Where can I find code that allows me to calculate Z1 and Z2 from an ECDSA signature?

by user1111111111111   Last Updated March 07, 2019 17:27 PM - source

By following Recovering Bitcoin private keys using weak signatures from the blockchain, I am able to do other calculations, but I have no idea how to calculate Z1 or Z2. There was a public code available by Sean Bradley:


But it does not seems to work now. Is there some other public code to calculate Z1 and Z2 in any language. I can convert it to the language of my preference. Any help is appreciated.

Answers 2

According to Nils's post, the z values are the hashes that get signed in the ECDSA formula. Background on what data goes into these hashes can be found on the OP_CHECKSIG wiki page and Krzysztof Okupski's excellent developer reference PDF.

Bitcoin Core's code for generating the hashes is here. Any other Bitcoin application that signs transactions (or verifies signatures) must have a compatible function (at least for the default SIGHASH_ALL), so you should be able to find an implementation in pretty much any popular programming language.

David A. Harding
David A. Harding
January 17, 2015 21:40 PM

paste your transaction into this page https://2coin.org/getRSZfromRawTX.html

it will give you all the R,S and Zs if I was able to decode the TX.

for example, 0100000002f64c603e2f9f4daf70c2f4252b2dcdb07cc0192b7238bc9c3dacbae555baf701010000008a4730440220d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1022044e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e014104dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69c21e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ffffffffff29f841db2ba0cafa3a2a893cd1d8c3e962e8678fc61ebe89f415a46bc8d9854a010000008a4730440220d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad102209a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab014104dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69c21e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ffffffffff01a0860100000000001976a91470792fb74a5df745bac07df6fe020f871cbb293b88ac00000000

will output

    "sigR": "d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1",
    "sigS": "44e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e",
    "sigZ": "c0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e",
    "pubKey": "04dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69c21e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ff",
    "N": 0
    "sigR": "d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1",
    "sigS": "9a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab",
    "sigZ": "17b0f41c8c337ac1e18c98759e83a8cccbc368dd9d89e5f03cb633c265fd0ddc",
    "pubKey": "04dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69c21e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ff",
    "N": 1

Sean Bradley
Sean Bradley
March 07, 2019 16:49 PM

Related Questions

Python code to recover private key from public key

Updated September 25, 2018 12:27 PM

How does BIP 39 Mnemonics works?

Updated August 19, 2019 21:27 PM