K Nonce Discussion

0 replies 55 views
calmomegaSenior Member
Posts: 123 · Reputation: 817
#1May 20, 2025, 03:58 AM
Hey everyone. So my last thread got deleted without any explanation, but I think it might be because I shared my code. I'm gonna try to bring it back, but this time without the code. I found some interesting research and analysis about calculating k nonce mathematically. I’ll share some articles that cover this. A few are more theoretical, but there’s also practical stuff. Out of roughly 1000 bitcoin signatures, they figured out how to calculate k nonce this way. From what I gather, for the calculation to work, the components of the rsz signature need to have a specific expression, and you should be able to extract the root. I gave it a shot, but no luck. Everything seems to check out, but the code is spitting out nonsense and k doesn’t match R from the signatures. Any ideas on where I might be going wrong? If these articles were just theory, I’d brush it off, but since there’s practical evidence showing that about 50% of signatures can successfully calculate k nonce, it makes me curious. Here are the articles and studies I found: ### **1. SEC 1 Standard Specifications (Certicom, 2000)** **Source:** - **Name:** *Standards for Efficient Cryptography (SEC 1)* - **Author:** Certicom Research - **Year:** 2000 - **Link:** [SEC 1 v1.0 (2000)](https://www.secg.org/sec1-v2.pdf ) (official PDF from SECG) - **Sections:** - Appendix C (pp. 47-50) Mathematical foundations of ECDSA - Appendix D (pp. 51-54) Derivation of signature equations **Note:** This document shows how the ECDSA equation can be simplified to a quadratic one.
3 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics