Bitcoin Wallet Recovery via ECDSA Short Signatures

We all know that the disclosure of the secret key in the ECDSA signature can lead to the complete recovery of the Bitcoin Wallet. In our earlier articles, we looked at weaknesses and vulnerabilities in blockchain transactions, but there are also ECDSA short signatures that also lead to the full recovery of a Bitcoin Wallet.

Why are these ECDSA signatures called short?

You can get the answer to this question from the topic under discussion: «The shortest ECDSA signature» [The shortest ECDSA signature]

In our last article: «Reducing the private key through scalar multiplication using the ECPy + Google Colab library» we created a Python script: maxwell.py which generated a rather interesting public key for us

(0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63 , 0xc0c686408d517dfd67c2367651380d00d126e4229631fd03f8ff35eef1a61e3c)

As we know the value of the signature, "R"this is the public key from the private key(Nonce)

Take a look at Blockchain transaction: 11e6b169701a9047f3ddbb9bc4d4ab1a148c430ba4a5929764e97e76031f4ee3

RawTX:

0100000001afddd5c9f05bd937b24a761606581c0cddd6696e05a25871279f75b7f6cf891f250000005f3c303902153b78ce563f89a0ed9414f5aa28ad0d96d6795f9c6302200a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8012103151033d660dc0ef657f379065cab49932ce4fb626d92e50d4194e026328af853ffffffff010000000000000000016a00000000

The size of this transaction is only:156 байт

How can I restore a Bitcoin Wallet through ECDSA short signatures?

In the cryptanalysis of the Bitcoin blockchain, we use our own Bas h script:btcrecover.sh

bitcoin wallet recovery process

Bash script: btcrecover.sh

pip2 install -r requirements.txt
chmod +x btcrecover.sh


 ./btcrecover.sh 12yysAMhagEm67QCX85p3WQnTUrqcvYVuk


 ./btcrecover.sh 15HvLBX9auG2bJdLCTxSvjvWvdgsW7BvAT

Results:

| privkey : addr |

Let’s open bitaddress and   check:

ac8d0abda1d32aaabff56cb72bc39a998a98779632d7fee83ff452a86a849bc1:12yysAMhagEm67QCX85p3WQnTUrqcvYVuk
b6c1238de89e9defea3ea0712e08726e338928ac657c3409ebb93d9a0873797f:15HvLBX9auG2bJdLCTxSvjvWvdgsW7BvAT

Let’s move on to the experimental part and analyze in more detail all the scripts for restoring a Bitcoin Wallet

Open  [TerminalGoogleColab] .

Let’s use the «09BitcoinWalletRecovery» repository .

git clone https://github.com/demining/CryptoDeepTools.git

cd CryptoDeepTools/09BitcoinWalletRecovery/

ls

Install all the necessary modules:

bitcoin
ecdsa
utils
base58

---

pip2 install -r 
.txt

Using the breakECDSA.py script, we get from the RawTXsignature [R, S, Z]

python2 breakECDSA.py 0100000001afddd5c9f05bd937b24a761606581c0cddd6696e05a25871279f75b7f6cf891f250000005f3c303902153b78ce563f89a0ed9414f5aa28ad0d96d6795f9c6302200a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8012103151033d660dc0ef657f379065cab49932ce4fb626d92e50d4194e026328af853ffffffff010000000000000000016a00000000 > signatures.txt

The result will be saved to a file: signatures.txt

Let’s open the file:PublicKeys.txt

cat signatures.txt

R = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
S = 0x0a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8
Z = 0x521a65420faa5386d91b8afcfab68defa02283240b25aeee958b20b36ddcb6de

As we know from our last article , we know the secret key to generating the signature R

In our case, the secret key (Nonce) is:

0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0 --> 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, 0x3f3979bf72ae8202983dc989aec7f2ff2ed91bdd69ce02fc0700ca100e59ddf3

Signatures:

K = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
R = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
S = 0x0a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8
Z = 0x521a65420faa5386d91b8afcfab68defa02283240b25aeee958b20b36ddcb6de

Now that we know the value of [K, R, S, Z] we can get the private key using the formula and restore the Bitcoin Wallet.

To get the private key, let’s use the Python script: calculate.py

def h(n):
    return hex(n).replace("0x","")

def extended_gcd(aa, bb):
    lastremainder, remainder = abs(aa), abs(bb)
    x, lastx, y, lasty = 0, 1, 1, 0
    while remainder:
        lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
        x, lastx = lastx - quotient*x, x
        y, lasty = lasty - quotient*y, y
    return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)

def modinv(a, m):
    g, x, y = extended_gcd(a, m)
    if g != 1:
        raise ValueError
    return x % m
    
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141


K = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
R = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
S = 0x0a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8
Z = 0x521a65420faa5386d91b8afcfab68defa02283240b25aeee958b20b36ddcb6de


print (h((((S * K) - Z) * modinv(R,N)) % N))

Let’s run the Python script: calculate.py

python3 calculate.py

PrivKey=b6c1238de89e9defea3ea0712e08726e338928ac657c3409ebb93d9a0873797f

Let’s open bitaddress and   check:

ADDR: 15HvLBX9auG2bJdLCTxSvjvWvdgsW7BvAT
WIF:  L3LxjEnwKQMFYNYmCGzM1TqnwxRDi8UyRzQpVfmDvk96fYN44oFG
HEX:  b6c1238de89e9defea3ea0712e08726e338928ac657c3409ebb93d9a0873797f

Private key found!

Bitcoin wallet restored!

Короткие подписи ECDSAis a potential threat of losing coins BTC , so we strongly recommend everyone to always update the software and use only verified devices.

This video was created for the  CRYPTO DEEP TECH portal  to ensure the financial security of data and cryptography on elliptic curves  secp256k1 against weak signatures  ECDSA in cryptocurrency BITCOIN

Source

Telegram :  https://t.me/cryptodeeptech

Video: https://youtu.be/xBgjWE5tA7Y

Source: https://cryptodeeptech.ru/shortest-ecdsa-signature

---

	Donation Address
♥ BTC	1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV
♥ ETH	0xaBd66CF90898517573f19184b3297d651f7b90bf