RetiredCoder (OP)
Full Member
 Offline
Activity: 131
Merit: 120
No pain, no gain!
|
 |
December 15, 2024, 11:25:42 AM |
|
Same K or weak K would be too easy  This riddle is just one step more complex. |
|
|
|
Baskentliia
Jr. Member
Offline
Activity: 75
Merit: 1
|
|
December 15, 2024, 11:39:03 AM |
|
Guys, I'm bored today again, so let's have some fun: a mini-puzzle for puzzle #130. As you requested, this time it's a bit more challenging Message: Anything one man can imagine, other men can make real Signature: IIONt3uYHbMh+vUnqDBGHP2gGu1Q2Fw0WnsKj05eT9P8KI2kGgPniiPirCd5IeLRnRdxeiehDxxsyn/VujUaX8o= There is about 700$ in BCH there, so hurry up! And thanks to creator of original puzzles (Satoshi??) for a lot of fun! PS. No BS here please, I will remove it. PPS. For history, previous mini-puzzle is here: https://bitcointalk.org/index.php?topic=5518896I tried every way but couldn't find it. Maybe you need another hint, tip or something different. |
|
|
|
|
K0rvexX
Newbie
Offline
Activity: 21
Merit: 0
|
|
December 15, 2024, 11:40:26 AM |
|
I shouldn't have skipped math courses in college  |
|
|
|
|
K0rvexX
Newbie
Offline
Activity: 21
Merit: 0
|
|
December 15, 2024, 11:48:40 AM |
|
I think I see what you're pointing to, I'm just trying to make sense of how it could be implemented in such context  Same K or weak K would be too easy This riddle is just one step more complex. |
|
|
|
|
Hoesis.USA
Jr. Member
Offline
Activity: 54
Merit: 1
|
|
December 15, 2024, 11:55:37 AM |
|
still working to solve but maybe need a new hint |
https://github.com/ufodia
|
|
|
|
kTimesG
|
|
December 15, 2024, 12:37:24 PM |
|
Yes, you should have some understanding of ECDSA signature vulnerabilities.
2 most common vulnerabilities are repetitions of K for the same private key and weak K We have only 2 signed messages and their signature r does not match, only the weak K remains. I checked 02/03838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc in the 80-bit range it is not there. sha256 from the message also does not reveal r, as well as double hashing. The rabbit hole is too deep. I'm tired)) 6 signatures in total, not only 2, you find another 4 on the blockchain LLL ?! 7 |
Off the grid, training pigeons to broadcast signed messages.
|
|
|
|
kTimesG
|
|
December 15, 2024, 12:55:16 PM |
|
Yes, you should have some understanding of ECDSA signature vulnerabilities.
2 most common vulnerabilities are repetitions of K for the same private key and weak K We have only 2 signed messages and their signature r does not match, only the weak K remains. I checked 02/03838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc in the 80-bit range it is not there. sha256 from the message also does not reveal r, as well as double hashing. The rabbit hole is too deep. I'm tired)) 6 signatures in total, not only 2, you find another 4 on the blockchain LLL ?! 7 Enlighten us please, 2 been here on the forum, another 4 can be extracted from the withdrawal tx, which is he 7th?! The one that allowed the private key to be searched, e.g. the first tx out. |
Off the grid, training pigeons to broadcast signed messages.
|
|
|
K0rvexX
Newbie
Offline
Activity: 21
Merit: 0
|
|
December 15, 2024, 12:56:40 PM |
|
Yes, you should have some understanding of ECDSA signature vulnerabilities.
2 most common vulnerabilities are repetitions of K for the same private key and weak K We have only 2 signed messages and their signature r does not match, only the weak K remains. I checked 02/03838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc in the 80-bit range it is not there. sha256 from the message also does not reveal r, as well as double hashing. The rabbit hole is too deep. I'm tired)) 6 signatures in total, not only 2, you find another 4 on the blockchain LLL ?! 7 Enlighten us please, 2 been here on the forum, another 4 can be extracted from the withdrawal tx, which is he 7th?! there is a 5th transaction, rtx4 = 0x9fca00d29192007648f7e4b525f15a00a5180833617a604ec6701833eb26e580 stx4 = 0x1f5ff38219a72080f77534b735badbcf57f503a33e91935ee7a859387abf5483 but tbh, i don't think these are leading anywhere |
|
|
|
|
RetiredCoder (OP)
Full Member
Offline
Activity: 131
Merit: 120
No pain, no gain!
|
|
December 15, 2024, 01:09:39 PM |
|
No rude messages here, I remove them.
|
|
|
|
Hoesis.USA
Jr. Member
Offline
Activity: 54
Merit: 1
|
|
December 15, 2024, 01:15:38 PM |
|
Signature parsing:
Signature length: 65 bytes
Raw signature (hex): 20838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc288da41a03e78 a23e2ac277921e2d19d17717a27a10f1c6cca7fd5ba351a5fca
Message hash calculation:
Message: Anything one man can imagine, other men can make real
Prefix: 18426974636f696e205369676e6564204d6573736167653a0a
Message length: 53
First hash: 9da32d658cb47aa5cc319124c5ec371d8ba0409601d7ab4f05a211cc7017cdfb
Final hash: 9233d997d01ccf4b46187b215819354f107e76d9c27968bc460e4463334ee7c3
Initial values:
r: 838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc
s: 288da41a03e78a23e2ac277921e2d19d17717a27a10f1c6cca7fd5ba351a5fca
z: 9233d997d01ccf4b46187b215819354f107e76d9c27968bc460e4463334ee7c3
rzs values of the last transaction of 130:
Input #1
Signature: 304402201b6ab2549e885f738c89d8d57536e1a73cbeb9378630bb78e216b9b67f870eed022051c 726a81cb1eef5396652f2d20187ca7be319d712501ba145a7ad6c0abdc4a901
Signature R: 12400963492795392609031341807807154052760050202284245305715860805371845611245
Signature S: 36989210099789635796490701234231128519696772485070775735202446327584128877737
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
Input #2
Signature: 3044022072eb5d544fffa7db8bb197e0325c04ae275aa59f3698356ec259bb2efc5a2b3002203c2 a50a80b05550a0af8f5b61006dea217630123b61ce3bfc391ef29286904ed01
Signature R: 51979517934185901849206199432340111907050158889583335884026970420978141244208
Signature S: 27213535161856087512477033219129420417229300877918670259420027749344513426669
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
Input #3
Signature: 304402201a4f32a50802cf0d934af5fb73d96f097f39370124672c2fdea465ed99950b8402202a0 b1ae7ec8b1f570c174c03a3fb90282583b52463954cc3da6633de142693f501
Signature R: 11900064517834611874804658129846530803853420224485460010867370709356878564228
Signature S: 19016760656273379684391398396725025995624320131971786756459942660729832117237
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
Input #4
Signature: 304402205ad3dea7329c9c3b1af267d4f2ef9cbd7806e31b2a67c733659ece873d4281030220597 007c96a01d437054d33432b40e7c8000508dd1b883b68fdeccf523ac4804a01
Signature R: 41082497798492335280966935563959884126225476228116080597459676273135856025859
Signature S: 40453784137503450550606654749659246286277897343701030255267246155381839528010
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
but trying to find a way to solve
|
https://github.com/ufodia
|
|
|
K0rvexX
Newbie
Offline
Activity: 21
Merit: 0
|
|
December 15, 2024, 01:18:21 PM |
|
Signature parsing:
Signature length: 65 bytes
Raw signature (hex): 20838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc288da41a03e78 a23e2ac277921e2d19d17717a27a10f1c6cca7fd5ba351a5fca
Message hash calculation:
Message: Anything one man can imagine, other men can make real
Prefix: 18426974636f696e205369676e6564204d6573736167653a0a
Message length: 53
First hash: 9da32d658cb47aa5cc319124c5ec371d8ba0409601d7ab4f05a211cc7017cdfb
Final hash: 9233d997d01ccf4b46187b215819354f107e76d9c27968bc460e4463334ee7c3
Initial values:
r: 838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc
s: 288da41a03e78a23e2ac277921e2d19d17717a27a10f1c6cca7fd5ba351a5fca
z: 9233d997d01ccf4b46187b215819354f107e76d9c27968bc460e4463334ee7c3
rzs values of the last transaction of 130:
Input #1
Signature: 304402201b6ab2549e885f738c89d8d57536e1a73cbeb9378630bb78e216b9b67f870eed022051c 726a81cb1eef5396652f2d20187ca7be319d712501ba145a7ad6c0abdc4a901
Signature R: 12400963492795392609031341807807154052760050202284245305715860805371845611245
Signature S: 36989210099789635796490701234231128519696772485070775735202446327584128877737
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
Input #2
Signature: 3044022072eb5d544fffa7db8bb197e0325c04ae275aa59f3698356ec259bb2efc5a2b3002203c2 a50a80b05550a0af8f5b61006dea217630123b61ce3bfc391ef29286904ed01
Signature R: 51979517934185901849206199432340111907050158889583335884026970420978141244208
Signature S: 27213535161856087512477033219129420417229300877918670259420027749344513426669
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
Input #3
Signature: 304402201a4f32a50802cf0d934af5fb73d96f097f39370124672c2fdea465ed99950b8402202a0 b1ae7ec8b1f570c174c03a3fb90282583b52463954cc3da6633de142693f501
Signature R: 11900064517834611874804658129846530803853420224485460010867370709356878564228
Signature S: 19016760656273379684391398396725025995624320131971786756459942660729832117237
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
Input #4
Signature: 304402205ad3dea7329c9c3b1af267d4f2ef9cbd7806e31b2a67c733659ece873d4281030220597 007c96a01d437054d33432b40e7c8000508dd1b883b68fdeccf523ac4804a01
Signature R: 41082497798492335280966935563959884126225476228116080597459676273135856025859
Signature S: 40453784137503450550606654749659246286277897343701030255267246155381839528010
Z value: 34486381796216883593372188881094541378252208837497351442272209263146674329520
Public Key: 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852
Public Key Hash: a24922852051a9002ebf4c864a55acb75bb4cf75
but trying to find a way to solve
we all are xd |
|
|
|
|
robertss
Newbie
Offline
Activity: 2
Merit: 0
|
|
December 15, 2024, 01:24:23 PM
Last edit: December 15, 2024, 02:12:04 PM by robertss |
|
Hi thanks for this puzzle. I read something here but i don't know if it is related or not https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/I already play with some values to just to see they are weak, but none of those works. Also try some Jules Verne references like 80 79, or even 20000. I tryt to add subtract, multiply or divide the nonce public key 03838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc with some known values and also none works. Well this is good we asked for a difficult one, thanks for that please wait for us without hints it is difficult try to think like you. Again thanks!! |
|
|
|
|
|
mcdouglasx
|
|
December 15, 2024, 02:37:21 PM |
|
Possible vulnerabilities in ecdsa:
1- use a weak nonce k.
2- sign 2 messages with the same nonce k, even if both privatekeys are different.
3- use malleability (r, - s mod N)
-For the puzzle the nonce k can also be a hash referring to the message (or something referring to the subject of the message), and if you know k you know the privatekey.
-Op could have extracted a nonce from old tx and reused it.
|
▄▄█████████████████▄▄
▄█████████████████████▄
███▀▀█████▀▀░░▀▀███████
███▄░░▀▀░░▄▄██▄░░██████
█████░░░████████░░█████
████▌░▄░░█████▀░░██████
███▌░▐█▌░░▀▀▀▀░░▄██████
███░░▌██░░▄░░▄█████████
███▌░▀▄▀░░█▄░░█████████
████▄░░░▄███▄░░▀▀█▀▀███
██████████████▄▄░░░▄███
▀█████████████████████▀
▀▀█████████████████▀▀ | Rainbet.com
CRYPTO CASINO & SPORTSBOOK | | | █▄█▄█▄███████▄█▄█▄█
███████████████████
███████████████████
███████████████████
█████▀█▀▀▄▄▄▀██████
█████▀▄▀████░██████
█████░██░█▀▄███████
████▄▀▀▄▄▀███████
█████████▄▀▄███
█████████████████
███████████████████
███████████████████
███████████████████ | | | |
▄█████████▄
█████████ ██
▄▄█░▄░▄█▄░▄░█▄▄
▀██░▐█████▌░██▀
▄█▄░▀▀▀▀▀░▄█▄
▀▀▀█▄▄░▄▄█▀▀▀
▀█▀░▀█▀
| 10K
WEEKLY
RACE | | 100K
MONTHLY
RACE | | |
██
█████
| ███████▄█
██████████▄
████████████▄▄
████▄███████████▄
██████████████████▄
░▄█████████████████▄
▄███████████████████▄
█████████████████▀████
██████████▀███████████
▀█████████████████████
░████████████████████▀
░░▀█████████████████▀
████▀▀██████████▀▀ |
████████ ██████████████ |
|
|
|
robertss
Newbie
Offline
Activity: 2
Merit: 0
|
|
December 15, 2024, 03:01:17 PM |
|
Possible vulnerabilities in ecdsa:
1- use a weak nonce k.
2- sign 2 messages with the same nonce k, even if both privatekeys are different.
3- use malleability (r, - s mod N)
....
-Op could have extracted a nonce from old tx and reused it.
well about 1, RetiredCoder already said thay it isn't weak. 2- it is not solvable unless you know one of those keys 3- can't be used here to retreive the key. Maybe a relationship between his signature and other old TX but which one???. It can be anything, who knows |
|
|
|
|
|
mcdouglasx
|
|
December 15, 2024, 03:45:03 PM |
|
Possible vulnerabilities in ecdsa:
1- use a weak nonce k.
2- sign 2 messages with the same nonce k, even if both privatekeys are different.
3- use malleability (r, - s mod N)
well about 1, RetiredCoder already said thay it isn't weak. Maybe he meant brute force, but that doesn't mean that op could have used "Jules Verne" sha as a nonce 2- it is not solvable unless you know one of those keys
example: op could have taken pk from puzzle #1 extract nonce from first tx and sign this message using the same nonce, you would get the unknown pk. 3- can't be used here to retreive the key.
Using malleability, an extra step would have to be applied to obtain the correct private key. These are all valid possible scenarios. |
▄▄█████████████████▄▄
▄█████████████████████▄
███▀▀█████▀▀░░▀▀███████
███▄░░▀▀░░▄▄██▄░░██████
█████░░░████████░░█████
████▌░▄░░█████▀░░██████
███▌░▐█▌░░▀▀▀▀░░▄██████
███░░▌██░░▄░░▄█████████
███▌░▀▄▀░░█▄░░█████████
████▄░░░▄███▄░░▀▀█▀▀███
██████████████▄▄░░░▄███
▀█████████████████████▀
▀▀█████████████████▀▀ | Rainbet.com
CRYPTO CASINO & SPORTSBOOK | | | █▄█▄█▄███████▄█▄█▄█
███████████████████
███████████████████
███████████████████
█████▀█▀▀▄▄▄▀██████
█████▀▄▀████░██████
█████░██░█▀▄███████
████▄▀▀▄▄▀███████
█████████▄▀▄███
█████████████████
███████████████████
███████████████████
███████████████████ | | | |
▄█████████▄
█████████ ██
▄▄█░▄░▄█▄░▄░█▄▄
▀██░▐█████▌░██▀
▄█▄░▀▀▀▀▀░▄█▄
▀▀▀█▄▄░▄▄█▀▀▀
▀█▀░▀█▀
| 10K
WEEKLY
RACE | | 100K
MONTHLY
RACE | | |
██
█████
| ███████▄█
██████████▄
████████████▄▄
████▄███████████▄
██████████████████▄
░▄█████████████████▄
▄███████████████████▄
█████████████████▀████
██████████▀███████████
▀█████████████████████
░████████████████████▀
░░▀█████████████████▀
████▀▀██████████▀▀ |
████████ ██████████████ |
|
|
|
K0rvexX
Newbie
Offline
Activity: 21
Merit: 0
|
|
December 15, 2024, 04:14:02 PM |
|
It's already been 24 hours and I'm starting to tweak a bit xd. I'm following a trail which I'm pretty positive would lead to the solution, just don't know how it was exactly implemented on your end or how to approach it without spending another 24 hours to a dead end.
|
|
|
|
|
Lolo54
Member
Offline
Activity: 131
Merit: 32
|
|
December 15, 2024, 04:24:32 PM |
|
compared to its first two mini puzzles this one is much less interesting in terms of difficulty/gain but that's just my opinion I spent almost 5 hours on it today to come up with no clue while the second which I saw too late was resolved in 5 minutes for me  |
|
|
|
|
RetiredCoder (OP)
Full Member
Offline
Activity: 131
Merit: 120
No pain, no gain!
|
|
December 15, 2024, 04:31:02 PM Merited by mcdouglasx (2) |
|
24 hours have passed, here is the first hint: don't take anything from the blockchain.
|
|
|
|
K0rvexX
Newbie
Offline
Activity: 21
Merit: 0
|
|
December 15, 2024, 04:32:12 PM |
|
gg, it was solved. What's the solution?
|
|
|
|
|
JDScreesh
Jr. Member
Offline
Activity: 53
Merit: 13
|
|
December 15, 2024, 04:34:14 PM |
|
Hi there Congratulations to the solver of the mini-puzzle 130 . I think I didn't was close enough  |
|
|
|
|
|
