ECDSA公钥恢复

时间:2019-10-07 12:20:09

标签: ruby public-key dsa

你好,

我尝试从cookie中恢复公钥,这是我所做的,不确定那是否正确...

1)注册并登录以获取cookie:

user: test
pass: asd
cookie: dGVzdC0tMEYCIQDkk9vxwQ2A81geSQSTCxQEzGwTkA7gdYR0%2BpSr6MTNEwIhAJLLemlZFZZT6unXBg4i1WvdJy6tKVJrLQmj%2FM8SujPA

2)将Cookie解码为网址:

dGVzdC0tMEYCIQDkk9vxwQ2A81geSQSTCxQEzGwTkA7gdYR0+pSr6MTNEwIhAJLLemlZFZZT6unXBg4i1WvdJy6tKVJrLQmj/M8SujPA

3)将cookie解码为base64 

test--0F\x02!\x00\xE4\x93\xDB\xF1\xC1\r\x80\xF3X\x1EI\x04\x93\v\x14\x04\xCCl\x13\x90\x0E\xE0u\x84t\xFA\x94\xAB\xE8\xC4\xCD\x13\x02!\x00\x92\xCBziY\x15\x96S\xEA\xE9\xD7\x06\x0E\"\xD5k\xDD'.\xAD)Rk-\t\xA3\xFC\xCF\x12\xBA3\xC0

4)解码cookie中“-”之后的部分,因为ECDSA(DER)说出它的“信号”。

    ECDSA::Format::SignatureDerString.decode(sig)
<ECDSA::Signature:0x000056532e7cc928 @s=66397190700537287645903651815357348182011798486667182586289641565984306901952, @r=103388573995635080359749164254216598308788835304023601477803095234286494993683>

5)检查代码:(这现在不重要*) * ================================================== ========== 

$group = Secp256k1
$private_key = UNKNOWN

def sign(str)
    digest = Digest::SHA256.digest(str) 
    temp_key = str.size 
    signature = ECDSA.sign($group, $private_key, digest, temp_key)
end

temp_key = 'test'.size ==> 4

================================================ ============= *

6)公共密钥恢复:

1)检查s和r是否为整数:

signature.r.class
signature.s.class

2)计算曲线点R(x1,y1),其中x(h)x可以是r,r + n(r + 2n等)取决于$ group中的h值。

从十六进制转换n 

n = 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_BAAEDCE6_AF48A03B_BFD25E8C_D0364141.ord
n = 115792089237316195423570985008687907852837564279074904382605163141518161494337

3)当h = 1 ==> j <= h

时计算xj

所以我得到x0 = r和x1 = r + n 

x0 = 103388573995635080359749164254216598308788835304023601477803095234286494993683
x1 = 219180663232951275783320149262904506162058819969664165517260679242195329665346```
# y² = x³ + 7  ==> x³ + 7 - y² = 0  ==> y = sqrt(x³ + 7)
    So there are Y that can be -Y.

y0 = (Math.sqrt(x0**3 + 7)).to_i 
y0 = 33243658930125968263381409750062872803328956523994685349884711523646619725501695561221713273581676204319400941060096

y1 = 102613229253348668425867949464551151644184036880118254846069064957181439439331464178252481009905814258844193460846592`

R0 = (x0, y0) or R0 = (x0, -y0)  ==> R0 = x0,y0 R0m = x0,-y0   (arrays)
R1 = (x1, y1) or R1 = (x1, -y1)  ==> R0 = x1,y1 R1m = x1,-y1   (arrays)

3)计算e = HASH(m)

m = "test"
e = Digest::SHA256.digest(m)
"\x9F\x86\xD0\x81\x88L}e\x9A/\xEA\xA0\xC5Z\xD0\x15\xA3\xBFO\e+\v\x82,\xD1]l\x15\xB0\xF0\n\b"
e.unpack("H*")
"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
==> IN BINARY "1001111110000110110100001000000110001000010011000111110101100101100110100010111111101010101000001100010101011010110100000001010110100011101111110100111100011011001010110000101110000010001011001101000101011101011011000001010110110000111100000000101000001000"

4)z =(Ln-e的第一个len(n)n = 256)的最左位

z = 1000000000001000100010001000100010000000000000000000100010000000100010000000100000000000000000001000000000000000000000000000100010000000000000001000000000000000000010000000000010001000000000000000100010001000100010000000100000001000100000000000100000001000
==> IN DECIMAL 57911121712712222031468434730037426356855313884841210343156710740660779485192

5)计算u1 = -z * r ^(-1)mod n和u2 = s * r ^(-1)mod n 

 u1 = (-z * r**(-1)) % n
=> 11971578986221445867450691250469536884332685577127711573660715696043877254293372045122426347501727868950695322967745945196078037375262636091467191875787979/103388573995635080359749164254216598308788835304023601477803095234286494993683
u2 = (-z * s**(-1)) % n
=>(66397190700537287645903651815357348182011798486667182586289641565984306901952/103388573995635080359749164254216598308788835304023601477803095234286494993683)

6) Calculate curve point Qa = (Xa, Ya) = u1 *G + u2 * R

G = [55066263022277343669578718895168534326250603453777594175500187360389116729240, 32670510020758816978083085130507043184471273380659243275938904335757337482424]

u1.to_int = 115792089237316195423570985008687907852837564279074904382605163141518161494336  
u2.to_int = 115792089237316195423570985008687907852837564279074904382605163141518161494336

现在是时候计算每个R. R0,R0m,R1和R1m的Qa了,但是我觉得我浪费了时间……有人可以看一下这个,并帮助我了解如何从cookie中恢复公钥吗?

我使用了维基百科[ecdsa恢复公用密钥]

https://en.m.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

和这些网站:

参考文献:

1)https://www.instructables.com/id/Understanding-how-ECDSA-protects-your-data/

2)https://www.johndcook.com/blog/2018/08/14/bitcoin-elliptic-curves/

3)http://www.secg.org/sec1-v2.pdf

0 个答案:

没有答案
相关问题
最新问题