bitlogik
commented
2 years ago OK, so first, we consider that in cryptography 90% of the coding development work is about format conversions, or data handling/formatting. So this is totally normal that you have to do this work. And here, there's no standard about how the leaked data is provided by the side-channel. There are standards for signatures, but not for the whole data. Indeed LatticeAttack has its very own format of input data, which requires some format change. That is usually done with ad-hoc software, which "translates" data from your data source.
That being said, we have provided various documentation and helpful examples on how to do that kind of work. I recommend that you read carefully this answer we wrote the other day as a response to a person who basically answer a very similar question as you.
Note that if you know a single signature with a full secret nonce (full "Z" for a given signature), the Lattice ECDSA Attack software is not designed for that. In this case, all you have to do is to compute d = ( s.k - H ) . r^-1 where (r,s) is the signature duet, k the secret nonce, H the hash, and you get the private key (d). See more details here. This software is designed to recover the private key from a hundreds of signatures when only a part of the nonce is known (first bits, or last bits) for each signature.
U know what would really help? If there is the convertor coded in as well.
If I were to get the raw transaction RSZ with the public key. It gives the Numbers with the Alphabets..
Which lattice Attack does not accept the input. Its just time consuming to be editing almost 100 SIGNATURES of hash, R, S and M in the data.json.. I have been at this for days... And I can't get the value right. ðŸ˜
Is there a better way that I should be running this? Is there a software for us to do our conversions before running this attack? How about a script like RawInput2Int.py something like what https://github.com/daedalus/BreakingECDSAwithLLL did... Just input the hash of the transaction.