signature r2={r2}, s3={s3}")
print (f"Signature r2_1={r2_1}, s4={s4}")
valinv = libnum.invmod( r1*r2*(s1*s4-s2*s3),order)
x1rec = ((h1*r2*s2*s3-h2*r2*s1*s3-h3*r1*s1*s4+h4*r1*s1*s3 ) * valinv) % order
x2rec = ((h1*r2*s2*s4-h2*r2*s1*s4-h3*r1*s2*s4+h4*r1*s2*s3 ) * valinv) % order
print ("\nPrivate key (x1):",hex(priv1)[2:])
print ("\nPrivate recovered (x1): ",hex(x1rec)[2:])
print ("\nPrivate1 Matched ?: ",priv1 ==x1rec)
print ("\nPrivate key (x2):",hex(priv2)[2:])
print ("\nPrivate recovered (x2):",hex(x2rec)[2:])
print ("\nPrivate2 Matched ?: ",priv2 ==x2rec)
|
|
|
|
|
COBRAS
Member
Offline
Activity: 850
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 14, 2022, 04:43:42 PM |
|
can you share code?
dont forget pay to member 1200 |
|
|
|
ecdsa123 (OP)
Full Member
Offline
Activity: 211
Merit: 105
Dr WHO on disney+
|
|
December 14, 2022, 07:16:55 PM |
|
can you share code?
dont forget pay to member 1200 sure, when it will be work, maybe i will pay more. previous was invalid data my fault sorry # transaction 1 & 2 first privkey
priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013
z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381
z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey
priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196
z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187
z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
normal calculate not work, modulo 0 any one help? |
|
|
|
|
garlonicon
|
|
December 14, 2022, 08:44:33 PM |
|
normal calculate not work, modulo 0 Of course modulo zero, because ECDSA is safer than you think. If one transaction is just a tweaked version of another transaction, then you have only one of them, because linear translation will not give you anything new. If you want to solve x=2y, you won't reach anything by adding 2x=4y into your equations. |
|
|
|
|
ecdsa123 (OP)
Full Member
Offline
Activity: 211
Merit: 105
Dr WHO on disney+
|
|
December 15, 2022, 09:00:37 AM
Last edit: December 15, 2022, 09:48:08 AM by ecdsa123 |
|
Yes , the last transaction for privatekey 2 -> is tweaked - that true. the question is only that " how to get value". I understand in this example linear algebra is not way to get value x1 and x2 as private key. but there must be "abstract" way to solve it. always is solution, problem is to find. I used montgomery reduction plus Gauss-Jordan in finite field. it can be solved when diff k1 and k2 as nonce is less than 2**240 bit added: Of course if diff k1 and k2 is more 2**240 bit can be solved too -> but then we need implement enumeration. time can be short or years.  |
|
|
|
NotATether
Legendary
Offline
Activity: 1596
Merit: 6730
bitcoincleanup.com / bitmixlist.org
|
|
December 16, 2022, 05:16:47 AM |
|
If you want to solve x=2y, you won't reach anything by adding 2x=4y into your equations.
It's more like attempting to solve x = 2x rather than x = 2y. There is technically only one unique transaction anyway, and just like in systems of equations & matrices, you need to have at least as many equations than unknowns to have a chance at solving any of them. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
stanner.austin
Member
Online
Activity: 67
Merit: 53
|
|
December 21, 2022, 03:48:10 PM |
|
can you share code?
dont forget pay to member 1200 sure, when it will be work, maybe i will pay more. previous was invalid data my fault sorry # transaction 1 & 2 first privkey
priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013
z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381
z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey
priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196
z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187
z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
normal calculate not work, modulo 0 any one help? Hello K1 fac77baf5d1dd051987bf8335065d59d14bd41fe778340f0ef1482457b7c6539
K2 c4a309118b2505dad8df1d6053573bab6b4629fc0bf296d19fe2847ec90b94e5
Signature r1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s1=5da53ccaaf8cc2926c3e6d0a5cdf93a3f3aa4f9da7b2839101c78c57cc71c4b2
Signature r1_1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s2=547586d2f6f6af809ed061a3619e51f480e976a7637fc09fa91db5f7fba1bf94
Signature r2=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s3=341b2787dc687cf04a1ae278a4a6384dd7c7480e5d4e5eb807a984f7158653fb
Signature r2_1=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s4=93965abd5b6ac399cd51dd5cbb800574a43bec69e56664148dc155c8dccf7b93
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
There is some relation with odd/even i guess, if i add + 1 in private key 1 i am able to get results else inverse is zero.. So may be your tweaked data need to change some odd/even formula for h4 or may need to bigger number. |
|
|
|
|
COBRAS
Member
Offline
Activity: 850
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 22, 2022, 05:50:35 PM |
|
can you share code?
dont forget pay to member 1200 sure, when it will be work, maybe i will pay more. previous was invalid data my fault sorry # transaction 1 & 2 first privkey
priv1= 74151126465914553719682701372546590912032713247110001383204298192577238294259
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s1= 36665125934301679295764426496089959157670212057714313825462899262019004181013
z1= 45063904364969322573281122086971579379876583577391310824950725157431863085693
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s3= 115535488843869076151238217034945605348288249901213567246114164482038361011381
z3= 70890957235815785946608014568730757332857823983374044998781188028671033610413
# 2 -transaction 3 & 4 - second privkey
priv2= 65602009300807068992382438511465994464148703102269145684254988072233619429415
nonce1= 113430668354305125354139681412571553637810109882549088741100884487402919060793
r1= 37172049453198803628923372374682424137153412099188977901809252086397375163174
s2= 38201930909181021929363545653126029092310200493193739546604231428387022946196
z2= 96925863066810859394685400246217607442326685412593308871569663983290139782035
nonce2= 88941376982568942091029320764989550225390065895384871037015643141890275775717
r2= 40974080779974461932858835766108658066940207003253964846620894290420102383124
s4= 66755642063685386713485274914216908026179826727440247880714653645256904375187
z4= 618391849825900336304504678084876520197902749480544893171844571313024934814
normal calculate not work, modulo 0 any one help? Hello K1 fac77baf5d1dd051987bf8335065d59d14bd41fe778340f0ef1482457b7c6539
K2 c4a309118b2505dad8df1d6053573bab6b4629fc0bf296d19fe2847ec90b94e5
Signature r1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s1=5da53ccaaf8cc2926c3e6d0a5cdf93a3f3aa4f9da7b2839101c78c57cc71c4b2
Signature r1_1=522ea268a7952d5ccd5a5bf37fc8327a7f70ed323c1e1627449592bf3d652b26, s2=547586d2f6f6af809ed061a3619e51f480e976a7637fc09fa91db5f7fba1bf94
Signature r2=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s3=341b2787dc687cf04a1ae278a4a6384dd7c7480e5d4e5eb807a984f7158653fb
Signature r2_1=5a9682047a7b6437075db7961a67b66b0f829d8947f2fde62dcb9cfd872cc614, s4=93965abd5b6ac399cd51dd5cbb800574a43bec69e56664148dc155c8dccf7b93
Private key (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private recovered (x1): a3f00cdfad7e7785444f2f3c5ec9386fa218a5b457c4291bee66bbba37025ef4
Private1 Matched ?: True
Private key (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private recovered (x2): 91096be3f5c726814b64cf26449f401417c73e648d16e1f45bd02d0883081827
Private2 Matched ?: True
There is some relation with odd/even i guess, if i add + 1 in private key 1 i am able to get results else inverse is zero.. So may be your tweaked data need to change some odd/even formula for h4 or may need to bigger number. Dont forget get money from ecdzaza123 before give code to him. |
|
|
|
ecdsa123 (OP)
Full Member
Offline
Activity: 211
Merit: 105
Dr WHO on disney+
|
|
December 22, 2022, 06:38:17 PM
Last edit: December 22, 2022, 07:05:46 PM by ecdsa123 |
|
@stanner.austin
Yes, unfornatelly for us there is relation in ring Zn/N -> problem which i call " how to escape from the ring ". no answer unfornatelly.
at the moment the project has been "frozed" by me.
|
|
|
|
|
