amaclin (OP)
Legendary
 Offline
Activity: 1260
Merit: 1019
|
 |
November 28, 2014, 08:00:45 AM
Last edit: November 28, 2014, 08:48:09 AM by amaclin |
|
In few words signing in ECDSA is (some pseudocode)
int256 r, s, digest, privkey, k;
k = rand ( );
[r,s] = sign ( privkey, digest, k ); // signing
The question: is it possible to get 'k' from other values if i know them and do not know 'k' (formula, not bruteforcing)?
Something like
k = get_k_value ( privkey, digest, r, s );
|
|
|
|
|
|
|
|
|
|
|
|
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
November 28, 2014, 09:03:18 AM |
|
Yes, if you know the private key. What awful thing are you doing?
|
|
|
|
|
amaclin (OP)
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
November 28, 2014, 09:10:00 AM
Last edit: November 28, 2014, 09:59:26 AM by amaclin |
|
Yes, if you know the private key. What awful thing are you doing?
Stealing bitcoins as usual  What else can we do on Sunday? {*} |
|
|
|
|
|
hhanh00
|
|
November 28, 2014, 11:11:08 AM |
|
K=(digest+r.privkey)/s mod n
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2324
Merit: 1204
The revolution will be digital
|
|
November 29, 2014, 08:46:30 PM |
|
K=(digest+r.privkey)/s mod n
What is n ? |
|
|
|
amaclin (OP)
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
November 29, 2014, 09:18:00 PM |
|
What is n ? n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 |
|
|
|
|
|
dabura667
|
|
November 30, 2014, 02:39:01 AM |
|
What is n ? n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 aka "the order of the curve" of secp256k1 (the curve bitcoin uses) |
My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
|
|
|
|
hhanh00
|
|
November 30, 2014, 06:31:31 AM |
|
This also allows you to calculate the public key from the signature.
|
|
|
|
|
dabura667
|
|
November 30, 2014, 08:45:29 AM |
|
This also allows you to calculate the public key from the signature.
lol. If you know the private key, you don't need the signature to calculate the public key. |
My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
November 30, 2014, 09:33:30 AM |
|
This also allows you to calculate the public key from the signature.
The public key is not completely unambiguous from the signature. (nor is R, technically) |
|
|
|
|
|
hhanh00
|
|
November 30, 2014, 10:21:00 AM |
|
lol. If you know the private key, you don't need the signature to calculate the public key.
Obviously without knowing the private key. The public key is not completely unambiguous from the signature. (nor is R, technically)
Yes but it can be lifted if we know the address. |
|
|
|
|
