Skip to content

Commit e2b67f6

Browse files
daedalusdaedalus
authored
Update crack_weak_ECDSA_nonces_with_LLL.py
1 parent 0f610cb commit e2b67f6

File tree

1 file changed

+25
-23
lines changed

1 file changed

+25
-23
lines changed

crack_weak_ECDSA_nonces_with_LLL.py

Lines changed: 25 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -84,32 +84,34 @@ def make_matrix(msgs, sigs, pubs, B, order, matrix_type="dense"):
8484

8585

8686
def privkeys_from_reduced_matrix(msgs, sigs, pubs, matrix, order):
87-
"""Extract private keys from reduced matrix."""
8887
keys = []
8988
msgn, rn, sn = msgs[-1], sigs[-1][0], sigs[-1][1]
9089

91-
92-
a = rn * sigs[0][1]
93-
b = sn * sigs[0][0]
94-
c = sn * msgs[0]
95-
d = msgn * sigs[0][1]
96-
cd = c - d
97-
98-
if a == b:
99-
for row in matrix:
100-
potential_nonce_diff = row[0]
101-
key = (cd - (b * potential_nonce_diff)) % order
102-
if key not in keys:
103-
keys.append(key)
104-
else:
105-
for row in matrix:
106-
potential_nonce_diff = row[0]
107-
potential_priv_key = (cd - (b * potential_nonce_diff))
108-
for ab in [a-b, b-a]:
109-
key = (potential_priv_key * modular_inv(ab, order)) % order
110-
if key not in keys:
111-
keys.append(key)
112-
return keys
90+
for i in range(len(msgs)):
91+
a = rn * sigs[i][1]
92+
b = sn * sigs[i][0]
93+
c = sn * msgs[i]
94+
d = msgn * sigs[i][1]
95+
cd = c - d
96+
97+
if a == b:
98+
for row in matrix:
99+
for j in range(len(msgs)):
100+
potential_nonce_diff = row[j]
101+
key = (cd - (b * potential_nonce_diff)) % order
102+
if key not in keys:
103+
keys.append(key)
104+
else:
105+
for row in matrix:
106+
for j in range(len(msgs)):
107+
potential_nonce_diff = row[j]
108+
potential_priv_key = cd - (b * potential_nonce_diff)
109+
for ab in [a - b, b - a]:
110+
inv = modular_inv(ab, order)
111+
key = (potential_priv_key * inv) % order
112+
if key not in keys:
113+
keys.append(key)
114+
return keys
113115

114116

115117
def display_keys(keys):

0 commit comments

Comments
 (0)