Mini-puzzle for Puzzle #130
Description
This is a side-puzzle for Puzzle #130.
Given:
Message: Anything one man can imagine, other men can make real
Signature: IIONt3uYHbMh+vUnqDBGHP2gGu1Q2Fw0WnsKj05eT9P8KI2kGgPniiPirCd5IeLRnRdxeiehDxxsyn/VujUaX8o=
"There is about 700$ in BCH there, so hurry up!
And thanks to creator of original puzzles (Satoshi??) for a lot of fun!"
Hints
The previous signed message posted by the creator:
Address: 1Fo65aKq8s8iquMt6weF1rku1moWVEd5Ua
Message: RetiredCoder is a winner for 120,125,130
Signature: IN6XCSv7fAIUioJ7T4ti2x4YmnOcd4FXmd9eb7Na6IofP0+ji8uxdhVEb6vG++vO77t9BS7KnOE2s6Sme38NT0I=
Solution
r1_1 = 02de97092bfb7c02148a827b4f8b62db1e189a739c77815799df5e6fb35ae88a1f
r2_1 = 02838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc
delta = 031e283a9ebc4c50b0a93f27d411e69d0a97aad2a6d4ae26f5725f8b55fb5176f5
delta _k = 0xfffffffffffffffffffffffffffffffebaaedce6af487e246f4eac90b714b3bd
N- delta _k = 0x22175083b1fc19218d84
r1_2= 03de97092bfb7c02148a827b4f8b62db1e189a739c77815799df5e6fb35ae88a1f
r2_2= 03838db77b981db321faf527a830461cfda01aed50d85c345a7b0a8f4e5e4fd3fc
delta = 021e283a9ebc4c50b0a93f27d411e69d0a97aad2a6d4ae26f5725f8b55fb5176f5
delta _k = 0x22175083b1fc19218d84
PK = 33e7665705359f04f28b88cf897c603c9
Explanation from the creator
Since it seems that the winner is not here, I will explain this riddle.
1. So we have a signature, we should check for weak K1, use kangaroos of course Smiley What's the range for search? Use a hint from the message, 80bit. Fails, it seems K1 is strong.
2. Remember that I posted another signature, take K2, may be K1==K2? No. So if we have both strong K1 and K2, what it can be? Remember that ECDSA Signature is vulnerable not only when K1==K2 but also if we know that K1 has some relation with K2, for example, K2=K1+1 (the simplest case). How to check it? Remember that R1=G*K1 and R2=G*K2 and we have these R1 and R2 points in signatures, so we can substract: PntDiff = R1 - R2 (and also try R2 - R1) and check if it's G. It's not G, ok, may be the difference is not 1 but more? We should try to solve PntDiff (both variants) with kangaroos. What's the range? Same, 80bits. And we can solve it, so now we have delta_K.
3. Now calculate, google or ask chatbot to get the formula:
pk = ((delta_k * s1 * s2) + (z2 * s1) - (z1 * s2)) / (r1 * s2 - r2 * s1) [mod n]
That's all!