Skip to content

Instantly share code, notes, and snippets.

View secp8x32's full-sized avatar
💭
I may be slow to respond.

KV secp8x32

💭
I may be slow to respond.
150 followers · 80 following
View GitHub Profile
@secp8x32
secp8x32 / secp256k1-endomorphism.md
Created April 6, 2021 07:00 — forked from paulmillr/explanation-simple.md
Speed-up secp256k1 by using endomorphism https://paulmillr.com/posts/noble-secp256k1-fast-ecc/

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).

I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

@secp8x32
secp8x32 / aes_cryptojs_pycrypto.js
Created April 19, 2021 12:02 — forked from adrianlzt/aes_cryptojs_pycrypto.js
Interoperable CryptoJS (defaults) <-> PyCrypto
/*
* CryptoJS by default:
* - uses CBC mode
* - pkcs7 for padding
* - evpKDF to extract key
* - part of the key is used as IV
* - before converting to base64 it makes "Salt__"+salt+encrypted_text
*/
var CryptoJS = require('crypto-js');
@secp8x32
secp8x32 / ECC2.md
Created September 29, 2021 09:23 — forked from jproney/ECC2.md
ECC2_Writeup

PicoCTF 2017: ECC2

A 1064CBread Writeup

Problem

In the file handout.txt, we are given the following parameters for an elliptic curve:

  • y^2 = x^3 + A*x + B mod M -- the curve equation
  • M -- the modulus of the curve
@secp8x32
secp8x32 / messagehash.md
Created October 12, 2021 08:17 — forked from nlitsme/messagehash.md
How to calculate the bitcoin messagehash

Demonstrate how to calculate the messagehash for the two signatures in this transaction

See ecdsa_demo.py for code showing how to use this to crack the bitcoin secret key.

These are the values extracted from the example transaction below:

pk="04 db d0 c6 15 32 27 9c f7 29 81 c3 58 4f c3 22 16 e0 12 76 99 63 5c 27 89 f5 49 e0 73 0c 05 9b 81 ae 13 30 16 a6 9c 21 e2 3f 18 59 a9 5f 06 d5 2b 7b f1 49 a8 f2 fe 4e 85 35 c8 a8 29 b4 49 c5 ff"
r="d4 7c e4 c0 25 c3 5e c4 40 bc 81 d9 98 34 a6 24 87 51 61 a2 6b f5 6e f7 fd c0 f5 d5 2f 84 3a d1"
s1="44 e1 ff 2d fd 81 02 cf 7a 47 c2 1d 5c 9f d5 70 16 10 d0 49 53 c6 83 65 96 b4 fe 9d d2 f5 3e 3e"