C# compute public key from private key, very slow, ~10Keys/s

[daboehla]

Hallo out there,

I tried to compute the public key from a private key in a C# programm.
Lets say i have the priv key: 26760d07c7b06da3ac7d27946b4853e0665c50e0a8b705269b2cfd48f061de2b
so the public key would be: 1A9yKFpmH1GFFeLLv2XGhP41BKCFgRgykN

I was able to compute it with Bitcoin Address Utility (https://en.bitcoin.it/wiki/Bitcoin_Address_Utility).
But my issue is that this way is VERY slow.

I make a for loop and compute it 100 times and it takes 10s! -> 10 Keys/s...

So is there a way to compute it much faster in C# ?

Here is my loop code:

Code:

                DateTime start = DateTime.Now;
                for (int i = 0; i < 100; i++) {
                    KeyPair kp = new KeyPair(txtPrivHex.Text, compressed: compressToolStripMenuItem.Checked);
                    string pubkey = kp.AddressBase58;
                }
                double elapsedsecs = (DateTime.Now - start).TotalSeconds;

I found the command which takes 100ms:

Code:

            Org.BouncyCastle.Math.BigInteger Db = new Org.BouncyCastle.Math.BigInteger(1, _privKey);
            ECPoint dd = point.Multiply(Db);

When i look to vanitygen, they are able to compute about 1.000.000 Keys/s without problems...
So i think they are compute the public key another way?

Would be happy to have a solution

[1714940451]

1714940451

[1714940451]

1714940451

[1714940451]

1714940451

[1714940451]

1714940451

[1714940451]

1714940451

[1714940451]

1714940451

[HugoTheSpider]

Code:

ECPoint dd = point.Multiply(Db);

In ECDSA math, it's required to implement the multiply feature by repeatedly doing point additions and point doublings. The other reason of the slow down in your code you experience is the modular inverse operation which is called inside the Multiply() function once at least.

When you look deeper in the code of "vanitygen", you'll see vanitygen does a single point multiplication operation then just one point addition for each candidate in the current batch. The sparly documented OpenSSL function EC_POINTs_MAKE_AFFINE is also utilized by vanitygen which tells OpenSSL to apply the expensive modular inverse on the whole batch at once before vanitygen starts to extract the public keys using EC_POINT_point2oct.

What are you trying to achieve?

[daboehla]

Code:

ECPoint dd = point.Multiply(Db);

In ECDSA math, it's required to implement the multiply feature by repeatedly doing point additions and point doublings. The other reason of the slow down in your code you experience is the modular inverse operation which is called inside the Multiply() function once at least.

When you look deeper in the code of "vanitygen", you'll see vanitygen does a single point multiplication operation then just one point addition for each candidate in the current batch. The sparly documented OpenSSL function EC_POINTs_MAKE_AFFINE is also utilized by vanitygen which tells OpenSSL to apply the expensive modular inverse on the whole batch at once before vanitygen starts to extract the public keys using EC_POINT_point2oct.

What are you trying to achieve?

Ok, I thought that vanitygen have a trick ^^

I wanted to build a big Brainwallet Database. Get a big password list, hash them SH256 and take this as priv. Key.
Then I want to see which are ever used, so I need the public key.
As same as http://pastebin.com/s29kk2bb does.

He have a Database with 17.000.000 entries. And if I also want to build this, it would take about 1.700.000s -> about 20 Days.
So I thought there is likely a faster way to build this.

[HugoTheSpider]

You could use multithreading to speed things up a bit.

If you want to check a bigger amount of brain wallets in a reasonable time, you have to study the underlying ECDSA math.

Just do it for satifying your curiosity, don't expect to get rich if you intent to take the funds because this bitcoin network is already being monitored by bots with very low latency network connections.

For your curiosity:
I had already checked the blockchain using a 1 500 000 000 entries wordlist and a self made cracker operating at 100000 keys/s. utilizing all CPU cores and found about ~18500 bitcoin addresses which had funds, many of them were created during a brain wallet spam attack launched on 31.08.2013.

[daboehla]

Yeah sure I would use multithreading, but the only pc who is running 24/7 is a Laptop with dual-core xD

Not doing it because of the money. I know that the time I would spend on this project is not worth, if you only see the money as output ^^

Wow ok "rewriting" the ECDSA is to deep for me I think.

Ok then I will write the bitcoind first, to get new transactions. I think this is hard enough for me.

Thx for your info!

[ermaxinc]

Sorry!
But anybody know how compute public key from private key only with c#, without other soft?
Function, class etc ?

Need compute compress and ucompress key.

[A-Bolt]

But anybody know how compute public key from private key only with c#, without other soft?
Function, class etc ?
Need compute compress and ucompress key.

NBitcoin library:

Code:

using NBitcoin;

...

var privKeyCompressed = new Key();            
var pubKeyCompressed = privKeyCompressed.PubKey;

var privKeyUncompressed = new Key(false);
var pubKeyUncompressed = privKeyUncompressed.PubKey;

[Coding Enthusiast]

NBitcoin library:

FYI, NBitcoin is "other soft" which he was asking not to use. Not to mention that it is a wrapper around C# implementation of Bouncy Castle which is a wrapper around the main project which is Bouncy Castle and it is written in Java.

P.S. If you want fast EC calculations then you have to have the Gs pre-calculated and use that for the scalar multiplication. Otherwise if you are using the usual "Double-and-add" method, it will be time consuming. Of course 10 second is not because of that. It is because of all the overhead that these libraries have! Otherwise if you re-write the same functions and use that, your timing will be reduced to <3 second per 100 iteration (checked with debug mode, it will be faster in compiled).