COBRAS (OP)
Member
 Offline
Activity: 1019
Merit: 24
|
 |
May 17, 2024, 04:27:40 AM |
|
Nonce r from rsz is a X coodinate of publickbkey with privkey = nonce(k), is exact is a privkey of nonce pubkey R.
Nonce pubkey is calculatevin sage
R =E.Lift_x(r)
R / k = G
Question, what is a formula of r from rsz ?
Someone understand how to find k from rsz+ pubkey +...... ?
One of way for finding k , I think is disassemble a Lift_x function. IF this function not a simple calculation of seco256k1 formula of point coordinates with given X maybe has a way to solve
|
[
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
May 17, 2024, 04:50:48 PM |
|
You are posting nonce here
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
whanau
Member
Offline
Activity: 121
Merit: 36
|
|
May 17, 2024, 07:18:27 PM |
|
Here are your options. def extended_gcd(aa, bb):
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient*x, x
y, lasty = lasty - quotient*y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)
def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
# Control
# R = 0x00d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
# S = 0x0044e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
# Z = 0x00c0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
# X = 0x00c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96
# K = 0x007a1a7e52797fc8caaa435d2a4dace39158504bf204fbe19f14dbb427faee50ae
R = 0x007e6a9ba2cb33641246c5eb873d4ac35c6c9b0e24414789197e7ab7a1755c03e3
S = 0x00f5e5d215c56968f04f950044f89e056d8f7d637af698671d003e5be5f36c80c8
Z = 0x00a9327aba1cbc6180ef2ccd7263f9cccee589c6470c9bd0be27775e4339917daa
X = 0x00b468ebc8d97677f6fa98a2c5c1b55d5249632b655f1a9ac46736f4cfa7b7c12f
K = 0x0023f930da5ee9fd50a92fbb690803f799819647c800d173ffae062699fe59ae22
# proving R = (((S * K) - Z) / X) % N
print('R ' + hex((((S * K) - Z) * modinv(X, N)) % N))
# proving S = ((Z + (X * R)) / K) % N
print('S ' + hex(((Z + (X * R)) * modinv(K, N)) % N))
# proving Z = ((S * K) - (X * R)) % N
print('Z ' + hex(((S * K) - (X * R)) % N) + '\n')
# proving X = (((S * K) - Z) / R) % N
print('X ' + hex((((S * K) - Z) * modinv(R, N)) % N))
# proving K = ((Z + (X * R)) / S) % N
print('K ' + hex(((Z + (X * R)) * modinv(S, N)) % N) + '\n')
I am sure more mathematically minded people can offer alternate arrangements. |
|
|
|
|
jacky19790729
Jr. Member
Offline
Activity: 82
Merit: 8
|
|
May 17, 2024, 07:40:43 PM
Last edit: May 17, 2024, 07:53:09 PM by jacky19790729 |
|
Nonce r from rsz is a X coodinate of publickbkey with privkey = nonce(k), is exact is a privkey of nonce pubkey R.
r from k , not X coodinate of publickbkey with private key Someone understand how to find k from rsz+ pubkey +...... ?
find k must know rsz + private key pvk = (inv(r) * ( (k*s)-z ) ) % N k = (inv(s) * ( z + r * pvk ) ) % N s = (inv(k) * ( z + r * pvk) ) % N r = (inv(pvk) * ((k * s) - z ) ) % N if r,s,z is the same, private key and k can be any combination ( 2^256 * 2^256 )
r = 0xA0006BD73C2E587208D8A2BFDD3E650DC0307C6B6AFBFADA5A8434FBDF7FB6BE
z = 0x262316F1036B81F49DD1CA1891F1511C413E979FE87228E16D7F92CFF1E2619F
s = 0x302F58A8EE90236BE885CA8599666CA901097B7CAF1BF5D035B38EC06EB63AB8
The following are k and private keys, which can match the same group of r s z above
pvk = 0x0000000000000000000000000000000000011111111111111111111111111111
k = 0x6F66F604CDDE541F77A221AD403624084DCFED9D4E207CDDA1936511E1556933
pvk = 0000000000000000000000000000000000011111111111111111111111111112
k = 0xAFEDFACCD5489DBE4CDEA4BFEECAEC51D472169F5F86E59100B4182664BB584E
pvk = 0000000000000000000000000000000000011111111111111111111111111113
k = 0xF074FF94DCB2E75D221B27D29D5FB49B5B143FA170ED4E445FD4CB3AE8214769
...
...
...
There are 2^256 * 2^256 possibilities
|
|
|
|
|
COBRAS (OP)
Member
Offline
Activity: 1019
Merit: 24
|
|
May 17, 2024, 09:12:04 PM
Last edit: May 17, 2024, 11:01:42 PM by COBRAS |
|
Nonce r from rsz is a X coodinate of publickbkey with privkey = nonce(k), is exact is a privkey of nonce pubkey R.
r from k , not X coodinate of publickbkey with private key Someone understand how to find k from rsz+ pubkey +...... ?
find k must know rsz + private key pvk = (inv(r) * ( (k*s)-z ) ) % N k = (inv(s) * ( z + r * pvk ) ) % N s = (inv(k) * ( z + r * pvk) ) % N r = (inv(pvk) * ((k * s) - z ) ) % N if r,s,z is the same, private key and k can be any combination ( 2^256 * 2^256 )
r = 0xA0006BD73C2E587208D8A2BFDD3E650DC0307C6B6AFBFADA5A8434FBDF7FB6BE
z = 0x262316F1036B81F49DD1CA1891F1511C413E979FE87228E16D7F92CFF1E2619F
s = 0x302F58A8EE90236BE885CA8599666CA901097B7CAF1BF5D035B38EC06EB63AB8
The following are k and private keys, which can match the same group of r s z above
pvk = 0x0000000000000000000000000000000000011111111111111111111111111111
k = 0x6F66F604CDDE541F77A221AD403624084DCFED9D4E207CDDA1936511E1556933
pvk = 0000000000000000000000000000000000011111111111111111111111111112
k = 0xAFEDFACCD5489DBE4CDEA4BFEECAEC51D472169F5F86E59100B4182664BB584E
pvk = 0000000000000000000000000000000000011111111111111111111111111113
k = 0xF074FF94DCB2E75D221B27D29D5FB49B5B143FA170ED4E445FD4CB3AE8214769
...
...
...
There are 2^256 * 2^256 possibilities
You data with incorrect nonce, because you have different nonce with one r. For correct nonce k * G = P(r, y ). This is a example for nonce, I not need d and z for finding nonce. Ttry too, calculate nonce with s= 1 and z = 0 ? Do you have same result for k ? My next 3 messages will be a examples of my calcs. Ecamples with some of my technical result, need read first example , then next 2veill be simple for readings. |
[
|
|
|
COBRAS (OP)
Member
Offline
Activity: 1019
Merit: 24
|
|
May 17, 2024, 11:02:41 PM
Last edit: May 17, 2024, 11:54:28 PM by COBRAS |
|
nonce = 12345678
('r', 91699739317935258627372771550459504326006289891191381848862551863464593478869, 'cabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5')
('s', 22470372326531182916048759846739219230161803771746602100872838172795117428239, '31adc7b06b05e7d950c11e0c4e2f0cca182f72924d7fdea9fdff5c29ee7ede0f')
('z', 77933714094255861201447687678278381229091537417560707361169638023191559091456, 'ac4ceb44a4ae896158c14566b2523afbb0e257fd40af4fccddc95a922efb3500')
('r/ i', 7427679493822474442260098760915318245462605609120161877611140665054166L, 73926912313746221600422969923536397027686634004140167227457792625513198349354)
('G', (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1))
!!!! THIS IS A R = E.Lift_x(r) result:
also R = nonce * G. X coordinate if point R = r, secret of R = nonce
('R', (91699739317935258627372771550459504326006289891191381848862551863464593478869 : 79450615476943552632377782025199242003620925313220596427418775135908257610356 : 1))
('R/ r', (91413277307999602576679348036317809691089147061819652700440218480920854650493 : 94705172691527202884959487452335115481820880277158595931101427379039202433953 : 1))
('G * r', (95231593988530263025268019993470436341492878349759617261352084706098574401879 : 76003703190188366910194155426503499416926170925285666609448074121165638884991 : 1))
!!!!!!!!
('G * i' = ,R, (91699739317935258627372771550459504326006289891191381848862551863464593478869 : 79450615476943552632377782025199242003620925313220596427418775135908257610356 : 1), NONCE =12345678 = i, for find nonce need find privkey of P(r,y)
!!!!!!!!
('R / i = G !!!', (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1))
('G*r*i', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('R*r', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
|
[
|
|
|
COBRAS (OP)
Member
Offline
Activity: 1019
Merit: 24
|
|
May 17, 2024, 11:05:05 PM |
|
This is code with s= 1, z= 0. Nonce is a equal to nonce with original s, z.
('r', 91699739317935258627372771550459504326006289891191381848862551863464593478869, 'cabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5')
('s', 1, '1')
('z', 0, '0')
('r/ i', 7427679493822474442260098760915318245462605609120161877611140665054166L, 73926912313746221600422969923536397027686634004140167227457792625513198349354)
('G', (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1))
('R', (91699739317935258627372771550459504326006289891191381848862551863464593478869 : 79450615476943552632377782025199242003620925313220596427418775135908257610356 : 1))
('R/ r', (91413277307999602576679348036317809691089147061819652700440218480920854650493 : 94705172691527202884959487452335115481820880277158595931101427379039202433953 : 1))
('G * r', (95231593988530263025268019993470436341492878349759617261352084706098574401879 : 76003703190188366910194155426503499416926170925285666609448074121165638884991 : 1))
('G * i', (91699739317935258627372771550459504326006289891191381848862551863464593478869 : 79450615476943552632377782025199242003620925313220596427418775135908257610356 : 1), 12345678)
('R / i = G !!!', (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1))
('G*r*i', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('G*r*i', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('R*r', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('PUBKEY', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('K(pubkey)', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('BP', (95231593988530263025268019993470436341492878349759617261352084706098574401879 : 76003703190188366910194155426503499416926170925285666609448074121165638884991 : 1))
('BP*i', (23694944965155815005806370254050820897870832455751014086648068325374125183769 : 72770318354597575747088143555334990101737712002921675232392745277748862830172 : 1))
('stride', 91699739317935258627372771550459504326006289891191381848862551863464593478869, 'hex r', 'cabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5', 'r %n:', 'cabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5')
('start range', 0)
yes!!!
('Found real k:', 12345678, 'i', 'i%n', 12345678, 'hex i%n', 'bc614e')
('i / stride', 102841846352306188226513951450991021872527204226560155635918443861399890536377)
|
[
|
|
|
COBRAS (OP)
Member
Offline
Activity: 1019
Merit: 24
|
|
May 17, 2024, 11:05:54 PM |
|
Now I not use original s and z , s= 1 because calcs of modular invercion give me error then modinv(0) and noot need edit all code for remove s and z from formulas:
nonce = 6
('r', 115780575977492633039504758427830329241728645270042306223540962614150928364886, 'fff97bd5755eeea420453a14355235d382f6472f8568a18b2f057a1460297556')
('s', 1, '1')
('z', 0, '0')
('r/ i', 19296762662915438839917459737971721540288107545007051037256827102358488060814L, 96491488821126235788964783077096993442179817064390320625660269196703929057039)
('G', (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1))
('R', (115780575977492633039504758427830329241728645270042306223540962614150928364886 : 78735063515800386211891312544505775871260717697865196436804966483607426560663 : 1))
('R/ r', (64539638574909914201464920709490791805550015061929458491040650138133077991612 : 24843128135812653164374146652732983116575858545376386173522986212406802597247 : 1))
('G * r', (35671562626417242553516379018837644888384153781026704107247909605250122925475 : 24854100414953353366925262716821661496591256177379627589485089065011822957733 : 1))
('G * i', (115780575977492633039504758427830329241728645270042306223540962614150928364886 : 78735063515800386211891312544505775871260717697865196436804966483607426560663 : 1), 6)
('R / i = G !!!', (55066263022277343669578718895168534326250603453777594175500187360389116729240 : 32670510020758816978083085130507043184471273380659243275938904335757337482424 : 1))
('G*r*i', (83713544949310621073111602184378347401653653711846647537453958918525557556 : 15567843838197501364772534451023699018524046327927424384426971674530257773251 : 1))
('R*r', (83713544949310621073111602184378347401653653711846647537453958918525557556 : 15567843838197501364772534451023699018524046327927424384426971674530257773251 : 1))
('PUBKEY', (83713544949310621073111602184378347401653653711846647537453958918525557556 : 15567843838197501364772534451023699018524046327927424384426971674530257773251 : 1))
('K(pubkey)', (83713544949310621073111602184378347401653653711846647537453958918525557556 : 15567843838197501364772534451023699018524046327927424384426971674530257773251 : 1))
('BP', (35671562626417242553516379018837644888384153781026704107247909605250122925475 : 24854100414953353366925262716821661496591256177379627589485089065011822957733 : 1))
('BP*i', (83713544949310621073111602184378347401653653711846647537453958918525557556 : 15567843838197501364772534451023699018524046327927424384426971674530257773251 : 1))
('stride', 115780575977492633039504758427830329241728645270042306223540962614150928364886, 'hex r', 'fff97bd5755eeea420453a14355235d382f6472f8568a18b2f057a1460297556', 'r %n:', 'fff97bd5755eeea420453a14355235d382f6472f8568a18b2f057a1460297556')
('start range', 0)
yes!!!
('Found real k:', 6, 'i', 'i%n', 6, 'hex i%n', '6')
('i / stride', 92881243615770048638449299342474665533833408430538685617041630338404606509534)
|
[
|
|
|
COBRAS (OP)
Member
Offline
Activity: 1019
Merit: 24
|
|
May 17, 2024, 11:08:09 PM
Last edit: May 17, 2024, 11:41:36 PM by COBRAS |
|
Then @Krashfire find his nonce in 6 month, looks like he find I like in my calcs, but then he put small finded i to firmukas with z,s, modinv of s,z yes he get a nonce 256 bit, maybe I not right but finding 256 bit in 6 monts is imposible...
Tank you all for yours formulas,
I think formulas of k without point is , maybe interesting if replace x to 1 and see what's is going on....
Any more ideas ?
|
[
|
|
|
COBRAS (OP)
Member
Offline
Activity: 1019
Merit: 24
|
|
May 18, 2024, 05:05:14 AM |
|
Here are your options. def extended_gcd(aa, bb):
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient*x, x
y, lasty = lasty - quotient*y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)
def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
# Control
# R = 0x00d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
# S = 0x0044e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
# Z = 0x00c0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
# X = 0x00c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96
# K = 0x007a1a7e52797fc8caaa435d2a4dace39158504bf204fbe19f14dbb427faee50ae
R = 0x007e6a9ba2cb33641246c5eb873d4ac35c6c9b0e24414789197e7ab7a1755c03e3
S = 0x00f5e5d215c56968f04f950044f89e056d8f7d637af698671d003e5be5f36c80c8
Z = 0x00a9327aba1cbc6180ef2ccd7263f9cccee589c6470c9bd0be27775e4339917daa
X = 0x00b468ebc8d97677f6fa98a2c5c1b55d5249632b655f1a9ac46736f4cfa7b7c12f
K = 0x0023f930da5ee9fd50a92fbb690803f799819647c800d173ffae062699fe59ae22
# proving R = (((S * K) - Z) / X) % N
print('R ' + hex((((S * K) - Z) * modinv(X, N)) % N))
# proving S = ((Z + (X * R)) / K) % N
print('S ' + hex(((Z + (X * R)) * modinv(K, N)) % N))
# proving Z = ((S * K) - (X * R)) % N
print('Z ' + hex(((S * K) - (X * R)) % N) + '\n')
# proving X = (((S * K) - Z) / R) % N
print('X ' + hex((((S * K) - Z) * modinv(R, N)) % N))
# proving K = ((Z + (X * R)) / S) % N
print('K ' + hex(((Z + (X * R)) * modinv(S, N)) % N) + '\n')
I am sure more mathematically minded people can offer alternate arrangements. This dcrypt calcs incorrect for your rsz in code and for my rsz too ... |
[
|
|
|
jacky19790729
Jr. Member
Offline
Activity: 82
Merit: 8
|
|
May 18, 2024, 12:34:52 PM
Last edit: May 20, 2024, 04:32:35 PM by jacky19790729 |
|
This dcrypt calcs incorrect for your rsz in code and for my rsz too ...
Try it Example, find signing secret. https://rawcdn.githack.com/nlitsme/bitcoinexplainer/aa50e86e8c72c04a7986f5f7c43bc2f98df94107/ecdsacrack.htmlMy RSZ, K , Private Key is correct r = 0xA0006BD73C2E587208D8A2BFDD3E650DC0307C6B6AFBFADA5A8434FBDF7FB6BE
z = 0x262316F1036B81F49DD1CA1891F1511C413E979FE87228E16D7F92CFF1E2619F
s = 0x302F58A8EE90236BE885CA8599666CA901097B7CAF1BF5D035B38EC06EB63AB8
The following are k and private keys, which can match the same group of rsz above
pvk = 0x0000000000000000000000000000000000011111111111111111111111111111
k = 0x6F66F604CDDE541F77A221AD403624084DCFED9D4E207CDDA1936511E1556933
pvk = 0000000000000000000000000000000000011111111111111111111111111112
k = 0xAFEDFACCD5489DBE4CDEA4BFEECAEC51D472169F5F86E59100B4182664BB584E
pvk = 0000000000000000000000000000000000011111111111111111111111111113
k = 0xF074FF94DCB2E75D221B27D29D5FB49B5B143FA170ED4E445FD4CB3AE8214769
 |
|
|
|
|
|
