I really don't understand why on-topic messages are being deleted by mods in this thread.
It's not like we're breaking Bitcoin itself. An open discussion regarding this challenge will actually encourage improvements in security.
Mods maybe understand after my these research there were no more improvments in security There are many research tools, all are about Brute Force, scanning etc, but they must understand every calc required those tools, like in my calc, also people could use kangroo scripts for scanning in bit range, which one is last in tools creating series, for pubkey search, next kangroo gpu ver soon coming, and make the puzzle finder more closer, currently some people created groupwise scanning by bitcrack for 64 puzzle and my research related to kangroo scanning + my exact calc anyway we can't comment on MODs decisions check if they dont have objection then let me Proof Exact and i will not reveal exact formula's and will not participate in puzzle 110 -----------\ Proof of Exact 110 puzzle lead by 100 bit only full member or most senior memebers can test my Proof you will Generate key pair inside 110 bit range you will post only pubkey from 110 i will post 2048 pubkeys inside 100 bit range you will post prvkey i will post 1 pubkey which one will exist in 100 bit (2048) corresponding to 110 bit range pubkey simple 4 post you will understand "Exact" it will save time of search in future for puzzle solver
|
|
|
So if I have an old public key how can I tell how many bits that pkey is ? (to run it in pollard kan)
paste your pubkey
|
|
|
Hi all dev seems you all only gone busy for your interest, its good, board in empty, no new updates, no new developmentsm, no new news, no sharing, etc comunity wish you join back, and update, post your new work , idea's, etc
|
|
|
Dear Bitcointalk friends, Here I am uploading millions of valid Bitcoin address and corresponding private keys for development purpose,education purpose,fun and luck . There are lot of websites and users those who sells Bitcoin address and corresponding private keys. All these are just scams for fooling newbies. Do not invest anything to purchase these types of lists and private key making software's. Please understand that Bitcoin key space is very huge . Generating 2 same Bitcoin address is possible, but for that you must be very very very lucky. I am uploading files in .xlsx format. Each file contains 1 Million Bitcoin address and corresponding private keys. I don't know the balances of all these addresses.I am just generating and uploading . It will take years to check the balances of all these addresses. Feel the mathematical beauty of Bitcoin ecosystem
Software used : https://github.com/exploitagency/vanitygen-plusCheck Bitcoin balances in multiple addresses here : https://bitcoin-wall.com/check/Bitcoin block explorer : https://www.blockchain.com/explorer Importing and sweeping private keys : https://coinguides.org/import-sweep-private-keys-electrum-wallet/ Files18/02/2019 File 1 : 1-18022019.xlsxFile 2 : 1-19022019.xlsx New files coming soon ... Bitcoin : 1KEYFZGnWQFMXT8Qnh9yzD79Gefgkq7kKV file missing File 2 :1-19022019.xlsx File has expired and does not exist anymore on this server pls repost this file and link for download ....
|
|
|
Dear dev's can you post script (python or c ) where multiple publickeys checking in kangroo bit range, (by reading pubkeys file i.e pubkeys.txt) same as implemented in brainflayer, like bloomfilter check bitcrack, vanitysearch, etc yes its reduce speed but 10%, but if publickeys are in 100 or 200, it will not effect love to see multiple pubkeys like bloom filter or else check in table, in bit range. hope you could manage it too
|
|
|
You should use the same bit version (32 or 64) and the same Python version (cp37 in the file name means Python version 3.7). The error looks like you use the incorrect wheel version.
thanks but its look like no hope ,because I use python 3.7 and x64 also, I changed to try python27 but still same error. thanks for your support. and about puzzle, What if we minimize the range of search ?!! it's possible to find it fast than full range. Thanks on ubuntu first run these command with sudo apt-get install libgmp-dev apt-get install libmpfr-dev apt-get install libmpc-dev then run direct install pip install gmpy2 or downloaded gmpy2 wheel files you will success
|
|
|
Seems no more new update in kangroo subject, all waiting GPu ver, but developer have it, and he maybe waiting to find 110 puzzle, but till no news in updates and upgrades in kaangroo anyway any modification for multiple pubkey find in range space at once, by input file (multiple pubkey)
|
|
|
hi in script, there is bug, or maybe he unable to catch point, as if you have 37 bit pubkey and you command is ./script 40 02xxxxxxpublickey 40 bit mean search in bit range but script will find key in 37 bit if you have 42 bit key, and same command for search in 40 bit by apply 40 or 8:fffff.... bit range, script will find 42 key
its not restrict only for define bit range mean always find start from 8 to onword, so its take time consume, Smiley test it
|
|
|
I deleted my posts to avoid any confusions.
Now i better understand how kangaroo jumping works, i didn't even know that it is possible to find a publickey which is not in the space we are searching for. That's why it finds the publickey when you just change Y. I thought that when a tame kangaroo jumps out of space, a new tame and wild kangaroo would be set within the space to start jumping again.
As my suggestion, it would be the same if you just set the searchspace for from 2^(bit-1) > (2(bit)-1) to (2^(bit-1) + 2^(bit-2)) > (2(bit)-1). You would have a 50% chance to find the key in sqr(2^(bit-2)). In my tests it must have been luck to find the keys not in that 50%chance in less time than average. The only benefit i see by pushing the space with the middle to Infinity point, would be if a X value match could be detected when a wildkangaroo starts in negative mirrored space. That would possible be a rarely case by the time it catches up to the positive space where all tame kangaroos would start.
i sent you PM, 2 time in last 2 days, have some time for reply Looking Farword
|
|
|
I need public key for non find number .. 64, 66 etc nobody help my? wait few month, soon some one will find and will post here
|
|
|
Telariust, Could you do us a favor and run our version of the secp256k1_ecmult_gen function through your same benchmarks and let us know what you get? This way we can compare apples to apples on hop rates. static inline void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) { /* Computing (n+b)G - bG instead of nG directly, no gain by changing this. */ secp256k1_scalar gnb; secp256k1_scalar_add(&gnb, gn, &ctx->blind); *r = ctx->initial;
for (int j = 0; j < 64; j++) { secp256k1_ge add; const int bits = secp256k1_scalar_get_bits(&gnb, j * 4, 4); secp256k1_ge_from_storage(&add, &(*ctx->prec)[j][bits]); secp256k1_gej_add_ge_var(r, r, &add, NULL); } }
Test#2, multiplication, pseudo random points, calculation 1million pubkeys in loop: for(uint64_t i = 1; i<1000000 ; ++i){ secp256k1_scalar_set_uint64(&scalarK, TestGej.x.n[0]); // pseudo random points MULT_FUNCTION_HERE(&context, point_jacobian, &scalarK) }
origin secp256k1_ecmult_gen() 1M at 26sec 699msec; 0.037 Mk/s custom BurtW secp256k1_ecmult_gen() 1M at 22sec 498msec; 0.044 Mk/s my processor 13-6100 ddr4 8gb tel-kangro-0.83 speed [~] 384.0K j/s; 14.1Mj 0.0%; dp/kgr=0.0; [ 0d 00:00:36s lost_TIME_left 750y 6m 8d 07:20:44s ]
|
|
|
This is my code (only monocore for obvious reasons ) import time import random import math import sys import gmpy2 import os
modulo = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
class Point: def __init__(self, x=0, y=0): self.x = x self.y = y
PG = Point(Gx,Gy) Z = Point(0,0) # zero-point, infinite in real x,y - plane def mul2(P, p = modulo): R = Point() c = 3*P.x*P.x*gmpy2.invert(2*P.y, p) % p R.x = (c*c-2*P.x) % p R.y = (c*(P.x - R.x)-P.y) % p return R
def addk(Pk, Qk, Nn, p = modulo): R = Point() Rk=[] for k in range(Nn): P=Pk[k] Q=Qk[k] R=add(P, Q) Rk.append(R) return Rk
def add(P, Q, p = modulo): R = Point() dx = Q.x - P.x dy = Q.y - P.y c = dy * gmpy2.invert(dx, p) % p R.x = (c*c - P.x - Q.x) % p R.y = (c*(P.x - R.x) - P.y) % p return R # 6 sub, 3 mul, 1 inv
def mulk(k, P = PG, p = modulo): if k == 0: return Z elif k == 1: return P elif (k % 2 == 0): return mulk(k>>1, mul2(P, p), p) else: return add(P, mulk( (k-1)>>1, mul2(P, p), p), p)
def X2Y(X, p = modulo): if p % 4 != 3: print ('prime must be 3 modulo 4') return 0 X = (X**3+7)%p pw = (p + 1) // 4 Y = 1 for w in range(256): if (pw >> w) & 1 == 1: tmp = X for k in range(w): tmp = (tmp**2)%p Y *= tmp Y %= p return Y
def comparator(A,B,Ak,Bk): result = list(set(A) & set(B)) if len(result) > 0: sol_kt = A.index(result[0]) sol_kw = B.index(result[0]) d = Ak[sol_kt] - Bk[sol_kw] print ('total time: %.2f sec' % (time.time()-starttime )) print ('SOLVED: %64X' % d + '\n') file = open("results.txt",'a') file.write(('%X'%(Ak[sol_kt] - Bk[sol_kw])) + ' - total time: %.2f sec' % (time.time()-starttime) +'\n') file.write("---------------\n") file.close() return True else: return False
Ptable = [PG] for k in range(255): Ptable.append(mul2(Ptable[k])) print ('P-table prepared')
def search(): global solved s=(ka+kb)>>1 d=(kb-ka) problem=int(math.log(d,2)) DP_rarity = 1 << ((problem - kangoo_powerT - kangoo_powerW)//2 - 2) hop_modulo = (problem-1 + kangoo_powerT+kangoo_powerW)//2 T, t, dt = [], [], [] W, w, dw = [], [], [] PW,PT = [],[] buft,bufw,buftk,bufwk = [],[],[],[] for k in range(Nt): qt=s+random.randint(1,d) t.append(qt) T.append(mulk(t[k])) PT.append(W0) dt.append(0) for k in range(Nw): qw=random.randint(1, d) w.append(qw) W.append(add(W0,mulk(w[k]))) PW.append(W0) dw.append(0) print ('tame and wild herds are prepared') oldtime = time.time() starttime = oldtime Hops, Hops_old = 0, 0 t0 = time.time() oldtime = time.time() starttime = oldtime while (1): for k in range(Nt): Hops += 1 ptk = T[k].x if ptk % (DP_rarity) == 0: buft.append(ptk) buftk.append(t[k]) pw = ptk % hop_modulo dt[k] = 1 << pw t[k] += dt[k] PT[k] = Ptable[pw] T=addk(PT, T, Nt) for k in range(Nw): Hops += 1 pwk = W[k].x if pwk % (DP_rarity) == 0: bufw.append(pwk) bufwk.append(w[k]) pw = pwk % hop_modulo dw[k] = 1 << pw w[k] += dw[k] PW[k] = Ptable[pw] W=addk(PW, W, Nw) t1 = time.time() if (Hops % Cycle) == 0: hopsp = (Hops-Hops_old)/(t1-t0) print('Total rate %d h/s, Total W %d, Total T %d' % (hopsp,len(bufw),len(buft))) if comparator(buft,bufw,buftk,bufwk) : solved=1 return t0 = t1 Hops_old = Hops return s=sys.argv[1] sa = sys.argv[2] sb = sys.argv[3] skw = sys.argv[4] skt = sys.argv[5] scyc = sys.argv[6] # ka = int(sa, 16) kb = int(sb, 16) # kangoo_powerT = int(skt, 10) kangoo_powerW = int(skw, 10) Cycle = 10**(int(scyc,10))
Nt = 2**kangoo_powerT Nw = 2**kangoo_powerW X = int(s, 16) Y = X2Y(X % (2**256)) if Y % 2 != (X >> 256) % 2: Y = modulo - Y X = X % (2**256) W0 = Point(X,Y)
starttime = oldtime = time.time() Hops = 0 random.seed() solved=0 search() print('Done ...')
command: $python play3.py 03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4 8000000000 FFFFFFFFFF 3 3 6 P-table prepared tame and wild herds are prepared Total rate 175651 h/s, Total W 33, Total T 29 Total rate 173849 h/s, Total W 59, Total T 45 Total rate 174196 h/s, Total W 92, Total T 85 Total rate 171762 h/s, Total W 111, Total T 111 Total rate 172377 h/s, Total W 138, Total T 139 total time: 28.81 sec SOLVED: E9AE4933D6 Done ... My previous hopping speed was around 110000. > I removed text files wild.txt and tame.txt > gained speed because A) I update wild and tame lists outside calculation loops B) I do not check collisions (comparator) at each step in the while loop, but only once every cycle (if (Hops % Cycle) == One more thing, you can experiment with different tame and wild kangaroo herd sizes Nw and Nt. its single pubkey cheking can you add read from pubkey.txt ( where more then 1 pubkey listed) for check in same bit range
|
|
|
Drotika: you can give me proof and solve the puzzel what i made for you with this tool what you sell. i generate a 74 bit address tell me the priv key and i will buy instantly. here is the compressed pub key.
02860383bb423be58e05694974bd9f509f6cf9d003c16360c1062cc417acd4270c
compressed address: 1NfQBC3hcwugx4fFjkp6ugNC8ZmYGddMz
This might be a sockpuppet account. So catpatkany might be same person as drotika. So be careful guys! If a mod could check this (IP?) please. Looks shady. Well, lets wait until someone beyond Newbie post a new 74 bit address generated to test Drotika's tool. bit75 03a407ff62f7943a48eb34df67e4fb5c50e963ab4c83ae26a7c7af1fa5dec7e6a5 show PK
|
|
|
Can you add multithreading to this code ?
time is not for multithreading, time is for cuda
|
|
|
python 2.py 03d2063d40402f030d4cc71331468827aa41a8a09bd6fd801ba77fb64f8e67e617 0xaf55fc59c335c8e0000000000 0xaf55fc59c335c8f0000000000 3 P-table prepared tame and wild herds are prepared 220012.055 h/s 229034.780 h/s total time: 11.90 sec SOLVED: AF55FC59C335C8EC67ED24826
('Hops:', 2691957)
Very narrow range was choosen, that's why so fast. Try at least this one: 03d2063d40402f030d4cc71331468827aa41a8a09bd6fd801ba77fb64f8e67e617 cccccccccccccccccccccccb5 e666666666666666666666647 8 (addr #100 ragne 30% -> 40%, as the PKEY is located at ~37% position) --------- Your speed is impressive ))). Could you share your script? Or it was unchanged? unchanged if i run 2 script in 2 difrent folder speed for each script is 220012.055 h/s 229034.780 h/s if only 1 script run, speed is 238000 h/s
|
|
|
Here is the code with my changes import time import random import gmpy2 import math import sys
modulo = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
class Point: def __init__(self, x=0, y=0): self.x = x self.y = y
PG = Point(Gx,Gy) Z = Point(0,0) # zero-point, infinite in real x,y - plane
# return (g, x, y) a*x + b*y = gcd(x, y) def egcd(a, b): if a == 0: return (b, 0, 1) else: g, x, y = egcd(b % a, a) return (g, y - (b // a) * x, x)
def rev(b, n = modulo): while b < 0: b += modulo g, x, _ = egcd(b, n) if g == 1: return x % n def mul2(P, p = modulo): R = Point() # c = 3*P.x*P.x*rev(2*P.y, p) % p c = 3*P.x*P.x*gmpy2.invert(2*P.y, p) % p R.x = (c*c-2*P.x) % p R.y = (c*(P.x - R.x)-P.y) % p return R
def add(P, Q, p = modulo): R = Point() dx = Q.x - P.x dy = Q.y - P.y c = dy * gmpy2.invert(dx, p) % p #c = dy * rev(dx, p) % p R.x = (c*c - P.x - Q.x) % p R.y = (c*(P.x - R.x) - P.y) % p return R # 6 sub, 3 mul, 1 inv
def mulk(k, P = PG, p = modulo): if k == 0: return Z elif k == 1: return P elif (k % 2 == 0): return mulk(k/2, mul2(P, p), p) else: return add(P, mulk( (k-1)/2, mul2(P, p), p), p)
def X2Y(X, p = modulo): if p % 4 != 3: print ('prime must be 3 modulo 4') return 0 X = (X**3+7)%p pw = (p + 1) // 4 Y = 1 for w in range(256): if (pw >> w) & 1 == 1: tmp = X for k in range(w): tmp = (tmp**2)%p Y *= tmp Y %= p return Y
def comparator(): A, Ak, B, Bk = [], [], [], [] with open('tame.txt') as f: for line in f: L = line.split() a = int(L[0],16) b = int(L[1],16) A.append(a) Ak.append(b) with open('wild.txt') as f: for line in f: L = line.split() a = int(L[0],16) b = int(L[1],16) B.append(a) Bk.append(b) result = list(set(A) & set(B)) if len(result) > 0: sol_kt = A.index(result[0]) sol_kw = B.index(result[0]) print ('total time: %.2f sec' % (time.time()-starttime)) d = Ak[sol_kt] - Bk[sol_kw] print ('SOLVED: %64X' % d + '\n') file = open("results.txt",'a') file.write(('%X'%(Ak[sol_kt] - Bk[sol_kw])) + "\n") file.write("---------------\n") file.close() return True else: return False
def check(P, Pindex, DP_rarity, file2save): if P.x % (DP_rarity) == 0: file = open(file2save,'a') file.write(('%064X %064X'%(P.x,Pindex)) + "\n") file.close() return comparator() else: return False P = [PG] for k in range(255): P.append(mul2(P[k])) print ('P-table prepared')
def search(a,b): global solved s=(a+b)>>1 d=(b-a) problem=int(math.log(d,2)) # print(a,b,s,d,'\n') DP_rarity = 1 << ((problem - 2*kangoo_power)//2 - 2) hop_modulo = ((problem-1)// 2) + kangoo_power T, t, dt = [], [], [] W, w, dw = [], [], [] for k in range(Nt): qtf= s qtr= random.randint(1,d) # print('tame\n',qtf,qtr) qt=qtf+qtr t.append(qt) T.append(mulk(t[k])) dt.append(0) for k in range(Nw): qw=(random.randint(1, d)) # print('wild\n',qw) w.append(qw) W.append(add(W0,mulk(w[k]))) dw.append(0) print ('tame and wild herds are prepared') oldtime = time.time() starttime = oldtime Hops, Hops_old = 0, 0 t0 = time.time() oldtime = time.time() starttime = oldtime while (1): for k in range(Nt): Hops += 1 pw = T[k].x % hop_modulo dt[k] = 1 << pw solved = check(T[k], t[k], DP_rarity, "tame.txt") if solved: break t[k] += dt[k] T[k] = add(P[pw], T[k]) if solved: break for k in range(Nw): Hops += 1 pw = W[k].x % hop_modulo dw[k] = 1 << pw solved = check(W[k], w[k], DP_rarity, "wild.txt") if solved: break w[k] += dw[k] W[k] = add(P[pw], W[k]) if solved: break t1 = time.time() if (t1-t0) > 5: print ('%.3f h/s'%((Hops-Hops_old)/(t1-t0))) t0 = t1 Hops_old = Hops hops_list.append(Hops) print ('Hops:', Hops) return 'sol. time: %.2f sec' % (time.time()-starttime)
s=sys.argv[1] sa = sys.argv[2] sb = sys.argv[3] sk = sys.argv[4] a = int(sa, 16) b = int(sb, 16) kangoo_power = int(sk, 10) Nt = Nw = 2**kangoo_power X = int(s, 16) Y = X2Y(X % (2**256)) if Y % 2 != (X >> 256) % 2: Y = modulo - Y X = X % (2**256) W0 = Point(X,Y) starttime = oldtime = time.time() Hops = 0 random.seed()
hops_list = []
solved = False open("tame.txt",'w').close() open("wild.txt",'w').close() search(a,b)
Example (case 32) python kang.py 0387dc70db1806cd9a9a76637412ec11dd998be666584849b3185f7f9313c8fd28 80000000 FFFFFFFF 3 (the last number 3 is the kangooro_power) P-table prepared tame and wild herds are prepared total time: 0.21 sec SOLVED: 7D4FE747 ('Hops:', 23072) python 2.py 03d2063d40402f030d4cc71331468827aa41a8a09bd6fd801ba77fb64f8e67e617 0xaf55fc59c335c8e0000000000 0xaf55fc59c335c8f0000000000 3 P-table prepared tame and wild herds are prepared 220012.055 h/s 229034.780 h/s total time: 11.90 sec SOLVED: AF55FC59C335C8EC67ED24826 ('Hops:', 2691957)
|
|
|
Kangaroo System, test friends. Can you share your scan time and speed? and How many bits?
I'm
48 bit - 110k / s - 87 sec 51 bit - 110k / s - 200 sec
60 bit - 100k/s - 3900 sec can your share modified script for search range... ? PM me
|
|
|
I have tried the python code on linux and windows with or without gmpy2. I was able to retrieve all known private keys (up to case 100) with linux python. However when using windows things go wrong beyond case 59. For exemple case 60 ... the private key should be 0xFC07A1825367BDA but I get 0xFC07A1825367BXX with XX a random number case 61 ... the private key should be 0x13C96A3742F64906 but I get 0x13C96A3742F64XXX with XXX a random number case 63 ... the private key should be 0x7CCE5EFDACCF6808 but I get 0x7CCE5EFDACCF6XXX with XXX a random number etc ... This bug persists even without gmpy2 !!! I am working on it What hardware do you use and how long it took to crack 100? To check all known private keys, I changed the code to search within a given range [a, b], not necessarily the whole range. For instance, private key for case 100 is 0xaf55fc59c335c8ec67ed24826, so if I run my modified python script for range [ 0xaf55fc59c335c8e0000000000, 0xaf55fc59c335c8f0000000000 ], I get the answer in less than half a minute. like to share modifed script for search range ?
|
|
|
#!/usr/bin/python
# by 57fe (fe57.org/forum/thread.php?board=4&thema=1#1)
####################### # print() compatibility python 2/3 from __future__ import print_function ####################### # settings
pow2pubkey = 32 # bits/order/pow2/exp key
pow2kangaroo = 3 # discriminator
Ntimeit = 10 # times for avg runtime
prngseed = 0 # 0,any flag_debug = 0 # 0,1,2,3
####################### # low order pubkeys
pubkeys = { 16: ('029d8c5d35231d75eb87fd2c5f05f65281ed9573dc41853288c62ee94eb2590b7a', 0xc936) , 24: ('036ea839d22847ee1dce3bfc5b11f6cf785b0682db58c35b63d1342eb221c3490c', 0xdc2a04) , 32: ('0209c58240e50e3ba3f833c82655e8725c037a2294e14cf5d73a5df8d56159de69', 0xb862a62e) , 33: ('02ed949eaca31df5e8be9bf46adc1dfae1734b8900dcc303606831372955c728da', False) #0x01abcd1234 , 40: ('03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4', 0xe9ae4933d6) , 45: ('026ecabd2d22fdb737be21975ce9a694e108eb94f3649c586cc7461c8abf5da71a', 0x122fca143c05) , 50: ('03f46f41027bbf44fafd6b059091b900dad41e6845b2241dc3254c7cdd3c5a16c6', 0x022bd43c2e9354) , 65: ('0230210c23b1a047bc9bdbb13448e67deddc108946de6de639bcc75d47c0216b1b', 0x01a838b13505b26867) ,105: ('03bcf7ce887ffca5e62c9cabbdb7ffa71dc183c52c04ff4ee5ee82e0c55c39d77b', False) }
####################### # import
import os import sys import time import random
try: # https://www.lfd.uci.edu/~gohlke/pythonlibs/ import gmpy2 except: flag_gmpy2 = False print("[warn] gmpy2 not found. raw python is slow!") else: flag_gmpy2 = True
try: from coincurve import PrivateKey, PublicKey from coincurve.utils import int_to_bytes, hex_to_bytes, bytes_to_int, bytes_to_hex, int_to_bytes_padded except: flag_coincurve = False #print("[warn] coincurve not found. random pubkey not available!") else: flag_coincurve = True
if 0: from multiprocessing import Pool from multiprocessing import cpu_count from multiprocessing import freeze_support
####################### # python 2,3
#import sys #import time if sys.version_info[0] == 2: from time import clock else: from time import perf_counter from time import process_time clock = time.perf_counter xrange=range raw_input=input
####################### # secp256k1
#modulo = 2**256-2**32-2**9-2**8-2**7-2**6-2**4-1 modulo = 115792089237316195423570985008687907853269984665640564039457584007908834671663 order = 115792089237316195423570985008687907852837564279074904382605163141518161494337 #modulo = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F #order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240 Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424 #Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 #Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
class Point: def __init__(self, x=0, y=0): self.x = x self.y = y
Gp = Point(Gx,Gy) Zp = Point(0,0) # zero-point, infinite in real x,y - plane
####################### # functions
# return (g, x, y) a*x + b*y = gcd(x, y) def egcd(a, b): if a == 0: return (b, 0, 1) else: g, x, y = egcd(b % a, a) return (g, y - (b // a) * x, x)
def rev(b, n=modulo): while b < 0: b += n g, x, _ = egcd(b, n) if g == 1: return x % n
def mul2(P, p=modulo): R = Point() if flag_gmpy2: c = 3 * P.x * P.x * gmpy2.invert(2*P.y, p) % p else: c = 3 * P.x * P.x * rev(2*P.y, p) % p R.x = (c*c - 2*P.x) % p R.y = (c*(P.x - R.x) - P.y) % p return R
# 1I, 3M def add(P, Q, p=modulo): R = Point() dx = Q.x - P.x dy = Q.y - P.y if flag_gmpy2: # 1I, 1M c = dy * gmpy2.invert(dx, p) % p else: c = dy * rev(dx, p) % p R.x = (c*c - P.x - Q.x) % p # 1M R.y = (c*(P.x - R.x) - P.y) % p # 1M return R
def mulk(k, P=Gp, p=modulo): if k == 0: return Zp elif k == 1: return P elif (k % 2 == 0): return mulk(k/2, mul2(P, p), p) else: return add(P, mulk( (k-1)/2, mul2(P, p), p), p)
def newX2Y(X, y_parity): p = modulo
Y = 3 tmp = 1 while Y: if Y & 1: tmp = tmp*X % p Y >>= 1 X = X*X % p
X = (tmp+7) % p
Y = (p+1)//4 tmp = 1 while Y: if Y & 1: tmp = tmp*X % p Y >>= 1 X = X*X % p
Y = tmp
if Y%2 != y_parity: Y = -Y % p
return Y
def KANGAROO():
DP_rarity = 1 << ((pow2pubkey - 2*pow2kangaroo)//2 - 2) if flag_debug > 0: print("[DP_rarity] 1<<((pow2pub - 2*pow2k) -2) = 1<<((%s-2*%s)//2 -2) = %s" % (pow2pubkey,pow2kangaroo,DP_rarity))
jump_modulo = ((pow2pubkey-1) // 2) + pow2kangaroo if flag_debug > 0: print("[jump_modulo] (pow2pub-1)//2 + pow2k = (%s-1)//2 + %s = %s" % (pow2pubkey,pow2kangaroo,jump_modulo))
T, t, dt = [], [], [] W, w, dw = [], [], []
if flag_debug > 0: print( '[t] 3<<(pow2pub-2) + rng(1,(1<<(pow2pub-1))) = 3<<(%s-2) + rng(1,(1<<(%s-1))) = %s + %s' % ( pow2pubkey, pow2pubkey ,3<<(pow2pubkey-2), random.randint(1, (1<<(pow2pubkey-1))) ) )
for k in range(Nt): t.append((3 << (pow2pubkey - 2)) + random.randint(1, (1 << (pow2pubkey - 1))))#-(1 << (pow2pubkey - 2)) ) T.append(mulk(t[k])) dt.append(0) for k in range(Nw): w.append(random.randint(1, (1 << (pow2pubkey - 1)))) W.append(add(W0,mulk(w[k]))) dw.append(0)
print('[+] T+W ready')
n_jump = last_jump = 0 prvkey = False; A, Ak, B, Bk = [], [], [], [] t0 = t1 = t2 = time.time()
while (1):
if flag_debug > 2: print('[new_loop] %s jumps'%n_jump) for k in range(Nt): if flag_debug > 2: print('[k/Nt] %s/%s'%(k+1,Nt)) n_jump += 1 pw = T[k].x % jump_modulo pw = int(pw) dt[k] = 1 << pw
if T[k].x % (DP_rarity) == 0: A.append(T[k].x) Ak.append(t[k]) if flag_debug > 1: print('[tame] A=%s, B=%s'%(len(A),len(B))) if flag_debug > 0: save2file('tame.txt', 'a', '%064x %s\n'%(T[k].x,t[k]) ) result = list(set(A) & set(B)) if len(result) > 0: sol_kt = A.index(result[0]) sol_kw = B.index(result[0]) prvkey = Ak[sol_kt] - Bk[sol_kw]
if prvkey: break t[k] += dt[k] T[k] = add(P[pw], T[k]) if prvkey: break for k in range(Nw): if flag_debug > 2: print('[k/Nw] %s/%s'%(k+1,Nw)) n_jump += 1 pw = W[k].x % jump_modulo pw = int(pw) dw[k] = 1 << pw
if W[k].x % (DP_rarity) == 0: B.append(W[k].x) Bk.append(w[k]) if flag_debug > 1: print('[wild] A=%s, B=%s'%(len(A),len(B))) if flag_debug > 0: save2file('wild.txt', 'a', '%064x %s\n'%(W[k].x,w[k]) ) result = list(set(A) & set(B)) if len(result) > 0: sol_kt = A.index(result[0]) sol_kw = B.index(result[0]) prvkey = Ak[sol_kt] - Bk[sol_kw]
if prvkey: break w[k] += dw[k] W[k] = add(P[pw], W[k]) if prvkey: break t2 = time.time() if (t2-t1) > 1: if sys.version_info[0] == 2: print('\r[~] %.1f j/s'%((n_jump-last_jump)/(t2-t1)), end='') sys.stdout.flush() else: print('\r[~] %.1f j/s'%((n_jump-last_jump)/(t2-t1)), end='', flush=True ) t1 = t2 last_jump = n_jump
return prvkey, n_jump, (time.time()-t0)
def save2file(path, mode, data): fp = open(path, mode) if type(data) in (list,tuple,dict): fp.writelines(data) else: #elif type(data) in (str,int): fp.write(data) fp.close()
def usage(): print('[usage] %s [bits] [pubkey]'%(sys.argv[0])) print(' %s 32'%(sys.argv[0])) print(' %s 32 %s'%(sys.argv[0],pubkeys[32][0])) exit(-1)
####################### #main
if __name__ == '__main__':
#print('[os] %s' % os.name) if os.name == 'nt': #freeze_support() pass
print("[################################################]") print("[# ECDSA Pollard-kangaroo PrivKey Recovery Tool #]") print("[# based on code by 57fe 2019 #]") print("[# singlecore #]"); #print("[# multicore #]"); print("[################################################]")
if len(sys.argv) > 1 and str(sys.argv[1]) in ('--help','-h','/?') : usage()
print('[date] {}'.format(time.ctime())) print("[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]")
if prngseed in (0,'0',False,'False','false',''): prngseed = random.randint(1,2**32) random.seed(prngseed) print('[PRNGseed] %s' % prngseed)
if len(sys.argv) > 1 : try: pow2pubkey=int(sys.argv[1]) except: usage() if pow2pubkey < 1 or pow2pubkey > 256 : print("[error] bits must be in range 1..256!") usage() print('[bits] 2^%s %s' % (pow2pubkey, '(warn: too big!)' if pow2pubkey>50 else ''))
if len(sys.argv) > 2 : prvkey0 = False pubkey0 = str(sys.argv[2]) print('[i] pubkey#%s loaded from argv2' % pow2pubkey) elif flag_coincurve: prvkey0 = random.randint(1,2**pow2pubkey) pubkey0 = bytes_to_hex(PublicKey.from_secret(int_to_bytes_padded(prvkey0)).format(1)) #pubkey0 = bytes_to_hex(PublicKey.from_secret(int_to_bytes_padded(prvkey0)).format(0)) print('[i] pubkey#%s randomly generated' % pow2pubkey) else: pubkey0, prvkey0 = pubkeys[pow2pubkey] print('[i] pubkey#%s loaded from default table' % pow2pubkey) else: print('[bits] 2^%s %s' % (pow2pubkey, '(warn: too big!)' if pow2pubkey>50 else '')) pubkey0, prvkey0 = pubkeys[pow2pubkey] print('[i] pubkey#%s loaded from default table' % pow2pubkey) if prvkey0 not in (0,'0',False,'False','false',''): print('[prvkey#%s] 0x%064x' % (pow2pubkey,prvkey0)) print('[pubkey#%s] %s' % (pow2pubkey,pubkey0))
#calc Y if pubkey is compress if len(pubkey0)==130: X = int(pubkey0[2:66], 16) Y = int(pubkey0[66:],16) print("[format] uncompressed") elif len(pubkey0)==66: X = int(pubkey0[2:66], 16) Y = newX2Y(X,int(pubkey0[:2])-2) print("[format] compressed") else: print("[error] pubkey len(66/130) invalid!") usage()
print("[Xcoordinate] %064x" % X) print("[Ycoordinate] %064x" % Y)
W0 = Point(X,Y)
print("[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]") starttime = time.time()
P = [Gp] for k in range(255): P.append(mul2(P[k])) print('[+] P-table ready') Nt = Nw = 2**pow2kangaroo if flag_debug > 0: print("[range(L..U)] 1..2^%s(0x%x)" % (pow2pubkey, 2**pow2pubkey)) print("[w=U-L] 0x%x ; w/2=0x%x" % (2**pow2pubkey, 2**(pow2pubkey-1))) print("[pow2k] 2^%s: Nt=%s, Nw=%s" % (pow2kangaroo,Nt,Nw))
jumps_list = [] runtime_list = []
#timeit for i in range(Ntimeit): print("[~~~~~~~~~~~~~~~~~~~~~~~[%s]~~~~~~~~~~~~~~~~~~~~~~]"%(i+1)) if flag_debug > 0: save2file('tame.txt', 'w', '') save2file('wild.txt', 'w', '') prvkey, n_jump, runtime = KANGAROO() jumps_list.append(n_jump) runtime_list.append(runtime) print('') print('[prvkeyX] %064x' % (prvkey) ) save2file('results.txt', 'a', ('%064x\n'%prvkey, '---------------\n'))
if prvkey0 not in (0,'0',False,'False','false',''): print('[prvkey0] %064x' % (prvkey0)) if prvkey == prvkey0: print('[double-check] success!') else: print('[double-check] failed!') print('[jump] %s' % n_jump) print('[time] %.1f sec' % runtime)
print("[################################################]")
if Ntimeit > 1: M = sum(jumps_list)*1.0 / len(jumps_list) print('[(avg)jump] %.0f' % (M) ) #D = sum((xi - M) ** 2 for xi in jumps_list)*1.0 / len(jumps_list) #print('[(avg)jum2] %.1f +/- %.1f' % (M, (D/(len(jumps_list)-1))**0.5) ) print('[(avg)time] %.1f sec' % (sum(runtime for runtime in runtime_list)/Ntimeit) ) #print('[(avg)tim2] %.1f sec' % ((time.time()-starttime)/Ntimeit) ) else: pass
print("[################################################]") print('[date] {}'.format(time.ctime())) #print('[exit] exit') #print('');raw_input('Press ENTER to continue...');print('') exit(0)
Addon needed remove pubkeys = xxxxxx add example ** with open("pubkeys.txt", "r") as m: add = m.read().split() for ad in add: *** multi pubkeys at once check inside bit range this script check only 1 pubkey in bit range
|
|
|
|