K Nonce

Question

K Nonce

KrashKrash opened this issue 2 years ago · 4 comments

How do I rewrite the code to reveal the K Nonce use in generating the datas in gen_input.py? I tried "print" at the ecdsa.lib it self. Don't work. Tried adding print(f"k_nonce:{k_nonce}") on gen_input.py too. don't work either.

Answer 1 · 2023-01-05T11:55:41.000Z

If you need to print the values of all nonces for each signatures during the creation process of the demo data, you can :

Add print(f"k_nonce:{k_nonce}") after k_nonce variable creation, and before return in ecdsa_sign_kout() of ecdsa.lib (L140-141).
Add print(f"k_nonce:{sig_info[2]}") on line 48 in gen_input. Because ecdsa_sign_kout() returns r, s, k_nonce. So third element of the tuple sig_info is the nonce.

Also you can do print("k_nonce :", k_nonce). instead of f-string.

Answer 2 · 2023-01-05T15:43:09.000Z

If you need to print the values of all nonces for each signatures during the creation process of the demo data, you can :

Add print(f"k_nonce:{k_nonce}") after k_nonce variable creation, and before return in ecdsa_sign_kout() of ecdsa.lib (L140-141).

Add print(f"k_nonce:{sig_info[2]}") on line 48 in gen_input. Because ecdsa_sign_kout() returns r, s, k_nonce. So third element of the tuple sig_info is the nonce.

Also you can do print("k_nonce :", k_nonce). instead of f-string.

Ok thank you so much. It works. Thanks again.

Answer 3 · 2023-01-07T02:31:02.000Z

If you need to print the values of all nonces for each signatures during the creation process of the demo data, you can :
* Add `print(f"k_nonce:{k_nonce}")` after _k_nonce_ variable creation, and before return in _ecdsa_sign_kout()_ of _ecdsa.lib_ (L140-141).

* Add `print(f"k_nonce:{sig_info[2]}")` on line 48 in _gen_input_. Because  _ecdsa_sign_kout()_ returns r, s, k_nonce. So third element of the tuple _sig_info_ is the nonce.
Also you can do print("k_nonce :", k_nonce). instead of f-string.

i thin you answered for gen_data not gen_input

Answer 4 · 2023-01-07T18:30:21.000Z

Yes, we talked about gen_data indeed.
For gen_input, the k nonces are all selected to have their 7 least significant bits set to 0. So it ends up with kp=0 for all signatures samples selected, and one doesn't know the full value of the nonce. I don't see the point to print zeros. This gen_input is a wonderful demonstration of the LatticeAttack software as it is supposed to work when only a portion of the nonce is known.