From 743631f7cebb9c574765939ba0dab9d16d22a76b Mon Sep 17 00:00:00 2001
From: Christian Reitter <invd@inhq.net>
Date: Tue, 14 Jan 2025 22:12:17 +0100
Subject: [PATCH] Publish new research data on direct PRNG to secp256k1 key
 usage

---
 .../direct/README.md                                  | 10 ++++++++++
 ...n_256bit_key_2024_12_31_filter__mt_tw2a_direct.txt |  7 +++++++
 .../direct/README.md                                  | 11 +++++++++++
 ...n_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt |  3 +++
 ...n_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt |  1 +
 .../direct/README.md                                  | 10 ++++++++++
 ...t_key_2024_12_31_partial__minstd_rand_a_direct.txt |  4 ++++
 .../direct/README.md                                  | 10 ++++++++++
 ...it_key_2024_12_31_filter__minstd_rand_b_direct.txt |  1 +
 MT19937__bx_pattern/direct/README.md                  | 10 ++++++++++
 ...ion_256bit_key_2024_12_31_filter__mt_bx_direct.txt |  5 +++++
 MT19937__trust_wallet_pattern/direct/README.md        | 10 ++++++++++
 ...on_256bit_key_2024_12_31_filter__mt_tw1_direct.txt |  2 ++
 13 files changed, 84 insertions(+)
 create mode 100644 LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/README.md
 create mode 100644 LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2a_direct.txt
 create mode 100644 LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/README.md
 create mode 100644 LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt
 create mode 100644 LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_ethereum_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt
 create mode 100644 LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/README.md
 create mode 100644 LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_partial__minstd_rand_a_direct.txt
 create mode 100644 LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/README.md
 create mode 100644 LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__minstd_rand_b_direct.txt
 create mode 100644 MT19937__bx_pattern/direct/README.md
 create mode 100644 MT19937__bx_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_bx_direct.txt
 create mode 100644 MT19937__trust_wallet_pattern/direct/README.md
 create mode 100644 MT19937__trust_wallet_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw1_direct.txt

diff --git a/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/README.md b/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/README.md
new file mode 100644
index 0000000..d0602eb
--- /dev/null
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/README.md
@@ -0,0 +1,10 @@
+# LCG16807 => consumption pattern A => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* Bitcoin
+    * with compressed pubkeys
\ No newline at end of file
diff --git a/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2a_direct.txt b/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2a_direct.txt
new file mode 100644
index 0000000..afdee68
--- /dev/null
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2a_direct.txt
@@ -0,0 +1,7 @@
+1893BXX2kuHJr8t8whLApUyLzrdB4qqDoq
+1DimoSeNTGYKxkHbJadwUjh8ZqZqHXsMCn
+1Loveu9He9wDnLUBzio9XM47EbwKqoCyEX
+1LovEUjnQQF1yiYNGr2MJtpNu1UHwSCL1h
+1LovezS8pFiKWKfPZTJPmj7ZR7AUfvufGq
+1Shao1YrYoLdrgjjLgLTycQwVYyNRxKWL
+1ShaoJtnZc9ZyK4yXQqVDHnHRUntrpG72
diff --git a/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/README.md b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/README.md
new file mode 100644
index 0000000..fdecd18
--- /dev/null
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/README.md
@@ -0,0 +1,11 @@
+# LCG16807 => consumption pattern B => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* Bitcoin
+    * with compressed pubkeys
+* Ethereum
\ No newline at end of file
diff --git a/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt
new file mode 100644
index 0000000..4cb4907
--- /dev/null
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt
@@ -0,0 +1,3 @@
+17sgNwkSJzJsh5W8J44forrPMiWhoNhD7R
+1Bzq3SBMFoZLynCZtK7Qn1TNgH9az1E6c7
+1Mee3ctzBZ1LTx6HHJ99bev6rVKE1UXcDC
diff --git a/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_ethereum_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_ethereum_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt
new file mode 100644
index 0000000..17f1007
--- /dev/null
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/direct/victim_addresses_ethereum_sorted_collection_256bit_key_2024_12_31_filter__mt_tw2b_direct.txt
@@ -0,0 +1 @@
+082977959d0c5a1ba627720ac753ec2adb5bd7d0
diff --git a/LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/README.md b/LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/README.md
new file mode 100644
index 0000000..eb28028
--- /dev/null
+++ b/LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/README.md
@@ -0,0 +1,10 @@
+# LCG48271 => consumption pattern A => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* We only investigated usage with Bitcoin.
+* So far seen: compressed pubkeys
\ No newline at end of file
diff --git a/LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_partial__minstd_rand_a_direct.txt b/LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_partial__minstd_rand_a_direct.txt
new file mode 100644
index 0000000..5b28656
--- /dev/null
+++ b/LCG48271_MINSTD_RAND__trezor_crypt_A_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_partial__minstd_rand_a_direct.txt
@@ -0,0 +1,4 @@
+1BenSEx9G93QE5Ep7LchVAi2vPRpiYsAVB
+1BXLiuSDWNreX9yriR5xGyitNQaqDW3t1s
+1JwensFFMRuDJz3J1PHzHgBUC1GkEDtt51
+1RichtpcHiahjFVqFP9kKcsXeyjVA4V5t
diff --git a/LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/README.md b/LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/README.md
new file mode 100644
index 0000000..c39861d
--- /dev/null
+++ b/LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/README.md
@@ -0,0 +1,10 @@
+# LCG48271 => consumption pattern B => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* We only investigated usage with Bitcoin.
+* So far seen: compressed pubkeys
\ No newline at end of file
diff --git a/LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__minstd_rand_b_direct.txt b/LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__minstd_rand_b_direct.txt
new file mode 100644
index 0000000..fb73221
--- /dev/null
+++ b/LCG48271_MINSTD_RAND__trezor_crypt_B_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__minstd_rand_b_direct.txt
@@ -0,0 +1 @@
+1SALLxQTQhACgSSaNmutH3bFkCEuJLR9a
diff --git a/MT19937__bx_pattern/direct/README.md b/MT19937__bx_pattern/direct/README.md
new file mode 100644
index 0000000..95a198e
--- /dev/null
+++ b/MT19937__bx_pattern/direct/README.md
@@ -0,0 +1,10 @@
+# Mersenne Twister 32 bit seeding => bx consumption pattern => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* We only investigated usage with Bitcoin.
+* So far seen: compressed pubkeys
\ No newline at end of file
diff --git a/MT19937__bx_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_bx_direct.txt b/MT19937__bx_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_bx_direct.txt
new file mode 100644
index 0000000..935f164
--- /dev/null
+++ b/MT19937__bx_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_bx_direct.txt
@@ -0,0 +1,5 @@
+1341545XP8GdCiL96osVr3NefXpHbjzoCs
+14bLwyWLz5k9GCyLjE2P9FrwVuHmRJ5Nw1
+19r2RXiKHyL7Y2yPuLEupNDEff2KPopcns
+1QCEnxXU9QAsnqfufArkiuangGNGqdE4in
+bc1qg4t76nxp68gv8yj0s8hza2nxen7r6wpevrcs8p
diff --git a/MT19937__trust_wallet_pattern/direct/README.md b/MT19937__trust_wallet_pattern/direct/README.md
new file mode 100644
index 0000000..95a198e
--- /dev/null
+++ b/MT19937__trust_wallet_pattern/direct/README.md
@@ -0,0 +1,10 @@
+# Mersenne Twister 32 bit seeding => bx consumption pattern => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* We only investigated usage with Bitcoin.
+* So far seen: compressed pubkeys
\ No newline at end of file
diff --git a/MT19937__trust_wallet_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw1_direct.txt b/MT19937__trust_wallet_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw1_direct.txt
new file mode 100644
index 0000000..fca320b
--- /dev/null
+++ b/MT19937__trust_wallet_pattern/direct/victim_addresses_bitcoin_sorted_collection_256bit_key_2024_12_31_filter__mt_tw1_direct.txt
@@ -0,0 +1,2 @@
+33cGTSMtkrmC9jxoWJMLV76eR9Uuof81Qt
+38QKsYaotFJ4zhrfSUoWDxcDupJpFf9sxd