My query is expounded to weak signature vulnerability testing the place a hypothetical attacker doesn’t know the values of the nonce or personal key itself, however can decide that the nonce ‘k1’ is designed by personal key ‘d’ to message hash z , such that: ok = 128 MSB little bit of z + 128 bit MSB of d (privatekey)
instance:
d= personal key in hex
z= message hash
ok= nonce; the place nonce is equal first 128 little bit of z + 128 little bit of d
d= 0x036ed4f5f383049827edc4fe337f46f83a240b124242620b02b97552b2fc11a4
z= f55ab477c48f9afaf1a72ab448bf96b4a05f336f7a1e27e08993308dfaa783b5
ok = f55ab477c48f9afaf1a72ab448bf96b4 + 036ed4f5f383049827edc4fe337f46f8
ok= 0xf55ab477c48f9afaf1a72ab448bf96b4036ed4f5f383049827edc4fe337f46f8
signature:
r= 62326678398279634483781267842729177896577268934832461436294590773005653623297
s= 78373122694400608572761948114834235891083358005495335895684705221713649603747
z= 110976909682006680432155795488402189554785886863009729379902726621537291961269
I’ve searched the stack exchanges and numerous articles and analysis papers and haven’t discovered a workable answer to this downside. My very own linear algebra shouldn’t be as robust as I would really like it (it has been a lot of years), and my makes an attempt haven’t been profitable.
Is there any option to calculate ok or privatekey?
N: Finite discipline of the secp256k1
