krashfire (OP)
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 119
Merit: 11
Life aint interesting without any cuts and bruises
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 12, 2024, 08:49:21 AM Last edit: April 18, 2024, 04:17:08 PM by krashfire |
|
I had made a little change in my code. im just hoping i could receive some advice on whether my method here is more efficient or sound? i got really lucky because i was told that 6 weeks was really fast. but.. i am hoping to go faster. so my question is, please take a look at my code in sagemath, and see what i might have miss out or can improve to make it much better? and while im here, i was told the u1 value some sort of give a "hint" on the k nonce. i realise that it just really is the real mod n of k nonce only but its not k nonce itself, please check my code to see where i can improve. thank you.
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z)
pub1,pub2=make_public(r,s,z) print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce
for i in range(1, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) K = k * G u1 = (modinv(s, n) * z) % n u2 = (modinv(s, n) * r) % n if K == (u1 * G + u2 * R): print("Found real k:", k) break
|
KRASH
|
|
|
stanner.austin
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 67
Merit: 53
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 12, 2024, 09:45:48 AM |
|
Hi This is my version if you have private key or may need to bf. def Get_Nonce_K_With_Private_Key(r,s,z,x): if (x == 0 ): return 0; sinv = pow(s,N-2,N) t1 = (x*r) % N t2 = (z+t1) % N myK = (sinv*t2) % N if (myK == 0 ): return 0; if ((myK*G).x.num == r): return myK return 0
But you can always do R == K * G to find out if you really found valid K or not. Regards,
|
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 12, 2024, 04:16:19 PM |
|
I had made a little change in my code. im just hoping i could receive some advice on whether my method here is more efficient or sound? i got really lucky because i was told that 6 weeks was really fast. but.. i am hoping to go faster. so my question is, please take a look at my code in sagemath, and see what i might have miss out or can improve to make it much better? and while im here, i was told the u1 value some sort of give a "hint" on the k nonce. i realise that it just really is the real mod n of k nonce only but its not k nonce itself, please check my code to see where i can improve. thank you.
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x00fc5e2ab560be4649b85511940daf8302cf2e2e06bfd60a75c8bae5f832da289c s=0x45c4c9d548699bbc5f3484a2d6d59ac07ea3328a1deb6b2bb9f2f8f0727be1de z=0x6559f4e4b8d7824a641418b992f913411a1995fa35668c8c634b5a19a93a944c
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z)
pub1,pub2=make_public(r,s,z) print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce
for i in range(1, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) K = k * G u1 = (modinv(s, n) * z) % n u2 = (modinv(s, n) * r) % n if K == (u1 * G + u2 * R): print("Found real k:", k) break
great , I will try
|
[
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 12, 2024, 08:57:15 PM |
|
I had made a little change in my code. im just hoping i could receive some advice on whether my method here is more efficient or sound? i got really lucky because i was told that 6 weeks was really fast. but.. i am hoping to go faster. so my question is, please take a look at my code in sagemath, and see what i might have miss out or can improve to make it much better? and while im here, i was told the u1 value some sort of give a "hint" on the k nonce. i realise that it just really is the real mod n of k nonce only but its not k nonce itself, please check my code to see where i can improve. thank you.
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x00fc5e2ab560be4649b85511940daf8302cf2e2e06bfd60a75c8bae5f832da289c s=0x45c4c9d548699bbc5f3484a2d6d59ac07ea3328a1deb6b2bb9f2f8f0727be1de z=0x6559f4e4b8d7824a641418b992f913411a1995fa35668c8c634b5a19a93a944c
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z)
pub1,pub2=make_public(r,s,z) print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce
for i in range(1, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) K = k * G u1 = (modinv(s, n) * z) % n u2 = (modinv(s, n) * r) % n if K == (u1 * G + u2 * R): print("Found real k:", k) break
I take error: line 12 SyntaxError: Non-ASCII character '\xc2' in file nonce9.sage.py on line 12, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details
|
[
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 12, 2024, 10:58:14 PM Last edit: April 12, 2024, 11:08:55 PM by COBRAS |
|
I had made a little change in my code. im just hoping i could receive some advice on whether my method here is more efficient or sound? i got really lucky because i was told that 6 weeks was really fast. but.. i am hoping to go faster. so my question is, please take a look at my code in sagemath, and see what i might have miss out or can improve to make it much better? and while im here, i was told the u1 value some sort of give a "hint" on the k nonce. i realise that it just really is the real mod n of k nonce only but its not k nonce itself, please check my code to see where i can improve. thank you.
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x00fc5e2ab560be4649b85511940daf8302cf2e2e06bfd60a75c8bae5f832da289c s=0x45c4c9d548699bbc5f3484a2d6d59ac07ea3328a1deb6b2bb9f2f8f0727be1de z=0x6559f4e4b8d7824a641418b992f913411a1995fa35668c8c634b5a19a93a944c
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z)
pub1,pub2=make_public(r,s,z) print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce
for i in range(1, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) K = k * G u1 = (modinv(s, n) * z) % n u2 = (modinv(s, n) * r) % n if K == (u1 * G + u2 * R): print("Found real k:", k) break
Krashfire, u1 = (modinv(s, n) * z) % n u2 = (modinv(s, n) * r) % n if K == (u1 * G + u2 * R): u1, u2 are known. What a problem find u1*G +u2*R ? u2 * R is a number? How you add number to point u1*G ? br
|
[
|
|
|
krashfire (OP)
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 119
Merit: 11
Life aint interesting without any cuts and bruises
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 13, 2024, 05:21:04 AM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath.
|
KRASH
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 13, 2024, 10:43:22 AM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. bro, test your code at this test data, I try you scrypt from your orevious topic not found k ! this test data from ecdsa123: r= 115780575977492633039504758427830329241728645270042306223540962614150928364886 s= 115784413730767153834193500621449522112098284939719838943229029456606672741370 z= 2 k = 6
|
[
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 13, 2024, 05:55:51 PM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring'
|
[
|
|
|
krashfire (OP)
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 119
Merit: 11
Life aint interesting without any cuts and bruises
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 14, 2024, 01:47:50 AM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring' that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works.
|
KRASH
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 14, 2024, 02:25:35 AM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring' that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works. im use this rsz bro: r= 115780575977492633039504758427830329241728645270042306223540962614150928364886 s= 115784413730767153834193500621449522112098284939719838943229029456606672741370 z= 2 ?
|
[
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 14, 2024, 05:43:31 AM Last edit: April 14, 2024, 09:06:33 PM by COBRAS |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring' that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works. im use this rsz bro: r= 115780575977492633039504758427830329241728645270042306223540962614150928364886 s= 115784413730767153834193500621449522112098284939719838943229029456606672741370 z= 2 ? I put this part: k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break and put to your code of your presious thread, working. ('Found real k:', 87069027473077907962879272067307854440257155754636880132689937952837782290998, 6) ('Match found for u1 at i =', 0) ('!!!', 6, 4) but ecdsa123 tell what nonce is 6, not 87069027473077907962879272067307854440257155754636880132689937952837782290998
|
[
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 15, 2024, 01:13:49 AM Last edit: April 15, 2024, 01:30:41 AM by COBRAS |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. little example how to add your code to bsgs or kangaroo software: r= 1157805759774926330395047584278303292417$ s= 1157844137307671538341935006214495221120$ z= 2 i = 0 while True: k = (z + i )%n # * modinv(s, n) % n #start range print("k",k) R = E.lift_x(Integer(r)) K = k * ( modinv(s, n) * G) #( modinv(s, n) * G) - base point u1 = (modinv(s, n) * z) % n u2 = (modinv(s, n) * r) % n #if k <=2**100:print("$$$",k,i) if K == (u1 * G + u2 * R): # in () is a pubkey print("&",k) print("yes!!!") print("Found real k:", k,i) break i = i + r ('Found real k:', 115723009678374821119173625523542436186184050224879315428219959977314762717633, 69468345586495579823702855056698197545037187162025383734124577568490557018931 ![Huh](https://bitcointalk.org/Smileys/default/huh.gif) enjoy ))
|
[
|
|
|
krashfire (OP)
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 119
Merit: 11
Life aint interesting without any cuts and bruises
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 15, 2024, 08:40:06 AM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring' that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works. im use this rsz bro: r= 115780575977492633039504758427830329241728645270042306223540962614150928364886 s= 115784413730767153834193500621449522112098284939719838943229029456606672741370 z= 2 ? lol. of course that wont work. its not real rsz
|
KRASH
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 15, 2024, 12:51:59 PM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring' that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works. im use this rsz bro: r= 115780575977492633039504758427830329241728645270042306223540962614150928364886 s= 115784413730767153834193500621449522112098284939719838943229029456606672741370 z= 2 ? lol. of course that wont work. its not real rsz why this not work ? replace base pooint and "i" in cangaroo and you take "i" were finder k,after put "i" to your formula.... ![Huh](https://bitcointalk.org/Smileys/default/huh.gif) this is work, jast enother way of using cangaroo and bsgs search try with your real 6 weeks search rsz, and tall what time was need to find k with cuda bsgs or cuda kangaroo ? thx ps this is work, bro ![Wink](https://bitcointalk.org/Smileys/default/wink.gif)
|
[
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 17, 2024, 01:13:45 AM |
|
@Krashfire, do you have any new findings ?
|
[
|
|
|
dexizer7799
Newbie
Offline
Activity: 30
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 18, 2024, 02:26:38 PM |
|
import random p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
E = EllipticCurve(GF(p), [0, 7])
G = E.point( (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)) # Base point
r=0x s=0x z=0x
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y) def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise Exception('modular inverse does not exist')
else:
return x % m def make_public(r,s,z): R = E.lift_x(Integer(r)) w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) #R=u1*G + u2*public_key #pub= R*modinv(u2,n) - u1*modinv(u2,n)%n u_n2=modinv(u2,n)%n u_n1=- u1*modinv(u2,n)%n pub=u_n1*G + u_n2*R pub2=u_n1*G + u_n2*(-R) return pub,pub2
def verify(r, s,z,public_key): w = int(modinv(s, n)) u1 = int((z * w) % n) u2 = int((r * w) % n) D=u1*G + u2*public_key x,y=D.xy() x=int(x)
if (r % n) == (x % n): print( "signature matches") else: print("invalid signature") def calc_u(r,s,z): mod_s= modinv(s,n)%n u1=mod_s*z%n u2=mod_s*r%n print("u1==",u1,"n-u1=",n-u1) print("u2==",u2,"n-u2=",n-u2) return u1,u2 u1, u2 = calc_u(r,s,z) pub1,pub2=make_public(r,s,z)
print("public_key1",pub1) print("pub1_x=",hex(pub1.xy()[0])) print("public_key2",pub2) print("pub2_x=",hex(pub2.xy()[0])) verify(r,s,z,pub1) verify(r,s,z,pub2) print()
# Find the real mod n for k and K nonce # Loop to search for k in hexadecimal for i in range(0, n): k = (r * i + z) * modinv(s, n) % n R = E.lift_x(Integer(r)) P = k * G print("K:", hex(P.xy()[0])) # Print the x-coordinate of K in hexadecimal if hex(P.xy()[0]) == hex(r): print("Found real k:", hex(P.xy()[0])) # Print the real k in hexadecimal break
i just updated the code in sagemath. error again, I try remove error, same error: k = ((r * i%n + z%n)%n * modinv(s, n) % n)%n File "sage/structure/element.pyx", line 1921, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13675) File "sage/structure/coerce.pyx", line 1167, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (build/cythonized/sage/structure/coerce.c:9612) File "sage/structure/element.pyx", line 1919, in sage.structure.element.Element.__mod__ (build/cythonized/sage/structure/element.c:13640) File "sage/structure/element.pyx", line 1954, in sage.structure.element.Element._mod_ (build/cythonized/sage/structure/element.c:13933) TypeError: unsupported operand parent(s) for %: 'Symbolic Ring' and 'Symbolic Ring' that's impossible. Have you insert your rsz? I did with 3 different sets of rsz. The signature verified. And the code works. im use this rsz bro: r= 115780575977492633039504758427830329241728645270042306223540962614150928364886 s= 115784413730767153834193500621449522112098284939719838943229029456606672741370 z= 2 ? lol. of course that wont work. its not real rsz why this not work ? replace base pooint and "i" in cangaroo and you take "i" were finder k,after put "i" to your formula.... ![Huh](https://bitcointalk.org/Smileys/default/huh.gif) this is work, jast enother way of using cangaroo and bsgs search try with your real 6 weeks search rsz, and tall what time was need to find k with cuda bsgs or cuda kangaroo ? thx ps this is work, bro ![Wink](https://bitcointalk.org/Smileys/default/wink.gif) Hi sir I want to try your code with these rsz 1: r = 0x57a463b8ac30f2ed36767d5ccabf04fbe29c94b054b4309996f086556428c748 s = 0x5a4c7e96159688e8cd2525a3230ec5184597d6cfbaf037ca5815fa01097f67cc z = 0xa37f38a2db651ba57f68ef4d0ac297e732d0eb3954bb85ac069569f9b372daa0 2: r = 0x4f7f2657387cf1fef8152e2bbd39f153ee235e1f46294fded0d42dacbbe7ea s = 0x430773be7ebda7fba5ed2f829e9b47a7f92d526905c250780f044ed860de0786 z = 0x76757e4b29801bbb747a125c0bb6752feeeabd84c58fe3dd71e94eed3839dfaa Can you help me with script to find private keys from these rsz.
|
|
|
|
jacky19790729
Jr. Member
Offline
Activity: 71
Merit: 8
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 18, 2024, 04:06:26 PM |
|
Hi sir I want to try your code with these rsz 1: r = 0x57a463b8ac30f2ed36767d5ccabf04fbe29c94b054b4309996f086556428c748 s = 0x5a4c7e96159688e8cd2525a3230ec5184597d6cfbaf037ca5815fa01097f67cc z = 0xa37f38a2db651ba57f68ef4d0ac297e732d0eb3954bb85ac069569f9b372daa0 2: r = 0x4f7f2657387cf1fef8152e2bbd39f153ee235e1f46294fded0d42dacbbe7ea s = 0x430773be7ebda7fba5ed2f829e9b47a7f92d526905c250780f044ed860de0786 z = 0x76757e4b29801bbb747a125c0bb6752feeeabd84c58fe3dd71e94eed3839dfaa Can you help me with script to find private keys from these rsz.
These 2 sets of r,s,z use different public keys...the private keys must also be different.. 1: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e 2: 0x000000000000000000000000000000000000000000000001a838b13505b26867
|
|
|
|
COBRAS
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 888
Merit: 22
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 18, 2024, 04:14:41 PM |
|
Hi sir I want to try your code with these rsz 1: r = 0x57a463b8ac30f2ed36767d5ccabf04fbe29c94b054b4309996f086556428c748 s = 0x5a4c7e96159688e8cd2525a3230ec5184597d6cfbaf037ca5815fa01097f67cc z = 0xa37f38a2db651ba57f68ef4d0ac297e732d0eb3954bb85ac069569f9b372daa0 2: r = 0x4f7f2657387cf1fef8152e2bbd39f153ee235e1f46294fded0d42dacbbe7ea s = 0x430773be7ebda7fba5ed2f829e9b47a7f92d526905c250780f044ed860de0786 z = 0x76757e4b29801bbb747a125c0bb6752feeeabd84c58fe3dd71e94eed3839dfaa Can you help me with script to find private keys from these rsz.
These 2 sets of r,s,z use different public keys...the private keys must also be different.. 1: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e 2: 0x000000000000000000000000000000000000000000000001a838b13505b26867 oh f-k, you really find privkeys? you use kangaroo multy gpu from GL or keyhunt ? ![Grin](https://bitcointalk.org/Smileys/default/grin.gif)
|
[
|
|
|
jacky19790729
Jr. Member
Offline
Activity: 71
Merit: 8
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 18, 2024, 04:27:45 PM |
|
oh f-k, you really find privkeys? you use kangaroo multy gpu from GL or keyhunt ? ![Grin](https://bitcointalk.org/Smileys/default/grin.gif) use Google .......so I find 2 private key from his 2 rsz 1: D:\python\bitcoin_rsz>python getz_input.py -txid a37f2f87bd371d621178605a79062010298c31fc884ed966a2041684eb8198f1 Starting Program... ====================================================================== [Input Index #: 0] R: 57a463b8ac30f2ed36767d5ccabf04fbe29c94b054b4309996f086556428c748 S: 5a4c7e96159688e8cd2525a3230ec5184597d6cfbaf037ca5815fa01097f67cc Z: a37f38a2db651ba57f68ef4d0ac297e732d0eb3954bb85ac069569f9b372daa0 PubKey: 02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9 2: puzzle #65 D:\python\bitcoin_rsz>python getz_input.py -txid 65c7e5cbff719ff7fd32645b777cb20b69db513f1cd6a064dfcc95b69ad77acc Starting Program... ====================================================================== [Input Index #: 0] R: 4f7f2657387cf1fef8152e2bbd39f153ee235e1f46294fded0d42dacbbe7ea S: 430773be7ebda7fba5ed2f829e9b47a7f92d526905c250780f044ed860de0786 Z: 76757e4b29801bbb747a125c0bb6752feeeabd84c58fe3dd71e94eed3839dfaa PubKey: 0230210c23b1a047bc9bdbb13448e67deddc108946de6de639bcc75d47c0216b1b
|
|
|
|
dexizer7799
Newbie
Offline
Activity: 30
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
April 18, 2024, 04:29:36 PM |
|
oh f-k, you really find privkeys? you use kangaroo multy gpu from GL or keyhunt ? ![Grin](https://bitcointalk.org/Smileys/default/grin.gif) use Google .......so I find 2 private key from his 2 rsz 1: D:\python\bitcoin_rsz>python getz_input.py -txid a37f2f87bd371d621178605a79062010298c31fc884ed966a2041684eb8198f1 Starting Program... ====================================================================== [Input Index #: 0] R: 57a463b8ac30f2ed36767d5ccabf04fbe29c94b054b4309996f086556428c748 S: 5a4c7e96159688e8cd2525a3230ec5184597d6cfbaf037ca5815fa01097f67cc Z: a37f38a2db651ba57f68ef4d0ac297e732d0eb3954bb85ac069569f9b372daa0 PubKey: 02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9 2: puzzle #65 D:\python\bitcoin_rsz>python getz_input.py -txid 65c7e5cbff719ff7fd32645b777cb20b69db513f1cd6a064dfcc95b69ad77acc Starting Program... ====================================================================== [Input Index #: 0] R: 4f7f2657387cf1fef8152e2bbd39f153ee235e1f46294fded0d42dacbbe7ea S: 430773be7ebda7fba5ed2f829e9b47a7f92d526905c250780f044ed860de0786 Z: 76757e4b29801bbb747a125c0bb6752feeeabd84c58fe3dd71e94eed3839dfaa PubKey: 0230210c23b1a047bc9bdbb13448e67deddc108946de6de639bcc75d47c0216b1b Ok but how can I find these rsz with this script very fast?
|
|
|
|
|