https://github.com/daedalus/bitcoin-recover-privkey
Proof of concept of bitcoin private key recovery using weak ECDSA signatures
https://github.com/daedalus/bitcoin-recover-privkey
bitcoin ecdsa ecdsa-cryptography key poc private privkey vulnerability
Last synced: about 1 year ago
JSON representation
Proof of concept of bitcoin private key recovery using weak ECDSA signatures
- Host: GitHub
- URL: https://github.com/daedalus/bitcoin-recover-privkey
- Owner: daedalus
- Created: 2013-03-03T12:03:15.000Z (over 13 years ago)
- Default Branch: master
- Last Pushed: 2023-11-27T18:36:39.000Z (over 2 years ago)
- Last Synced: 2023-11-27T19:40:11.737Z (over 2 years ago)
- Topics: bitcoin, ecdsa, ecdsa-cryptography, key, poc, private, privkey, vulnerability
- Language: Python
- Size: 33.2 KB
- Stars: 70
- Watchers: 20
- Forks: 81
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[](https://github.com/daedalus/bitcoin-recover-privkey/issues)
[](https://github.com/daedalus/bitcoin-recover-privkey/network)
[](https://github.com/daedalus/bitcoin-recover-privkey/stargazers)
# bitcoin-recover-privkey
Proof of concept of bitcoin private key recovery using weak ECDSA signatures
```
Based on http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html
Regarding Bitcoin Tx:
https://blockchain.info/tx/9ec4bc49e828d924af1d1029cacf709431abbde46d59554b62bc270e3b29c4b1.
As it's said in the previous article you need to poke around into the OP_CHECKSIG
function in order to get z1 and z2,
In other hand for every other parameters you should be able to get them from the Tx itself.
```
### ECDSA math recap: ###
```
Q=dP compute public key Q where d is a secret scalar and G the base point
(x1,y1)=kP where k is random choosen an secret
r= x1 mod n
compute k**-1 or inv(k)
compute z=hash(m)
s= inv(k)(z + d) mod n
sig=k(r,s) or (r,-s mod n)
Key recovery
d = (sk-z)/r where r is the same
```
### Try it: ###
```
python ProofOfConcept.py
```