Bitcoin Forum

After creating visual private key generator https://btckeygen.com I received some donations, and decided to transfer 0.01BTC from them to new created puzzle address.

The purpose is to teach more people what is the private key, and of course to have some fun.
The 0.01BTC prize transaction: https://www.blockchain.com/btc/tx/509e6b40be125e0ab1e4f4a1b4a591a37eb2b352a082ff84d5cebd1928395f52

The puzzle address: 1JAsB7Nx5zyYW3MZWKJq5UmhFHJ6RWagQY

Here is the border pattern used in private key generation:
https://i.ibb.co/NWkBJ4j/Monster.png (https://ibb.co/NWkBJ4j)

You should "draw" a monster within the orange space.

Some hints:
1) Green cell is "1" bit, white cell is "0" bit. Orange is unknown space, you should fill it by green or white.
2) I did not invent the monster image by myself, however also not sure if the exact copy exist somewhere.
3) Do not change the green border of the provided pattern - it is part of the private key.
4) The monster is located within orange square (so, only 12*12=144 unknown bits to find)
5) The monster does not touch green borders

To solve this puzzle you do not need any special programming skills or technical knowledge. The only thing you need is to import the found private key to your wallet and make the transfer to your own wallet.
So, can you please share this topic in various social media (twitter, facebook, etc).

EDIT: Added the "SOLVED" word to the Subject as the puzzle was solved today by akkort (https://bitcointalk.org/index.php?action=profile;u=884731)

The signed message to prove the address ownership:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is 0.01BTC Monster puzzle. Use https://btckeygen.com to draw monster and find the private key to this address.
-----BEGIN SIGNATURE-----
1JAsB7Nx5zyYW3MZWKJq5UmhFHJ6RWagQY
IKPDsNVPrA+L5qQBjVUaPwfkr2ukhaeUlbgppbYDua/yCX8Tvb8kp6BzMepxp9ql6jpME/z/xLhh+A9cMXS7nlc=
-----END BITCOIN SIGNED MESSAGE-----

there are a lot of monsters out there, can you give me another clue about what the monster is? I'll be really grateful  ;D ;D ;D

I did some attempts, none of them was good. It was fun though.
This is one of my results  ;D

https://talkimg.com/images/2023/05/14/blobc30933f696cd1541.png


PS. You could give clues if the monster is symmetrical or not and also if it has more green or more white.

Thanks for the puzzle, this is pretty fun. I feel like a hint as to the facial expression of the monster (if applicable that is) would also be nice. As it is guessing the monster, drawing it correctly, and guessing the facial expression is such a big search space.

Although I guess you're probably curious how long it will take people to guess it with the minimum info provided, I can appreciate that.

This is fun indeed, here's my first try:
http://loyce.club/other/monster.gif

I'm afraid there are far too many possibilities to test though, and drawing monsters isn't something I can brute-force at more than one per minute :P

Just to make it easier this is the initial border

Wanted to try to bruteforce but 2^144 still seems pretty high, isn't it?

Interesting idea for puzzle
Here is my first try just for fun.
I think it is a bit more scary than LoyceV monster  ;D

https://i.imgur.com/WwiShHu.png

I wonder how many potential combinations there are to solve it?

Assuming symmetry, and assuming not touching the green boarders by a "diagonal" pixel: 288230376151711744 (https://www.wolframalpha.com/input/?i=2%5E58%3D) combinations.

Thanks for the idea. Today I had a special Sunday with this Monster puzzle
 :D
https://i.ibb.co/vV9PzC9/monster-puzzle-verita1.png

Thank you for your interest!

Although the puzzle prize is 0.01BTC I want to attract more newbies to try it. First of all they could understand that the private key is just a number, and can examine the bitcoin address generation process.
Playing with the tool also could be funny for some people.

I also believe that some "clever bruter" could be written, however considering the amount of prize it is pointless for the majority of programmers.

I decreased the search space from 256bit down to 144bit (orange space). The uknown space even less as the monster does not touch (horizontally, vertically or diagonally) the green border.

Not so long ago I discussed with two independent bitcoin miners that the private key is just a number. They argued that it was wrong, and that bitcoin wallets were secured with 2-factor authentication connected to their cell phones, so knowing the private key number was no enough  ;D
If you have somebody in your environment you want better understand the bitcoin private key - share this puzzle challenge with them. Let them try, learn and play.

As for the clue - I will give one more the next Sunday.

Interesting game. I have activated my notification for it. I remember your other thread where we had discussions about your project and happy seeing it to come this far.
 
Will be looking forward to it.

Nice puzzle but I guess it's going to be difficult for a lot of users to win the prize  :D but its fun.

https://i.imgur.com/9Nu726P.png

I'm not sure if its a monster because its looks like a monkey  ;D.


Yeah, more clue please  ;) ;) let's make it more fun.

nah, 144 bits is still too huge to write any kind of brute force for it. even if it is reduced to a small size with your fifth hint or some other "clever" moves like having multiple points side by side for different parts of the "face".

I had a couple of goes at trying to create a very pixelated Donald Trump, but gave up and did this one instead:

https://i.imgur.com/2kHFaUM.png

In connection with the fifth paragraph, two questions arose.
1. Is the monster green or white?
2. If the monster is white, then can points 7,8,9,10 (3, 14) be set to white.
3. If the monster is green, the question is analogous to paragraph two.
4. Do points 3-3, 3-7, 3-11, 3-14, 6-3 fall under rule number 5?

The border exist and it is green... Monster also exists within the orange unknown space - so the monster's part is green as well.
Blank cells (white) are 0 bits, or "emptiness"

I though that the 5th clue was easy to understand, however here is the adjusted orange space (the same unknown space adjusted by the clue that "the monster does not touch green borders":
https://i.ibb.co/7QfR8kw/Monster-space.png (https://ibb.co/7QfR8kw)

2MrFreeDragon
This is white monster or green or broken?

or monster parts?
monster's part - one part (full face)
monster parts - more parts (eyes, mouth and etc)


But this is not 12 to 12. And less.   ::) :P

Yes, I also remember. We discussed the security of such visual patterns. In theory it was easy to say that "knowing the pattern type" it would be easy to retrieve the private key.
Actually this puzzle represents a practical security challenge with much easier conditions - instead of 256 unknown bits only 116 bits should be found.


To be honest I also have no ideas how to write such a "bruter". It is not brain wallet there we calculate key from the phrase (and can use vocabularies as the source). It is like "visual brain wallet" which is easy to observe for a human but difficult to code for a machine. Machine should be intellectual to undertand visual patterns - it is not easy, but possible. I intentionally did not select "2-axis" symmetric figure (like sun, star or snow crystal) because the figure could be brute forced just for 2^(116/4)=2^29 combinations in that case.

These are 5 green separate pieces.


Yes, not 144 if you took into consideration the 5th clue:

That's good to know, until now most of the monsters posted here are white.
For a green one, I tried Pacman:
http://loyce.club/other/pacman.gif
Edited from an image I found on Google. So partial credits go to this link (https://nl.pinterest.com/pin/346003183862610333/), which I can't verify because I block that site via my hosts file.

This is a ghost but should be a winner :).

Check your corners. They are not correct base.

All monsters are, in a sense, broken. The label can be profoundly damaging from a psychological perspective. I was attempting to capture that in my art.


Either that or I didn't read the instructions properly.

Thanks, you're right. I was lazy and used this:
The correct code is:
I tested it, and it's still wrong :P I won't update my screenshot for this.

Yes i think we must wait for additional hints.

@MrFreeDragon: Please add a selection and move selection tool :).

Being inspired by Monster, Inc movies here's my attempt:  ;D

https://i.postimg.cc/9FRyyC5Z/Screenshot-44.png

Happy puzzling everyone

Fixed, sorry  :'(

Besides the corners this picture fits all the clues provided in the initial post and comments about green/white monster part.

Oh it sounds like LoyceV was close.

You have a point here, and I am glad that it's working. This will be interesting to see how many users are trying this and how long it takes to solve this. I surrender after my first try which was no difference than some users tried above LOL

Good luck to all.

Hi guys, I am unable to post thumbnail due to Newbie. Here's my first attempt in the below link!

https://ibb.co/4SjTCh4

As a beginner I love this! I do hope more hints come out though.

Either way, this is really good fun

Thank you. Good try.
Keep in mind that you can easily check every generated image for transactions in blockchain - there is a special option for this. If you find the "puzzle monster" you immediately will see the green box with 0.01BTC amount.
For testing purposes you can use private key 1 (all cells white except one cell 16x16 which is green).
All these options are safe, nothing is stored on the server - all calculations are made in your browser (java script is used) - the code is open and also available on github. So you can always download it to your machine and use offline.

sukbir, please also do not send me private messages about this puzzle. I will not answer them. It is better to keep all the puzzle discussions here.

I am waiting for the next clue. ;D
there is too many possibilities, I already tried a lot of patterns hahaha ;D
but it's really fun playing this game. also I learn a lot from playing this game.
thank you so much for sharing this!

ffffc3c38001824187e18ff1cdb3dffbdc3bd66b93c9b81da8158001c3c3ffff

Coll
https://i.ibb.co/ZcnNmJp/monster.png (https://imgbb.com/)
ccылкa (https://ru.imgbb.com/)

Congratulation!!!!

Punisher?

https://i.ibb.co/CPSK868/Monster.png (https://imgbb.com/)

akkort is winner.

Good to see someone found the monster (I guess).
I do not see any monster posted by akkort

Is this the monster?

If this is the final outcome then I have to say LoyceV was the one who first thought about the pacman monster and this was close (https://bitcointalk.org/index.php?topic=5255464.msg54625830#msg54625830).

Congratulations to the winner!

Nice job! Congratulations!

The monster was created based on this picture: https://www.vectorstock.com/royalty-free-vector/retro-pixel-space-monsters-vector-18930301
I just changed the legs (make longer) and add one column to make it symmetric and fit the orange space (as the most monsters had odd columns). So slight changes to the image were done.

I can say that there were some weaknesses (i.e. attack vectors) in this puzzle:
1) The picture was symmetric
2) The public key was revealed (through the posted signature)
3) Border decreased the total bits to find from 256 down to 116

Do the weakness #2 (revealed public key) no need to brute all 116 bits (2^116), and only square root of total length is enough --> 58 bits (2^58). However it is still very much to brute force. Assuming that the monster could be symmetric (116/2 = 58bits unknown bits only), it is enough to make only square root from 2^58 operations --> 2^29. This is possible to find very fast.

akkort, can you please share your method to solve this puzzle. Did you use baby-step-giant-step or Pollard method? Or did you just draw the picture and was lucky with it?
If you use BSGS method or Pollard, did you adjust the public key to fit exact 58 bits length (i.e. subtract the border public point from the puzzle public point) or make a special code for the exact border pattern?

PS. I remember I mentioned no programming skills are required to solve this puzzle. Actually it is truth - to draw a picture we do not need a program. Signing a message I revealed the public key of the address and "opened the door" for possible baby-step-giant-step/pollard attacks.

Just to show again that I did not invent a monster but used a prototype. Of course it is not a classic space invader, but it exists and could be found in different stock images by key words "pixel monsters":

https://i.ibb.co/KmHs5tB/Monster-solution.png (https://ibb.co/HXQPKcR)
Changes: one more column to the center, one more pixel for every leg, eyes aligned with the mouth

Prototype monster available in these popular stock databases:
Stock #18930301 in vectorstock
Stock #105309653 in dreamstime
Stock #764317714 in shutterstock

Exact. I created Giant Step hashtable for 2^29 symmetrical combinations. Then, check Baby Step for second half of picture, also 2^29 symmetrical combinations.
Border+one half = Giant Step
second half - public key = Baby step

Memory spent for giant step is about 6Gb, can be safe reduced to 3-4Gb. 20 minutes to build hashtable.
baby step takes about 2 minutes to find key.
BSGS can be used for keys up to 70-75 bits.

It was a nice puzzle and fun to try. I think the number of possibilities wasa tad high to manually find it though. As an estimate: say there are 100 more or less obvious pictures that can easily be found on the internet, each with a several details that can be changed giving at least thousands of combinations per image.

I'm impressed! Congratulations!

Interesting... But how (why?) does this reduction work 2^116->2^58?
Does it mean that if I have for example private key in a range 2^144 and if I know public key then problem is reduced to 2^77?
Willing to learn more about it ;-)

For that key is more suitable Pollard's Kangaroo method. At current time, it is still uncrackable in years.

Yes, of course; it was just an example - to see the possible approach.
It means that exposing public key changes really a lot...

Congrats akkort :)

Respect to you! Very elegant solution!
You did not use the locked front door to come in, but decided to enter through the side/back door  ;)


For 256bit keys nowadays it is not possible to find the private key with these bsgs/pollard methods. The world record at the moment is something like 114bit (and 117bit on FPGA).
But of course for better security it is better never reveal the public key from your address. HD wallets are well designed for this purpose - they generate new wallet  after every transaction and transfer the change to new address.

it really does not.
brute forcing has always been about reducing the space you need to search. having the public key only changes the method but it will never reduce the search space. you still have to search the 256 bit space by only having the public key.
this puzzle was possible to brute force because it first reduces the search space to 144 bits then reduces it a little more by the last hint down to 116 bits. and finally with symmetry the search space is reduced down to half that value meaning 58-bits.

Hi MrFreeDragon, I did google search about Baby-step, Giant-step and Pollard method but I can't figure out how it works.
Do I need to have programming skills to learn about these thing ???

You mean that reduction is purely theoretical because of 'birthday paradox', right?

i am trying to point out that the reduction happened because this is a puzzle not a truly random private key.

I agree, but MrFreeDragon wrote "Do the weakness #2 (revealed public key) no need to brute all 116 bits (2^116), and only square root of total length is enough --> 58 bits (2^58)."
 and this is part I do not understand.

BabyStep-GiantStep method allows to perform square root of the total length operations. The puzzle address search range was reduced by border and "special non touching requirement" down to 116 bits (2^116). So to find any key (symmetrical or not) withing this range only 2^58 operations are required (but also you should prepare a hashtable before search). To be honest you will not have enough RAM to prepare the hashtable for 116 bit key.

Here the code for BSGS you can use to find keys with specific ranges: https://github.com/JeanLucPons/BSGS

I did not mention in puzzle rules that the hidden monster was symmetric. So, it could be only the assumption (but reasonable assumption). Assuming that the "monster" could be symmetrical means that only 116/2=58 bits are unknown, because the 2nd part of the monster is just a mirrored from the 1st part. Symmetry could be vertical or horizontal - so you should try both, but more probable symmetry is vertical.

Now for 58 bits with BSGS you need only 2^29 operations - this is easy just for 1 CPU to calculate.


Google for "Discrete Logarithm Problem" and you can find a lot of researches and presentations. For better understanding try to start with available presentations, some of them contain all the methods and compare them with each other.

Also in order to understand how Pollard/BSGS methods work, start with elliptic curve understanding (private key --> public key; scalar additions/multiplication if public keys - these knowledge is important to understand DLP solving methods.