Hey folks,
I’m still trying to crack a puzzle I found here.
Right now, I’m digging into a specific key that could make solving part of the puzzle way easier. This key’s address is empty at the moment, and I’ve gathered 5 valid ECDSA signatures that are linked to it.
Here’s what I’ve found I’m really curious if these signatures show enough bias to give a shot at a lattice (LLL) attack with just these 5.
=== Detailed Breakdown of S Distribution ===
S in [1, n/4]: 4/5 → 80.00%
S in [1, n/8]: 3/5 → 60.00%
S in [1, n/16]: 1/5 → 20.00%
S in [1, n/32]: 1/5 → 20.00%
S in [1, n/64]: 0/5 → 0.00%
S in [1, n/128]: 0/5 → 0.00%
Result:
MAX BIAS: 4/5 signatures (80.00%) in [1, n/4]
→ Strong bias detected, likely caused by a biased nonce k.
=== Full Bit Analysis of S ===
Total signatures: 5
Count of fixed bits (always 0 or 1): 16
Fixed bits:
Bit 4: always 0
Bit 8: always 1
Bit 49: always 0
Bit 50: always 0
Bit 55: always 1
Bit 69: always 0
Bit 77: always 1
Bit 93: always 0
Bit 102: always 1
Bit 103: always 1
Bit 116: always 0
Bit 146: always 0
Bit 180: always 0
Bit 183: always 0
Bit 202: always 0
Bit 255: always 0
Max sequence of consecutive fixed bits: 2 bits (starting at bit 49)
Low 8 bits of S: ['0x6e', '0x2a', '0x29', '0xe4', '0xcc']
Result:
MAX BIAS: 16 fixed bits; max block = 2 bits
→ Strong bias noticed, maybe due to some structural patterns in k.
So, can we use this bias from just 5 signatures to make an attempt?
Could There Be an LLL Attack Chance? Noticed Bias in 5 ECDSA Signatures
1 reply 75 views
Can you share your code because I went to test how your bias code was working?
Related topics
- Could Innopolis Tech launch a 51% attack on the testnet? 19
- Extracting R values from blockchain signatures 14
- Twist Attack, Sub-Group Attack and Pollard-Rho Implementation Issues 4
- Potential attack strategy for btc puzzle pool: ttd's pool. 4
- Bitcoin Core displaying coins (UTXOs) in a new tab 13
- Are you in favor of BIP-110? Let's get a Bitcoin poll going. 0