Awesome Open Source
Awesome Open Source

Bitp0wn

This repo is a showcase of algorithms to get some fun with bitcoin cryptography.
The scripts are not optimised and are only proof-of-concepts (not suited for production).

keys

  • keys/brute_force.py : You will find a simple bruteforce algorithm wich test every possibilities to retrieve a private key from the public key.

  • keys/bsgs.py : The Baby-step Giant-step algorithm, it has order of 2^(n/2) time complexity and space complexity.

  • keys/pollard_rho.py : The Pollard Rho algorithm, it has order of 2^(n/2) time complexity but is slower than bsgs in practice. However, this algorithm has a constant space complexity.

miscellaneous

  • miscellaneous/double.py : This file is more about finding an arithmetic relationship between 2 public keys on the curve. Most of formulaes are specific to secp256k1.

  • miscellaneous/playground.py : This file contains relations between values of differents signatures for an identical address.

  • miscellaneous/secret-sign.py : A proof-of-concept to build a signature for a particular public key. Only the owner of this public key will be able to assert that the signature is correct.

  • miscellaneous/shamir-shared-secret.py : Shamir Shared Secret Scheme to distribute a secret to n entities wich can be recovered with k < n shares.

  • miscellaneous/tiny-curve.py : This script let you generate your own elliptic curves (not secure, never use the curves in production). This will be useful to test some of our algorithms on smaller curves.

signatures

  • signatures/fake_sig.py : In this script, we show why hashing the message in ecdsa is important. Because without it, you can generate plenty of signatures that can be verified with the public key of your choice.

  • signatures/r_exploit_ecdsa.py : This algorithm exploit a failure in signatures generation. If the same address use the same k in 2 differents signatures (i.e same r-value), then you can recalculate the private key instantly.

  • signatures/r_exploit_schnorr.py : Same as precedent exploit but for schnorr signatures instead of ecdsa signatures.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
python (53,198
bitcoin (557
algorithm (501
hack (188
vulnerability (138
poc (86
bruteforce (72
brute-force (66
ecdsa (21