De_to4ka
Newbie
 Offline
Activity: 7
Merit: 0
|
 |
February 11, 2025, 11:21:36 PM |
|
There have already been examples, what other proof do you need?
Reviewing their code, just to clarify, the trick seems to be that the signed message includes the nonce concatenated as part of the string. Somehow, the OP extracts the nonce from here, which allows them to derive the private key. In short, their code generates vulnerable signatures. The nonce should never be included in the message of a signature because it is a catastrophic vulnerability. def generate_signatures(self, priv, num_signatures=10):
sigs = []
for _ in range(num_signatures):
nonce = random.randrange(1, 2**BIT_RANGE)
note = str(os.urandom(25)) + str(nonce)
msg = bytes(note, 'utf-8')
private_key, public_key = self.make_keypair(priv)
r, s, z = self.sign_message(priv, msg, nonce)
sigs.append((z, r, s))
return sigs Yes, Hello I have already seen similar codes, where when generating fake signatures, a nonce is also generated. By the way, Bitcoined has shown several times that its code outputs the correct value of the private key, I have seen it myself. nonce too smal: nonce = random.randrange(1, 2**BIT_RANGE) Hi Cobras, have you talked to him, maybe you learned something interesting about this code? His code is interesting, he needs a maximum of 10 signatures and it doesn't matter if they are fake or from the blockchain and the whole work takes about 10 minutes and I think so and he doesn't need CPU, GPU, it's just some kind of happiness |
|
|
|
|
COBRAS
Member
Offline
Activity: 1131
Merit: 25
|
|
February 12, 2025, 12:00:52 AM
Last edit: February 12, 2025, 12:42:32 AM by COBRAS |
|
There have already been examples, what other proof do you need?
Reviewing their code, just to clarify, the trick seems to be that the signed message includes the nonce concatenated as part of the string. Somehow, the OP extracts the nonce from here, which allows them to derive the private key. In short, their code generates vulnerable signatures. The nonce should never be included in the message of a signature because it is a catastrophic vulnerability. def generate_signatures(self, priv, num_signatures=10):
sigs = []
for _ in range(num_signatures):
nonce = random.randrange(1, 2**BIT_RANGE)
note = str(os.urandom(25)) + str(nonce)
msg = bytes(note, 'utf-8')
private_key, public_key = self.make_keypair(priv)
r, s, z = self.sign_message(priv, msg, nonce)
sigs.append((z, r, s))
return sigs Yes, Hello I have already seen similar codes, where when generating fake signatures, a nonce is also generated. By the way, Bitcoined has shown several times that its code outputs the correct value of the private key, I have seen it myself. nonce too smal: nonce = random.randrange(1, 2**BIT_RANGE) Hi Cobras, have you talked to him, maybe you learned something interesting about this code? His code is interesting, he needs a maximum of 10 signatures and it doesn't matter if they are fake or from the blockchain and the whole work takes about 10 minutes and I think so and he doesn't need CPU, GPU, it's just some kind of happiness he tell this in groop chat in tg: Ok fine
we want to solve
d = (s*r)-z * k mod p.
i only know s, r, z and p
Can you rearange that so that we need to solve for z?
z = (s * r - d) / k mod p
Ok
nothing more Renloi:
[['0x51d65b53e0c05560ec8d8a8a26a15a5967aa642af0f5dc7ddd89d4478bc3e971', '0xaf4de1b694cd4622ffe8d8cdf5329a31c7f818c9320af86163abe8ac1600b3a8', '0xaf4de1b694cd4622ffe8d8cdf5329a31c7f818c9320af86163abe8ac1600b3a8']]
signature for puzzle 135
z, r, s is the order
S:
So u solved puzzle 135 yes ?
he start generate "valid" or real valud "sighnatures without peivkey. Maybe sach sigh work for transfer btc without orivkey maybe someone can briadcast this rsz to blockchain and try transfer 135 bit puzzle? |
[
|
|
|
|
mcdouglasx
|
|
February 12, 2025, 01:04:04 AM |
|
There have already been examples, what other proof do you need?
Reviewing their code, just to clarify, the trick seems to be that the signed message includes the nonce concatenated as part of the string. Somehow, the OP extracts the nonce from here, which allows them to derive the private key. In short, their code generates vulnerable signatures. The nonce should never be included in the message of a signature because it is a catastrophic vulnerability. def generate_signatures(self, priv, num_signatures=10):
sigs = []
for _ in range(num_signatures):
nonce = random.randrange(1, 2**BIT_RANGE)
note = str(os.urandom(25)) + str(nonce)
msg = bytes(note, 'utf-8')
private_key, public_key = self.make_keypair(priv)
r, s, z = self.sign_message(priv, msg, nonce)
sigs.append((z, r, s))
return sigs Nice observation, You are correct, But my trick works with also 256 bit random nonce if we have enough signatures There is no such trick, if I create a script in a vulnerable way I can obviously take advantage of it for my own case and context, but it is useless for bitcoin. Consequently, if you need these conditions to be met for your method to work, then no, you are not violating bitcoin, you are just checking the vulnerabilities of your own implementation of custom signatures where the nonce is concatenated to the message and uses Mersenne Twister which is well known to be cryptographically unsafe due to its ability to be predicted. A real test would be to work on signatures created using processes that comply with security standards. To start with, you can limit the nonce to 200 bits, but only that, without any other strange modifications. |
▄▄█████████████████▄▄
▄█████████████████████▄
███▀▀█████▀▀░░▀▀███████
███▄░░▀▀░░▄▄██▄░░██████
█████░░░████████░░█████
████▌░▄░░█████▀░░██████
███▌░▐█▌░░▀▀▀▀░░▄██████
███░░▌██░░▄░░▄█████████
███▌░▀▄▀░░█▄░░█████████
████▄░░░▄███▄░░▀▀█▀▀███
██████████████▄▄░░░▄███
▀█████████████████████▀
▀▀█████████████████▀▀ | Rainbet.com
CRYPTO CASINO & SPORTSBOOK | | | █▄█▄█▄███████▄█▄█▄█
███████████████████
███████████████████
███████████████████
█████▀█▀▀▄▄▄▀██████
█████▀▄▀████░██████
█████░██░█▀▄███████
████▄▀▀▄▄▀███████
█████████▄▀▄███
█████████████████
███████████████████
███████████████████
███████████████████ | | | |
▄█████████▄
█████████ ██
▄▄█░▄░▄█▄░▄░█▄▄
▀██░▐█████▌░██▀
▄█▄░▀▀▀▀▀░▄█▄
▀▀▀█▄▄░▄▄█▀▀▀
▀█▀░▀█▀
| 10K
WEEKLY
RACE | | 100K
MONTHLY
RACE | | |
██
█████
| ███████▄█
██████████▄
████████████▄▄
████▄███████████▄
██████████████████▄
░▄█████████████████▄
▄███████████████████▄
█████████████████▀████
██████████▀███████████
▀█████████████████████
░████████████████████▀
░░▀█████████████████▀
████▀▀██████████▀▀ |
████████ ██████████████ |
|
|
|
bitcoinend (OP)
Newbie
Offline
Activity: 26
Merit: 0
|
|
February 12, 2025, 09:30:49 AM |
|
There have already been examples, what other proof do you need?
Reviewing their code, just to clarify, the trick seems to be that the signed message includes the nonce concatenated as part of the string. Somehow, the OP extracts the nonce from here, which allows them to derive the private key. In short, their code generates vulnerable signatures. The nonce should never be included in the message of a signature because it is a catastrophic vulnerability. def generate_signatures(self, priv, num_signatures=10):
sigs = []
for _ in range(num_signatures):
nonce = random.randrange(1, 2**BIT_RANGE)
note = str(os.urandom(25)) + str(nonce)
msg = bytes(note, 'utf-8')
private_key, public_key = self.make_keypair(priv)
r, s, z = self.sign_message(priv, msg, nonce)
sigs.append((z, r, s))
return sigs Nice observation, You are correct, But my trick works with also 256 bit random nonce if we have enough signatures There is no such trick, if I create a script in a vulnerable way I can obviously take advantage of it for my own case and context, but it is useless for bitcoin. Consequently, if you need these conditions to be met for your method to work, then no, you are not violating bitcoin, you are just checking the vulnerabilities of your own implementation of custom signatures where the nonce is concatenated to the message and uses Mersenne Twister which is well known to be cryptographically unsafe due to its ability to be predicted. A real test would be to work on signatures created using processes that comply with security standards. To start with, you can limit the nonce to 200 bits, but only that, without any other strange modifications. Ok sure, use your own script and send me the signatures. |
|
|
|
|
cyncra
Newbie
Offline
Activity: 4
Merit: 0
|
|
February 12, 2025, 12:31:02 PM |
|
Is this nonsensical charade still ongoing?
|
|
|
|
|
COBRAS
Member
Offline
Activity: 1131
Merit: 25
|
|
February 12, 2025, 12:55:40 PM |
|
200 bit with 200 bit nonce is a not real rsz ! No secp256k1 sighnatures with this parameters
I have lattice scrypt what can crack 250 bit priv/nonce with 70 sighnatures, but he is nothing too
|
[
|
|
|
iceland2k14
Member
Offline
Activity: 70
Merit: 86
|
How is it different than Lattice Reduction method. Where for 200 bit Nonce we can solve using 7 or 8 Signatures. Leakage: 5 bit. Sigs Needed:71
Leakage:10 bit. Sigs Needed:36
Leakage:15 bit. Sigs Needed:24
Leakage:20 bit. Sigs Needed:18
Leakage:25 bit. Sigs Needed:15
Leakage:30 bit. Sigs Needed:12
Leakage:56 bit. Sigs Needed:7
|
|
|
|
|
bitcoinend (OP)
Newbie
Offline
Activity: 26
Merit: 0
|
|
February 12, 2025, 01:17:11 PM |
|
How is it different than Lattice Reduction method. Where for 200 bit Nonce we can solve using 7 or 8 Signatures. Leakage: 5 bit. Sigs Needed:71
Leakage:10 bit. Sigs Needed:36
Leakage:15 bit. Sigs Needed:24
Leakage:20 bit. Sigs Needed:18
Leakage:25 bit. Sigs Needed:15
Leakage:30 bit. Sigs Needed:12
Leakage:56 bit. Sigs Needed:7
I can do 240 bits using 10 signatures. Can lattice do that? |
|
|
|
|
COBRAS
Member
Offline
Activity: 1131
Merit: 25
|
|
February 12, 2025, 01:36:53 PM
Last edit: February 12, 2025, 01:57:20 PM by COBRAS |
|
How is it different than Lattice Reduction method. Where for 200 bit Nonce we can solve using 7 or 8 Signatures. Leakage: 5 bit. Sigs Needed:71
Leakage:10 bit. Sigs Needed:36
Leakage:15 bit. Sigs Needed:24
Leakage:20 bit. Sigs Needed:18
Leakage:25 bit. Sigs Needed:15
Leakage:30 bit. Sigs Needed:12
Leakage:56 bit. Sigs Needed:7
I can do 240 bits using 10 signatures. Can lattice do that? make 256 bit with 100 sighnatures ?) and idea make transaction hash from generated rsz without privkey and send coin, mo like me. ? and generate fake rsz and find privkey for 125 bit, will solve 135 puzle with 2^10 tryings. |
[
|
|
|
|
mcdouglasx
|
|
February 12, 2025, 07:40:06 PM
Last edit: February 12, 2025, 07:51:18 PM by mcdouglasx |
|
Ok sure, use your own script and send me the signatures.
private key and nonces capped at 200 bitscPub: 03b7e8a7bae909fd36da465e9998aaa569fed5c28c08adee43e8d5ff9533467b5e uPub: 04b7e8a7bae909fd36da465e9998aaa569fed5c28c08adee43e8d5ff9533467b5eda2eb2c4e51e0 d8b5f9a17e6ab4dd84ea691dd12c9de48313a825e9fa792bce5 [
{
"message": "33cbe63c2159ac0b82c8ef1c57636af715ab56d4639347be913ff4109eb12db8",
"r": "0x8acd71ead2616deda377fd78f8ba6f21ec899ad42ac7b5b1ca6988f0cf1e46da",
"s": "0xbee2e73f1d630963a98a97bdc622daaaa043bd50b4e44b925699c07a7f0c1549"
},
{
"message": "dd638972895045617dd8e677fee6f1738d7b08b097d53500a30251633cde122b",
"r": "0x448d6c1a42249d6cb4d790ddbb0693334198fb3d0cb9492383c9f3b1a4a93aaf",
"s": "0x3b65a88fb4c7964ee0de847fdf4fbb767f3e0e84927b8661dead02612fc3e975"
},
{
"message": "cfdff646a02dcb2393e1905d8231fcbe8b1cc7afee6f96044ecc08691a864031",
"r": "0x7975f783e33df3f429cb84c349768be9c092f8f7ad3f27034e8984233ddb6aa",
"s": "0x774246df6ce98d5ef9d3ecce44b2b4d92b5fe6f0cf7306bac36720255bab7df0"
},
{
"message": "fc1cf652696f28b52b05c833aacc7ba55ebdccf75c50b1ba575a95c24219b349",
"r": "0xa3f8aeb7969ccefe03ded5fc2083c894d02ac8522dc92cb7fa0fb3e7730d24cf",
"s": "0x6210bb3514a3803833d7a35e6d6bcc88f35e588ea49877b8553db5cdc22898aa"
},
{
"message": "e24ce8806f84f5a04bab5e264d51fc4ee0a234c58edd8ee3b9bcbe99499fa6d2",
"r": "0xd7768fe940bc3bf647ae9122f6b78d87bed705214b0a2152439456b616bf8aa9",
"s": "0x7efb25c1450292935acfe38890a9d47aa7a72271eeaf258f52478d9e58aae624"
},
{
"message": "bc1b617e402e934b5b45ee12d05d39f296b0160df0f96b1ba854707941023e78",
"r": "0x68077c36779261cba349e2a02e86ab3a2ec0b518a49c230379f0bc552cc45f7c",
"s": "0xcb96ce79e6a7e31059310cd2a8d0f6f46a80e742bbb24eca2d1e722ed42477c9"
},
{
"message": "97f65b6b9b13db18b290d8cb99605faae5ea01fe426959dbb76f899bf409438d",
"r": "0x49f7ddd51698ec98c533cbebe58e29f5580b057c153ca0c42e5ff27928954fe7",
"s": "0x5460481e0563eeb47519cb044a433d29f905a65ca6f6e2d8da50a2b7f8b226d5"
},
{
"message": "ab1439a2d29e1b8087cbe779227c8cd65892cd20240541c86da83cfbd85e2a95",
"r": "0x84ada69c8c5b387d61f816b39d65e3e4c97c1736c0164f880ce484f5f1aca949",
"s": "0x9685a56047f5695be5e79caad362adcd67cdbd3251878259340e857c19b94938"
},
{
"message": "d93cdcf3ee322661ba654266ce1bad75e0563ca6ba56534c491a1488fc980b43",
"r": "0x286c2df9b566cd00268ac094890ae176b304ed9648221841639612238ad6f5bf",
"s": "0x685154b6059e5139ee1333ab119f53c8b30520d96bcd2ca100c658ea263be25e"
},
{
"message": "ee68c2aa8d9ba4e005ee78429e80a26f3e9035fab4b938bfbd5e47c6ea042855",
"r": "0x13f0f8deb44a26472dc72f056475d4b2ce05bed1196f62751348d10ab49424ec",
"s": "0xa09f127b451160dc64a01f712a4d7ed3c6f77ea4871a57f9c84efc2a431b65b9"
}
] I can do 240 bits using 10 signatures. Can lattice do that?
|
▄▄█████████████████▄▄
▄█████████████████████▄
███▀▀█████▀▀░░▀▀███████
███▄░░▀▀░░▄▄██▄░░██████
█████░░░████████░░█████
████▌░▄░░█████▀░░██████
███▌░▐█▌░░▀▀▀▀░░▄██████
███░░▌██░░▄░░▄█████████
███▌░▀▄▀░░█▄░░█████████
████▄░░░▄███▄░░▀▀█▀▀███
██████████████▄▄░░░▄███
▀█████████████████████▀
▀▀█████████████████▀▀ | Rainbet.com
CRYPTO CASINO & SPORTSBOOK | | | █▄█▄█▄███████▄█▄█▄█
███████████████████
███████████████████
███████████████████
█████▀█▀▀▄▄▄▀██████
█████▀▄▀████░██████
█████░██░█▀▄███████
████▄▀▀▄▄▀███████
█████████▄▀▄███
█████████████████
███████████████████
███████████████████
███████████████████ | | | |
▄█████████▄
█████████ ██
▄▄█░▄░▄█▄░▄░█▄▄
▀██░▐█████▌░██▀
▄█▄░▀▀▀▀▀░▄█▄
▀▀▀█▄▄░▄▄█▀▀▀
▀█▀░▀█▀
| 10K
WEEKLY
RACE | | 100K
MONTHLY
RACE | | |
██
█████
| ███████▄█
██████████▄
████████████▄▄
████▄███████████▄
██████████████████▄
░▄█████████████████▄
▄███████████████████▄
█████████████████▀████
██████████▀███████████
▀█████████████████████
░████████████████████▀
░░▀█████████████████▀
████▀▀██████████▀▀ |
████████ ██████████████ |
|
|
|
De_to4ka
Newbie
Offline
Activity: 7
Merit: 0
|
|
February 13, 2025, 07:16:18 AM |
|
How is it different than Lattice Reduction method. Where for 200 bit Nonce we can solve using 7 or 8 Signatures. Leakage: 5 bit. Sigs Needed:71
Leakage:10 bit. Sigs Needed:36
Leakage:15 bit. Sigs Needed:24
Leakage:20 bit. Sigs Needed:18
Leakage:25 bit. Sigs Needed:15
Leakage:30 bit. Sigs Needed:12
Leakage:56 bit. Sigs Needed:7
I can do 240 bits using 10 signatures. Can lattice do that? I'm just curious that you wrote that you use fake signatures and a lattice, then you wrote that you have some other code and the lattice doesn't work here.they're definitely confusing me |
|
|
|
|
AbadomRSZ
Newbie
Offline
Activity: 32
Merit: 0
|
|
February 24, 2025, 07:45:12 PM |
|
I decided to join in the fun as well, private key and k nonce 200 bits but they were generated with my script! public_key: (100294193921211249051138660251652642324139747863533407083596980561416295326134 : 88248257669731470714700196852673878038781216985954649158849096031930923409205 : 1)
r = 0xa7a485bf6453503e924d52985c2762fca0afc214d44a15412d95baea55eae063
s = 0xe0022cc19a011734f436d7ba316003989aeab58eccf1795d407c758e820b5e91
z = 0x49a5e79978dfad44c33b7e8dc8e092ac9a0a80b01e70034f72836489988e8294
r = 0xceb399fc671d814aee808626dd5ae8f3ef0f3856741ce2d516be1b59042d0e0
s = 0x1f7c68cc3c5fc13d089e9f734581029f8fd32ab8fe8b8ee3db3f564ed59c9ae9
z = 0x131287092adc402875864067c996d676fc7230c6e240e8e3aaab4cebdc48dc3f
r = 0x6c723a1e3bec228fba03b1bfb413c2161f9d06d04f18322abba7dfe12d6dc71e
s = 0x8e728c485417c937ea98bcc6dc740b307d932971bbe3e9123754abaa98b040b3
z = 0xf2b4b224af793c82273956a8c176a1888feac39b66a5fe13b6737c8de1aed323
r = 0xcf26c301b9883ce8c5ff73d4b4ebf1433d9e8968dddd835ae6b12186621e376e
s = 0xcfe55d8ef6031233be7a7717b0789085c3dbf8360c3cf4bab42cf9b049a41c8
z = 0x31f843dfa96949027ff06458643c40cbfb08bb783058d88d995fa145f96c1587
r = 0x9b732053ed98c72dfd3c88a71355e21c69c7aa31c3f2c1557730921d2f91d778
s = 0x4a85505d27bc5558ffe972e879918da87ca04c0275008aade7e42deea90cbf30
z = 0x15b1e3f8bc4ec7825c76dc998ff3ce89e483004e807cd40022726295153c30eb
r = 0xc5602039d6a8c2b1ecd9beb528c22a4940bf803d2c58df035ec6e5ef386ea19a
s = 0x82aaae7b148dcaa2fa33faec008766d260cd6c3596ca827dc7ea7bf8b7e3d36
z = 0xd57f7ccd9c0ccb2e61f71b7840682c4d5573a9d4110a318bd8d79572c11491c5
r = 0x827607246fcb2cfed407c75da0377b47f48b2d7c0bbe37a09d01e1263589cbc8
s = 0xcc2b1abf5a80e47d4b8c56d23b9fa74f806a601e48f41fdab89912c69f89cf31
z = 0x62d9a63c3a246817dd9b0ad1ec05111456f8b84b76d74b6a1bdc2416ee19ee94
r = 0x2fbb4916bfd36e09ef9d7258db007992f0fe4d9d53042db9a2e0548b2e61a874
s = 0xd44d679ce9fe431674b0a168a396911634180e9483b5f49810905657f3c7834d
z = 0x5061314ee75e75d5ba8c63f755b1ef3862bc7055759a76b45ec519f539a2f031
r = 0x66cb13fc296eaf010366fbe23f9f326ea9c9d6ef4feae1fbd529d97473ee0178
s = 0x15d6ff2c6af8e5783abe75d95ba0a9afa5d70be23a2e055c9034ca87ec3f673f
z = 0x93acf23e800208a3dc27fcf70fae39f2a19334a3d2e8b64da1c30970f234628
r = 0xa0e5e2b6c0de6fad31c269ae8e8bbbe199496cfae68e27a7f43a9da93156c6f7
s = 0x5991555003749fee4e06c98a9578ff3bb027dd7abf8206472743e11fe663b6b1
z = 0x276489be17a33e261cd422800d39f76ccb0ace2991ac6b3635a8d1d9d0ea6c0f |
|
|
|
|
|
mcdouglasx
|
|
February 24, 2025, 10:18:55 PM |
|
I decided to join in the fun as well, private key and k nonce 200 bits but they were generated with my script!
I think the OP abandoned the topic. I'm still waiting for the results from a few days ago. I believe their technique was based on the vulnerabilities of their own script, which isn't correct, because it would be as believable as a magic trick. The OP has created a different topic; I think I've seen it. |
▄▄█████████████████▄▄
▄█████████████████████▄
███▀▀█████▀▀░░▀▀███████
███▄░░▀▀░░▄▄██▄░░██████
█████░░░████████░░█████
████▌░▄░░█████▀░░██████
███▌░▐█▌░░▀▀▀▀░░▄██████
███░░▌██░░▄░░▄█████████
███▌░▀▄▀░░█▄░░█████████
████▄░░░▄███▄░░▀▀█▀▀███
██████████████▄▄░░░▄███
▀█████████████████████▀
▀▀█████████████████▀▀ | Rainbet.com
CRYPTO CASINO & SPORTSBOOK | | | █▄█▄█▄███████▄█▄█▄█
███████████████████
███████████████████
███████████████████
█████▀█▀▀▄▄▄▀██████
█████▀▄▀████░██████
█████░██░█▀▄███████
████▄▀▀▄▄▀███████
█████████▄▀▄███
█████████████████
███████████████████
███████████████████
███████████████████ | | | |
▄█████████▄
█████████ ██
▄▄█░▄░▄█▄░▄░█▄▄
▀██░▐█████▌░██▀
▄█▄░▀▀▀▀▀░▄█▄
▀▀▀█▄▄░▄▄█▀▀▀
▀█▀░▀█▀
| 10K
WEEKLY
RACE | | 100K
MONTHLY
RACE | | |
██
█████
| ███████▄█
██████████▄
████████████▄▄
████▄███████████▄
██████████████████▄
░▄█████████████████▄
▄███████████████████▄
█████████████████▀████
██████████▀███████████
▀█████████████████████
░████████████████████▀
░░▀█████████████████▀
████▀▀██████████▀▀ |
████████ ██████████████ |
|
|
|
AbadomRSZ
Newbie
Offline
Activity: 32
Merit: 0
|
|
February 25, 2025, 12:35:40 AM |
|
I hope he comes back and proves he's capable! Grin
|
|
|
|
|
mjojo
Newbie
Offline
Activity: 77
Merit: 0
|
|
March 03, 2025, 10:47:46 AM |
|
First of all, I'd like to say that I have a different account on the forum, and I'm creating this one just to stay anonymous.
I know how this sounds. but here me out.
All i need is one of you to generate a public key with a private key which is below 200 bits (just to note, I already done this method on 256 bit keys. I didn't touch any funds).
Sign at least two messages with that public key.
Include your bitcointalk username in one of them.
The more signatures you provide the faster it'll take my computer to compute it.
10 is well more than enough.
I also have a script to generate these, if you want to save time on that, but i recommend not trusting what i say and write your own script.
Edit: when you send the signatures, send them in this format:
R = 0xHexValue
S = 0xHexValue
Z = 0xHexValue
Note: both the nonce and the private key needs to be below 200 bits.
Just speechless if true |
|
|
|
|
bozalic
Newbie
Offline
Activity: 5
Merit: 0
|
|
March 05, 2025, 07:42:06 AM |
|
I guess in your specific code, if a weak or repeated nonce is used, an attacker can compute it from values and recover the private key. This is a well-known vulnerability in ECDSA when nonces are not generated securely. However, Bitcoin does not use a random nonce for signing transactions. Instead, it employs RFC 6979, which ensures that the nonce is deterministically derived from the private key and the message hash. This prevents reuse and eliminates the risk of private key leakage due to nonce repetition or poor randomness. If someone claims to have derived the private key from , they likely exploited a flawed nonce generation process. To verify this, one would need multiple signatures using the same nonce or a predictable nonce pattern. In Bitcoin, this should never happen under normal circumstances. Can you share your code, so i want to check. First of all, I'd like to say that I have a different account on the forum, and I'm creating this one just to stay anonymous.
I know how this sounds. but here me out.
All i need is one of you to generate a public key with a private key which is below 200 bits (just to note, I already done this method on 256 bit keys. I didn't touch any funds).
Sign at least two messages with that public key.
Include your bitcointalk username in one of them.
The more signatures you provide the faster it'll take my computer to compute it.
10 is well more than enough.
I also have a script to generate these, if you want to save time on that, but i recommend not trusting what i say and write your own script.
Edit: when you send the signatures, send them in this format:
R = 0xHexValue
S = 0xHexValue
Z = 0xHexValue
Note: both the nonce and the private key needs to be below 200 bits.
|
|
|
|
|
|
|
nikolayspb
Newbie
Offline
Activity: 7
Merit: 0
|
|
April 30, 2025, 03:58:35 PM |
|
Hello. Looks like topic deleted. Nothing to try. Can you provide script for testing? |
|
|
|
|
dexizer7799
Newbie
Offline
Activity: 42
Merit: 0
|
|
May 01, 2025, 03:30:19 PM |
|
Hello. Looks like topic deleted. Nothing to try. Can you provide script for testing? Hi yes I can provide that script write to me personal message. |
|
|
|
|
sdfasdf
Newbie
Offline
Activity: 13
Merit: 2
|
|
May 01, 2025, 04:36:51 PM |
|
Hello. Looks like topic deleted. Nothing to try. Can you provide script for testing? Hi yes I can provide that script write to me personal message. Hi , I hope this message finds you well. I came across your project that involves recovering up to 249 bits for a 256-bit private key. Unfortunately, I found that the GitHub link you provided is not working. Would you be able to share the script with me directly? I would really appreciate it, as I’m very interested in your work. Thank you for your time! Best regards, fix this >>> User 'dexizer7799' has not chosen to allow messages from newbies. You should post in their relevant thread to remind them to enable this setting. |
|
|
|
|
|
