Open OnedgeLee opened 2 years ago
Not directly related to this issue, but as information, Modulo p = 115792089237316195423570985008687907853269984665640564039457584007908834671663 2 ^ 256 = 115792089237316195423570985008687907853269984665640564039457584007913129639936 So, p = 2^256 - 4294968273. So, 256 bit can cover private key of ECDSA.
This paper(Speed Optimizations in Bitcoin Key Recovery Attacks) would be help
Current method for elliptic curve multiplication is done by iteration with elliptic curve point adding. Since modulo
p
= 115792089237316195423570985008687907853269984665640564039457584007908834671663, private keyd
can be up to almost 10^77 (since1 <= d <= p-1
) Multiplier is same as k on ECDSA, so it means iteration number can be up to almost 10^77.There can be two kind of approach to resolve it.