so I ran this command: python3 gen_data.py -f data.json -c SECP256K1 -b 1 -t LSB -n 360
Got my private key: 0xa0a9e351153934a4d5e86c4c53f21bef542e676e2639235596c5d3b81f57
Started prepping the data
Generating 360 signatures using SECP256K1 curve
Leaking 1 bit for k (LSB) ...
Outputted to data.json.
Then I did: python3 lattice_attack.py -f data.json
(and also timed it: time python3 lattice_attack.py -f data.json > time.txt 2>&1)
Lattice ECDSA Attack
Loaded data from data.json
Running with 1 bit of k (LSB)
Kicking off recovery attack on SECP256K1
Building the matrix
Solving the matrix ...
LLL reduction
.....
.... still going.....
So, I’ve been at this for over 6 hours and it’s still not done. How long does this usually take?
If anyone has tried to resolve 1 bit of their own key, how quick was it for you?
What approach do you guys suggest?
I have these settings:
MINIMUM_BITS = 1
RECOVERY_SEQUENCE = [None, 15, 25, 40, 50, 60]
SIGNATURES_NUMBER_MARGIN = 1.03 # 0.75
What should I tweak to resolve 1 bit, like the Private Key: 0xa0a9e351153934a4d5e86c4c53f21bef542e676e2639235596c5d3b81f57
Running this on a PC with 4 CPUs, I’m using:
taskset -c 1,2,3 time python3 lattice_attack.py -f data.json # is this the right way to do it? How can I set up multi-threading?
Just trying to figure things out here.
Calculation example: let’s say a block size of 40 with a lattice dimension of 200 takes about an hour on a specific machine. If I scale that up to a block size of 60 and a lattice dimension of 352, it could mean:
A significant increase in time due to the larger block size.
Extra runtime from the higher lattice dimension.
Just a rough estimate.
1 bit LSB Attack Challenge
1 reply 369 views
=== my test results ===
252 ( leak 4 bit ) ===> 70 rsz Success ( Time: 8 seconds )
253 ( leak 3 bit ) ===> 155 rsz Success (Time: 661 seconds )
254 ( leak 2 bit ) ===> 200~1500+ rsz Never Recovery my Private Key
255 ( leak 1 bit ) ===> 1500+ rsz Never Recovery my Private Key
256 ( leak 0 bit ) ===> 1500+ rsz Never Recovery my Private Key
Related topics
- Twist Attack, Sub-Group Attack and Pollard-Rho Implementation Issues 4
- Could Innopolis Tech launch a 51% attack on the testnet? 19
- Potential attack strategy for btc puzzle pool: ttd's pool. 4
- Bitcoin Core displaying coins (UTXOs) in a new tab 13
- Are you in favor of BIP-110? Let's get a Bitcoin poll going. 0
- Erlay seems to have some issues here’s a better proposal for a bitcoin protocol without invites 3