[ANN] unsek - Cryptographic Security Research Toolkit

[Redni]

unsek
Cryptographic Security Research Toolkit

What is this?

unsek is a set of open-source tools for cryptographic security research on secp256k1 and Bitcoin key infrastructure. Each tool targets a specific attack surface — weak key generation, ECDLP, signature vulnerabilities, vanity addresses, and puzzle data — and they integrate with each other through shared data providers and pipeline-friendly I/O.

Everything is written in Rust, MIT-licensed, and published on crates.io. GPU acceleration uses wgpu (WebGPU), supporting AMD, NVIDIA, Intel, and Apple Silicon — no CUDA lock-in.

Why an ecosystem?

Most existing tools in this space are standalone projects with different languages, build systems, and data formats. If you want to scan b1000 puzzle keys against brainwallet wordlists, then run unsolved pubkeys through a kangaroo solver, you end up writing glue scripts between incompatible tools.

unsek provides a modular toolkit where:

• Shared data providers: boha library gives all tools access to puzzle collections (b1000, Peter Todd bounties, gsmg, etc.)
• Pipeline-friendly output: JSON, JSONL, CSV across all tools — pipe one into another.
• Cross-platform GPU: wgpu compute shaders for AMD, NVIDIA, Intel, and Apple Silicon in every GPU-enabled tool.
• Uniform installation: cargo install or AUR packages for everything.

Tools

vuke — Vulnerable Key Generation Research
Reproduces and analyzes historically vulnerable Bitcoin key generation methods.

• Methods: brainwallet, milksad (CVE-2023-39910), MT19937-64, LCG, xorshift, electrum, armory, multibit HD, SHA256 chains, bitimage.
• Reverse analysis: given a private key, detect which vulnerable method could have generated it.
• Storage: Parquet + DuckDB for TB-scale analysis. Optional GPU acceleration.

GitHub: https://github.com/oritwoen/vuke
Thread: https://bitcointalk.org/index.php?topic=5570717

kangaroo — Pollard's Kangaroo ECDLP Solver
GPU-accelerated Pollard's Kangaroo for solving ECDLP on secp256k1 in a known bit range.

• GPU: AMD (Vulkan/RADV), NVIDIA (Vulkan), Intel (Vulkan), Apple Silicon (Metal).
• Optimization: Distinguished points, auto-tuning of kangaroo count and DP bits, CPU fallback.
• Performance: 17 M jumps/s on AMD RX 6800S (48-bit range). +359% since v0.2.0.

GitHub: https://github.com/oritwoen/kangaroo
Thread: https://bitcointalk.org/index.php?topic=5571086

vusi — ECDSA Signature Vulnerability Analysis
Detects ECDSA signature vulnerabilities and recovers private keys from flawed signatures.

• Attacks: nonce reuse, polynonce (Kudelski Security, 2023), biased nonces (lattice/HNP).
• Planned: LCG nonce detection, related nonce, half-half, side-channel timing.
• Validation: strict input checking, test vectors from real Bitcoin transactions.

GitHub: https://github.com/oritwoen/vusi
Thread: https://bitcointalk.org/index.php?topic=5575149

boha — Crypto Puzzles & Bounties Data Library
Curated dataset of cryptocurrency puzzles and bounties, embedded at compile time.

• Collections: b1000 (256 puzzles, 82 solved), hash_collision (Peter Todd bounties), gsmg, zden (visual puzzles), bitaps (SSSS), bitimage, ballet.
• Total: 7 collections, 284 puzzles.
• Integration: used as data provider by vuke, kangaroo, and vgen.

GitHub: https://github.com/oritwoen/boha
Thread: https://bitcointalk.org/index.php?topic=5570614

vgen — Vanity Address Generator
GPU-accelerated vanity address generator with full regex pattern matching.

• Formats: P2PKH, P2WPKH (Bech32), Ethereum.
• Features: interactive TUI, range scanning for Bitcoin Puzzles, boha provider integration.
• Performance: CPU ~50K–200K keys/s, GPU ~500K–2M keys/s.

GitHub: https://github.com/oritwoen/vgen
Thread: https://bitcointalk.org/index.php?topic=5575148

Pipeline Examples

Scan unsolved b1000 puzzle addresses against a brainwallet wordlist:

Code:

boha list b1000 --unsolved --format json | \
  jq -r '.[] | .address' > targets.txt
vuke scan --transform sha256 --targets targets.txt wordlist.txt

Get pubkey for puzzle #135 and solve with kangaroo:

Code:

boha show b1000/135 --format json | \
  jq -r '.pubkey' | \
  kangaroo --bits 135

Scan puzzle #66 range with vgen:

Code:

vgen range -p "boha:b1000:66"

Installation

Via Cargo:

Code:

cargo install vuke kangaroo vusi boha vgen

Arch Linux (AUR):

Code:

paru -S vuke kangaroo vusi boha vgen

From Source:

Code:

git clone https://github.com/oritwoen/<tool>.git
cargo build --release

Research Coverage

• Key Generation (vuke): brainwallet, PRNG (milksad, mt64, lcg, xorshift), derivation bugs (electrum, armory, multibit)
• ECDLP (kangaroo): Pollard's Kangaroo, GPU acceleration, distinguished points
• ECDSA Signatures (vusi): nonce reuse, polynonce, biased nonces, lattice/HNP
• Puzzle Data (boha): 7 collections, 284 puzzles, compile-time embedded
• Vanity Addresses (vgen): regex matching, range scanning, GPU acceleration

Roadmap

• seed-tool: BIP39 seed permutation and recovery (scope in research).
• Unified CLI: single unsek interface wrapping all tools.

Links

Ecosystem: https://github.com/oritwoen/unsek
License: MIT (all tools)

Feedback, issues and PRs welcome.

Disclaimer

These tools are provided for educational and security research purposes. They are designed to study known cryptographic vulnerabilities and historical implementation bugs — not to compromise active wallets. The author takes no responsibility for misuse.