Bitcoin Forum
February 06, 2025, 04:48:35 PM *
News: Community Awards voting is open
 
   Home   Help Search Login Register More  
Pages: « 1 ... 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 [242] 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 ... 368 »
  Print  
Author Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it  (Read 252331 times)
saatoshi_falling
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
April 08, 2024, 08:49:20 AM
 #4821

Puzzle 81 is quite safe. I solved Puzzle 80 in about 26 hours (with extremely large memory in BSGS). The bot does not work on that number.

min:sec

70 bit --> 01:01
80 bit --> 56:24


nomachine suggest puzzle 79,81...
What is your suggestion as the lowest safest puzzle to put your efforts in?
joseperal
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 08, 2024, 09:28:57 AM
 #4822

Hi guys,

Nice work!

I also did develop my tool, "Colisionador" (collider in spanish), as I do not trust the founds are being sent to the cloud.

When you mention the bots war, is it because the private key found is leaked to the cloud?

I did program it on C, trying to make if super efficient and fast (I know it is still not as fast as your GPUs tools).
I keep the source code closed at the moment, but just ask if you would like to collaborate.
You can run the binaries released it if you want: https://github.com/japeral/colisionador_releases

I like to run it in Debian on WSL, running on Windows 10. There is also binaries for ARMv7 and Windows X86.

It collides against a sorted list of ripemd160 from public addresses with balance.
On 2024-03-22 when I scrapped a fully synced BTC node database with 53994718 addresses (53.9 Million addresses).

The list include the 256 pieces of the puzzle also, those with balance 0 and still not 0.

You can download the full sorted list of r160's updated up to 2024-03-22 here:
https://drive.usercontent.google.com/download?id=1mAX4kdXaYSBYYGtgQf30Sw_Zkhl2GC3r&export=download&confirm=yes

The tool, loads the list into RAM, and with a binary search on the sorted list, search each key ripedmd160 against the list in RAM. You can edit the list to target different public addresses with the "-list" parameter.

Speed improvements are marginal if the list size is reduced, so I always load the entire list.

The search speed is between 15-25K keys/s per CPU thread, depending on the CPU clock.

On a AMD Ryzen 7 7730U CPU with 16th threads, the tool searches at 15K keys/s per thread, making a total of ~215K keys/s
On a Raspberry pi4, @4 threads, it makes a total of ~31K keys/s.

It currently supports CPU only.
It spreads the load across all the threads available in the system. I use OpenMP for the parallelization.

It computes the: compressed_02, compressed_03, uncompressed_04, compressed_06 and compressed_07 Id's.

I am targeting the search space of puzzle 66 (that is all zeros from the left, bit 66 to 1, and the random bits down to bit 0). For that just run the tool with the parameter "-puzzle 66". The lower bits are randomized every 16777215 Keys (000000 - FFFFFF) ~ 15mins of work. Each thread is independent and jumps into a different location inside the puzzle search space.

You can run as many instances of the tool, in as many machines you want.

Because the random nature of the jumps, the probability of covering the entire search space is even.

You could also target all the addresses with balance, just with the parameter "-puzzle 255", against the probability of finding anything. You could use it as a lottery cracker.

If a finding happens, the tool saves the result in a found.txt file. It also converts the private key into WIF format for convenience to easily import it into the wallet with importprivkey command.

I have a question:

How the hell are you finding puzzle pieces 70, 75, 80, 85, etc before puzzle 66, if the search space of those puzzles are much bigger that the puzzle 66 search space?

It is also interesting,  puzzle pieces: 161-256 are also spent.

Is it any other clue to delimit the search space of every puzzle piece?

As far as I know:
For puzzle 66, search space is:

Code:
from:
00000000000000000000000000000000000000000000000200000000000000000000000
to:
000000000000000000000000000000000000000000000003FFFFFFFFFFFFFFFFFFFFFFF

That is: 36893488147419103231 keys to check!

Thanks!
citb0in
Hero Member
*****
Offline Offline

Activity: 896
Merit: 782


Bitcoin g33k


View Profile
April 08, 2024, 09:40:36 AM
Merited by LoyceV (6), ABCbits (2), Lucius (1)
 #4823

I keep the source code closed at the moment, but just ask if you would like to collaborate.
You can run the binaries released it if you want: <link-removed>

I can only expressly warn everyone not to download ready-made binaries from unknown sources and run them on their computer. As long as the source code is not open, you never know what the program is doing in the background. Someone with malicious intentions could use the executed program, for example, to spy on and extract data from your own PC, i.e. it could, for example, read your existing hard disk or RAM data and copy passwords or wallet files out to the INternet on some server. Never ever download programs in .dll or .exe form from unknown sources and never run them. Whether and whom you trust is of course up to you, this is only a well-intentioned warning.

The shown program (test.bat) calls a binary executable:
Quote
colisionador_x86_64.exe -list puzzle_r160list_sorted.csv -puzzle 0 -threads 1 -start_pk_bin 0000000000000000000000000000000000000000000000000000000000000001

as well as all other start scripts listed here. Stay away !

  _      _   _       __  _          _  _   __
 |_) |  / \|/   (_  / \ | \  / |_ |_) (_ 
 |_) |_ \_/ \_ |\   __) \_/ |_ \/  |_ | \ __)
--> citb0in Solo-Mining Group <--- low stake of only 0.001 BTC. We regularly rent about 5 PH/s hash power and direct it to SoloCK pool. Wanna know more? Read through the link and JOIN NOW
joseperal
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 08, 2024, 09:47:31 AM
 #4824

A preventive action is to run the binary in a virtual machine without internet access.
citb0in
Hero Member
*****
Offline Offline

Activity: 896
Merit: 782


Bitcoin g33k


View Profile
April 08, 2024, 10:04:30 AM
 #4825

A preventive action is to run the binary in a virtual machine without internet access.

I did program it on C, trying to make if super efficient and fast (I know it is still not as fast as your GPUs tools).
I keep the source code closed at the moment, but just ask if you would like to collaborate.
You can run the binaries released it if you want: <link-removed>

I like to run it in Debian on WSL, running on Windows 10. There is also binaries for ARMv7 and Windows X86.

you deliberately keep the source code closed, but claim to want to collaborate. This is evidence of cognitive dissonance. Instead, you give the user direct instructions on how to proceed using WSL by means of a supposed "hint". A rogue who thinks evil.

Instead, explain why you provide closed-source binaries under the guise of "assistance" and "collaboration". That doesn't make sense, but everyone can decide that for themselves. The warning still applies --> do not download and run closed-sourced binaries if the developer is not trusted, especially if there are not even any advantages to doing so

  _      _   _       __  _          _  _   __
 |_) |  / \|/   (_  / \ | \  / |_ |_) (_ 
 |_) |_ \_/ \_ |\   __) \_/ |_ \/  |_ | \ __)
--> citb0in Solo-Mining Group <--- low stake of only 0.001 BTC. We regularly rent about 5 PH/s hash power and direct it to SoloCK pool. Wanna know more? Read through the link and JOIN NOW
joseperal
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 08, 2024, 10:11:49 AM
 #4826

I am interested to know the nature of the bot wars.

How is it possible the war?

Are the Kangaroo and BSGS tools sending the private key findings to the developers?
citb0in
Hero Member
*****
Offline Offline

Activity: 896
Merit: 782


Bitcoin g33k


View Profile
April 08, 2024, 10:44:05 AM
 #4827

I am interested to know the nature of the bot wars.

How is it possible the war?

Are the Kangaroo and BSGS tools sending the private key findings to the developers?

a strange question from someone who develops a tool for brute-forcing the Bitcoin puzzle and, according to his own description, generates pubkeys to check against hash160. If I look at the rest of your repositories, you have several Bitcoin construction sites and therefore your question seems even stranger. You should know enough about priv/pubkeys one would think (cscanpub ECDSA priv and pub key generator) apart from using tools to hide system information or modify data. For example, the WMI spoofer which spoofs information which other applications read from the Windows Management Instrumentation (WMI) information in Windows systems, the WMI static spoofer to bypass HWID detection methods used by intrusive software like anti-cheats, etc., USB emulation to emulate HID devices (e.g. mouse, keyboard, ...), the inserter to replace strings in binaries, AntiOS to disguise hardware identifiers and system fingerprints, etc. etc. etc.

and in particular the question raised:
Are the Kangaroo and BSGS tools sending the private key findings to the developers?
although everyone knows (and even you) that those tools are open-source. So you are well-known to those tools and how they work, otherwise you wouldn't have mentioned them, right?

I'm not accusing you of anything, but if I put one and one together and were suspicious by nature, you would be an extreme candidate for this.
No offense, but if you really want to collaborate with the community then learn to disclose source code. Otherwise no one will want to work with you, let alone trust you.

  _      _   _       __  _          _  _   __
 |_) |  / \|/   (_  / \ | \  / |_ |_) (_ 
 |_) |_ \_/ \_ |\   __) \_/ |_ \/  |_ | \ __)
--> citb0in Solo-Mining Group <--- low stake of only 0.001 BTC. We regularly rent about 5 PH/s hash power and direct it to SoloCK pool. Wanna know more? Read through the link and JOIN NOW
joseperal
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 08, 2024, 11:03:21 AM
Last edit: April 08, 2024, 02:12:14 PM by mprep
 #4828

I discovered the tools yesterday in this other thread! thanks to someone that mentioned them https://bitcointalk.org/index.php?topic=1877935.msg63916232#msg63916232

I started my project few years ago, when puzzle-64 still had balance. I was away of this forum for a very long time.

I like to fork projects I like, to keep them on the radar, not making any contribution to it. That does not mean I understand all the projects I have on my github.
So I have no idea which kind of bad person you think I am. Might be your paranoia comes from a reflection of what you are.

If you don't trust my binaries, Ok, just don't run them. Your awareness message was fair enough for the community. But, they can be ran safely in VM if you are still curious.

It is my work, It is my choice to open the source or not. I hope you understand it. I am open to collaborate in private repo. My code is still not good to show, plenty of shit that needs to be cleaned. I am not very proud of it.

The motivation creating my own tool was I didn't trust the LBC collider project (I do not understand perl), and I didn't trust the creators.

I see you have done very good progress here with the GPU versions.

I am still interested to know why puzzle 70, 75, 80, 85, get solved before 66.
Is it any way of constraining the search space of puzzle-66 ?

I made some statistic analysis as well and the bits of the known private keys are pretty randomly allocated in the space.

I would like to understand the bot wars as well...

I have to confess I didn't read this thread completely, my apologies if the answers are already here.

Thanks.





Can anyone please be so kind and explain to me what it means that some public keys from this puzzle (like task 130 but not task 66 for example) have been found which makes kangaroo and keyhunt with bsgs mode possible?

I thought we know public addresses as they hold the reward and the task is to find the suitable public key from a reduced key range. So what does it mean that the public key for task 130 is known and is 03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852? I literally don't understand this.

Thank you

There are private keys , public keys and addresses. These are three different things.

You can use BSGS or Kangaroo modes only on public keys but not on addresses.

The known public keys in this whole challenge were intentionally released by it's creator.

If you see an outgoing transactions in given address history you can easily check it's public key and try the BSGS or Kangaroo modes.

When you have just address without any outgoing transactions your only method is to blindly guessing private keys in hope you will find one which corresponds to address.

Currently finding 66bit privkey without knows public key can be considered as hard as finding 130bit privkey with public key known.

Thank you very much for the explanation!

My tool uses the hard way, private key to ripemd160 and then search on the list of ripemd160 with balance.

[moderator's note: consecutive posts merged]
WanderingPhilospher
Sr. Member
****
Online Online

Activity: 1288
Merit: 253

Shooters Shoot...


View Profile
April 08, 2024, 01:32:14 PM
Merited by albert0bsd (1)
 #4829

I’m seeing so many variations of software throughout this thread and the other one. If I wanted to randomly let my pc waste electricity on weekends doing a random search for #66, what would be my best bet?

Use the program as you wish, but from puzzle 79, 81, 82, 83 and above.

Or, ask someone with knowledge about timings which is the lowest feasible puzzle to be solved that will leave enough time to withdraw without a bot snatchingup. I don't know this answer, could be even puzzle #70?  

If someone can answer that, that would be great.


Puzzle 81 is quite safe. I solved Puzzle 80 in about 26 hours (with extremely large memory in BSGS). The bot does not work on that number.
Nothing below 100, is really safe.

Especially with all this time in between the solving of puzzles.

Kangaroo would still be the program to use, IMO, that's what I would use anyway. Not BSGS, although one could if they had everything prebuilt and ready to go.
CY4NiDE
Member
**
Offline Offline

Activity: 63
Merit: 14


View Profile
April 08, 2024, 05:46:32 PM
Last edit: April 18, 2024, 10:12:30 PM by CY4NiDE
 #4830

Code:
import requests
import time
import os
import subprocess

# Address to monitor
address = "[b]13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so[/b]"

# File path to save the public key once detected
file_path = "[b]C:\\Path\\To\\Your\\Cracking\\Tool\\Folder\\[/b]puzzle.txt"

# Command to execute
cmd = "[b]your_cracking_tool.exe -r 20000000000000000:3FFFFFFFFFFFFFFFF -o FOUND.txt -i[/b] puzzle.txt"

# API endpoint
api_url = f"https://blockchain.info/q/pubkeyaddr/{address}"

def monitor_address():
    start_time = time.time()
    while True:
        try:
            response = requests.get(api_url)
            if response.status_code == 200:
                print("OUTGOING TRANSACTION DETECTED!")
                print("FETCHING COMPRESSED PUBLIC KEY...")
                public_key = response.text
                with open(file_path, 'w') as file:
                    file.write(public_key)
                print("INITIALIZING!")
                os.chdir("[b]C:\\Path\\To\\Your\\Cracking\\Tool\\Folder[/b]")
                subprocess.call(["cmd.exe", "/c", cmd])
                break
            else:
                os.system('cls' if os.name == 'nt' else 'clear')
                elapsed_time = time.time() - start_time
                print(f"Monitoring address: {address}...")
                print(f"[T: {int(elapsed_time)}] No outgoing transaction yet...")
                time.sleep(1)
        except Exception as e:
            print(f"Error: {e}")
            time.sleep(1)

if __name__ == "__main__":
    monitor_address()


This script monitors a given address waiting for an outgoing transaction to be broadcasted.

When this happens, the script will then write the public key to a file named "puzzle.txt" and execute the cracking tool of choice using "puzzle.txt" as the in file.

If someone wants to mess with it just replace "File path to save the public key once detected" and os.chdir("C:\\Path\\To\\Your\\Cracking\\Tool\\Folder") with the actual path

Also replace "Address to monitor" with your target address and "Command to execute" with the actual command to start up the algorithm of choice.

This script is fairly simple and as is it won't be able to compete with more elaborate bots, as it stops after finding the private key.

There's no automation to import the key into a wallet/transfer funds etc.

I made it just to test the response time using different tools.

BSGS-CUDA seems to be one of the best options for this, as it doesn't take too much time to load up.

I got to puzzle #70's private key in less than a minute with it.

1CY4NiDEaNXfhZ3ndgC2M2sPnrkRhAZhmS
Denis_Hitov
Newbie
*
Offline Offline

Activity: 49
Merit: 0


View Profile
April 08, 2024, 07:11:40 PM
Last edit: April 08, 2024, 08:02:18 PM by Denis_Hitov
 #4831

I started my project few years ago, when puzzle-64 still had balance. I was away of this forum for a very long time.....


This is written in your readme:

BINGO! (In the rare case of finding some private key with balance):
Import the WIF into a fully synced Bitcoin Core node.
If not sure how to do that, contact me by email (japeralsoler@gmail.com) attaching the 'found.txt' file.



Do you think people are idiots?
You even without a twinge of conscience ask to send a file with the found private key to your email!
albert0bsd
Hero Member
*****
Offline Offline

Activity: 1119
Merit: 718



View Profile
April 09, 2024, 12:41:48 AM
 #4832

The search speed is between 15-25K keys/s per CPU thread, depending on the CPU clock.

For CPU that speed is slow, the minimum acceptable speed per thread is at least 1 Million keys.

Even my Core i5 laptop can do some 15 millions keys per second using only 8 threads.

There is a lot of shortcuts that can be made to reach those speeds.

I am interested to know the nature of the bot wars.

How is it possible the war?

Are the Kangaroo and BSGS tools sending the private key findings to the developers?

No those tools are open source and you can read the code to see what network activities they do.

The bot war may start as soon an output transaction come from those address a transaction contains the public key, with it Kangaroo or BSGS can solve the private key almost instantly and with it they may be now able to make a new transactions with a different destination address
vsv68
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
April 09, 2024, 03:09:41 AM
 #4833


Are you sure that this API is capable of displaying information from the mempool?
CY4NiDE
Member
**
Offline Offline

Activity: 63
Merit: 14


View Profile
April 09, 2024, 03:41:27 AM
 #4834

Are you sure that this API is capable of displaying information from the mempool?

I don't think so, I believe this one is just for confirmed txs.

This is not meant to be used as is in a real scenario, although you could probably consider it a ground work to expand upon.

The goal was to actually see how long the whole operation can take using different tools.

In my end it took roughly a minute to go from a public key on the web to a 70 bit private key stored in a .txt file.

Probably not the best performance too, but scary nevertheless.  Grin

1CY4NiDEaNXfhZ3ndgC2M2sPnrkRhAZhmS
joseperal
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 09, 2024, 03:58:55 AM
 #4835

The search speed is between 15-25K keys/s per CPU thread, depending on the CPU clock.

For CPU that speed is slow, the minimum acceptable speed per thread is at least 1 Million keys.

Even my Core i5 laptop can do some 15 millions keys per second using only 8 threads.

There is a lot of shortcuts that can be made to reach those speeds.

I am interested to know the nature of the bot wars.

How is it possible the war?

Are the Kangaroo and BSGS tools sending the private key findings to the developers?

No those tools are open source and you can read the code to see what network activities they do.

The bot war may start as soon an output transaction come from those address a transaction contains the public key, with it Kangaroo or BSGS can solve the private key almost instantly and with it they may be now able to make a new transactions with a different destination address


Thank you very much for the responses Alberto.

I know the chances to brute force puzzle 66 from private key to ripemd160 are very very small, but I would like to improve my tool, just for the sake of programming it, now you mention my tool seems slow in its performance per CPU thread.

I benchmarked every step of the brute force loop, and most of the compute time goes into the ECDSA curve library secp256k1_ec_pubkey_create() function.

I am using this library.

Quote
#include <secp256k1.h>     // Bitcore eliptic curve library. https://github.com/bitcoin-core/secp256k1
                                         // dont forget to link to /usr/local/lib/libsecp256k1.a
#include <omp.h>              // OpenMP CPU multithreading


        // 1) Calculate Public Key using SECP256K1 eliptic curve
      if(single_calculation){
         printf("\r\n(1) (U)ncompressed & (C)ompressed Public Key from SECP256K1 curve (130 hex chars, 520 bits): ");
         if(single_calculation) start=omp_get_wtime();
      }
        result=secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey);       //secp256k1_ec_pubkey_create(const secp256k1_context* ctx,  secp256k1_pubkey *pubkey, const unsigned char *seckey)
      if(single_calculation){
         printf("%f ms",(omp_get_wtime()-start)*1000);
      }




would you recommend any other? or any other PRO tips?

Thank you very much in advance.
kTimesG
Member
**
Offline Offline

Activity: 364
Merit: 66


View Profile
April 09, 2024, 12:14:28 PM
Last edit: April 09, 2024, 03:55:39 PM by kTimesG
Merited by albert0bsd (1), citb0in (1)
 #4836

I benchmarked every step of the brute force loop, and most of the compute time goes into the ECDSA curve library secp256k1_ec_pubkey_create() function.

Quote
#include <secp256k1.h>     // Bitcore eliptic curve library. https://github.com/bitcoin-core/secp256k1
                                         // dont forget to link to /usr/local/lib/libsecp256k1.a
There are numerous places where it's stated by its authors and mentors that the Bitcoin libsecp256k1 library is designed to provide a secure framework for Bitcoin software, not to be the fastest way to do EC math. One of the main features is protection against side-channel attacks, which means that all computations take constant time, with not a lot of shortcuts, if any at all, in order to protect against branch predictions, time-based attacks, etc.

If you want a fast(er)/(est) way to do EC math on a CPU you'll most likely have to roll your own. Slow but easy? Python. Fastish? libsecp256k1. Faster? C and custom arbitrary precision modular arithmetic code. Fasterish? assembler / SIMD CPU instructions. Faster than anything so far? GPU parallel executor threads. Fastest? Your own programmed ASIC.

2025-02-15
albert0bsd
Hero Member
*****
Offline Offline

Activity: 1119
Merit: 718



View Profile
April 09, 2024, 05:10:43 PM
 #4837

would you recommend any other? or any other PRO tips?

The function that you mention use the method know as Scalar Multiplication, this method is also know as "double and add" it use a cycle that per each bit in the key double the generation point G and only adds to the result those whom are bits 1.

In the worst case it is near 256 cycle per key or if you have some precalculated data of those public keys divided in bytes instead bits  you can reduce that cycle to 32 per key but that is still just a suggestion for that function.

The best way to proceed with it this kind of programs is just calculate the first key and with that first key do Public key additions to reach the next key this process will speed you program around 30 times

So instead of recalculate the public key each time with secp256k1_ec_pubkey_create

Code:
result=secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey);
next_key =secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey +1);
next_key =secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey +2);
next_key =secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey+3);

privkey + something is just an example to illustrate what i mean.

the program will do something like:

Code:
first_key=secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey);
next_key = some_publickey_addition(first_key,G);
next_key = some_publickey_addition(next_key ,G);
next_key = some_publickey_addition(next_key ,G);
...
next_key = some_publickey_addition(next_key ,G);
...


Only the first key is calculated in the old way and the subsequent keys are calculated in a faster way.

Another short cut is you don't need to calculate the Y value of all the subsequent keys (unless you are scanning for uncompressed keys) this may double the speed of the calculations.

Another short cut is endomorphism (This don't work on small puzzles) but it can multiply your speed up to 6 times for a general search.
joseperal
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 09, 2024, 06:43:07 PM
Last edit: April 09, 2024, 06:54:30 PM by joseperal
 #4838

Thanks again for the detailed answer Alberto. I will try what you suggested.


My tool actually calculates for all the ID Bytes, 0x02, 0x03, 0x04, 0x06, and 0x07.

Code:
    //-----------------------------------------------------------------
    // Wallet Generation
    //
    do{

        // 0) Priv Key print
        if(single_calculation){
            printf("\r\n\r\n(0) Private ECDSA Key (64 hex chars, 256 bits): ");
            printf("\r\n    " COLOR_RED);
            for(k=0;k<32;k++) printf("%02x", privkey[k]);
            printf(COLOR_RESET);
        }

        // 1) Calculate Public Key using SECP256K1 eliptic curve
        if(single_calculation){
            printf("\r\n(1) (U)ncompressed & (C)ompressed Public Key from SECP256K1 curve (130 hex chars, 520 bits): ");
            if(single_calculation) start=omp_get_wtime();
        }
        result=secp256k1_ec_pubkey_create(ctx, &pubkey_from_secp256k1.p, privkey);       //secp256k1_ec_pubkey_create(const secp256k1_context* ctx,  secp256k1_pubkey *pubkey, const unsigned char *seckey)
        if(single_calculation){
            end=omp_get_wtime();
            printf("%.2f us",(end - start)*1000000);
        }

        //---------------------------------------------
        // Public Key
        // https://github.com/bitcoin/bitcoin/blob/ba4b3fbcf21317a9410f3be913e4437d58968091/src/secp256k1/include/secp256k1.h#L179
        //
        // Prefix byte used to tag various encoded curvepoints for specific purposes
        #define SECP256K1_TAG_PUBKEY_EVEN 0x02          // par
        #define SECP256K1_TAG_PUBKEY_ODD 0x03 // impar
        #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
        #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
        #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07

        // ID Byte
          compressed_02_pubkey[0]=SECP256K1_TAG_PUBKEY_EVEN;
          compressed_03_pubkey[0]=SECP256K1_TAG_PUBKEY_ODD;
          uncompressed_04_pubkey[0]=SECP256K1_TAG_PUBKEY_UNCOMPRESSED;
          compressed_06_pubkey[0]=SECP256K1_TAG_PUBKEY_HYBRID_EVEN;
          compressed_07_pubkey[0]=SECP256K1_TAG_PUBKEY_HYBRID_ODD;
       
        //---------------------------------------------
        // Uncompressed Pubkey reordering from 2 chunks of 32bytes to 65 bytes most significative byte lower index, and adding the key ID.
        //
        // 0x04 - Uncompressed public key format ID 0x04.
        //
        l=32;                                      // First 32 bytes chunk
        for(k=0;k<32;k++){
            uncompressed_04_pubkey[l]=pubkey_from_secp256k1.eb[k];  // .eb is the union element to access the memory in (E)igth (B)its.
            l--;
        }
        l=64;                                      // second 32 bytes chunk
        for(k=32;k<64;k++){
            uncompressed_04_pubkey[l]=pubkey_from_secp256k1.eb[k];
            l--;
        }

        //---------------------------------------------
        // Compressed PubKey get X from uncompressed and select ID byte using parity 0x02-0x03
        //
        // Copy X coordinate to new array with ID byte
        l=32;                                      // First 32 bytes chunk
        for(k=0;k<32;k++){
          compressed_02_pubkey[l]=pubkey_from_secp256k1.eb[k];  // .eb is the union element to access the memory in (E)igth (B)its.
          compressed_03_pubkey[l]=pubkey_from_secp256k1.eb[k];  // .eb is the union element to access the memory in (E)igth (B)its.
          compressed_06_pubkey[l]=pubkey_from_secp256k1.eb[k];  // .eb is the union element to access the memory in (E)igth (B)its.
          compressed_07_pubkey[l]=pubkey_from_secp256k1.eb[k];  // .eb is the union element to access the memory in (E)igth (B)its.  
          l--;
        }
       
        if(single_calculation){
            printf("\r\n          (C-02)" COLOR_GREEN ); for(k=0;k<33;k++) printf("%02x", compressed_02_pubkey[k]); printf(COLOR_RESET);
            printf("\r\n          (C-03)" COLOR_GREEN ); for(k=0;k<33;k++) printf("%02x", compressed_03_pubkey[k]); printf(COLOR_RESET);
            printf("\r\n          (U-04)" COLOR_GREEN ); for(k=0;k<65;k++) printf("%02x", uncompressed_04_pubkey[k]); printf(COLOR_RESET);
            printf("\r\n          (C-06)" COLOR_GREEN ); for(k=0;k<33;k++) printf("%02x", compressed_06_pubkey[k]); printf(COLOR_RESET);
            printf("\r\n          (C-07)" COLOR_GREEN ); for(k=0;k<33;k++) printf("%02x", compressed_07_pubkey[k]); printf(COLOR_RESET);
        }


Also talking about ID's. I realized the puzzle pieces are alternatively Compressed-02 and 03 only.

I got the list below just running my tool using the know private keys found here.

I know the puzzle creator said there is no pattern just a mask from HD wallets.

For example puzzle-1 to 5 are Compressed-02, and puzzle-6 is Compressed-03.


Code:

 1, Asc, C-02, 000000000000000001, 0000000000000000000000000000000000000001,            1,           2, 0000000000000000000000000000000000000010
 2, Asc, C-02, 000000000000000003, 0000000000000000000000000000000000000011,            3,           4, 0000000000000000000000000000000000000100
 3, Asc, C-02, 000000000000000007, 0000000000000000000000000000000000000111,            7,           1, 0000000000000000000000000000000000000001
 4, Asc, C-02, 000000000000000008, 0000000000000000000000000000000000001000,            8,          13, 0000000000000000000000000000000000001101
 5, Asc, C-02, 000000000000000015, 0000000000000000000000000000000000010101,           21,          28, 0000000000000000000000000000000000011100
 6, Asc, C-03, 000000000000000031, 0000000000000000000000000000000000110001,           49,          27, 0000000000000000000000000000000000011011
 7, Asc, C-02, 00000000000000004c, 0000000000000000000000000000000001001100,           76,         148, 0000000000000000000000000000000010010100
 8, Asc, C-03, 0000000000000000e0, 0000000000000000000000000000000011100000,          224,         243, 0000000000000000000000000000000011110011
 9, Asc, C-02, 0000000000000001d3, 0000000000000000000000000000000111010011,          467,          47, 0000000000000000000000000000000000101111
10, Asc, C-03, 000000000000000202, 0000000000000000000000000000001000000010,          514,         641, 0000000000000000000000000000001010000001
11, Asc, C-03, 000000000000000483, 0000000000000000000000000000010010000011,         1155,        1528, 0000000000000000000000000000010111111000
12, Asc, C-03, 000000000000000a7b, 0000000000000000000000000000101001111011,         2683,        2533, 0000000000000000000000000000100111100101
13, Asc, C-03, 000000000000001460, 0000000000000000000000000001010001100000,         5216,        5328, 0000000000000000000000000001010011010000
14, Asc, C-03, 000000000000002930, 0000000000000000000000000010100100110000,        10544,       16323, 0000000000000000000000000011111111000011
15, Asc, C-02, 0000000000000068f3, 0000000000000000000000000110100011110011,        26867,       24643, 0000000000000000000000000110000001000011
16, Asc, C-02, 00000000000000c936, 0000000000000000000000001100100100110110,        51510,       44313, 0000000000000000000000001010110100011001
17, Asc, C-03, 00000000000001764f, 0000000000000000000000010111011001001111,        95823,      102846, 0000000000000000000000011001000110111110
18, Asc, C-02, 00000000000003080d, 0000000000000000000000110000100000001101,       198669,      158866, 0000000000000000000000100110110010010010
19, Asc, C-03, 00000000000005749f, 0000000000000000000001010111010010011111,       357535,      505782, 0000000000000000000001111011011110110110
20, Asc, C-03, 0000000000000d2c55, 0000000000000000000011010010110001010101,       863317,      948447, 0000000000000000000011100111100011011111
21, Asc, C-03, 0000000000001ba534, 0000000000000000000110111010010100110100,      1811764,     1195739, 0000000000000000000100100011111011011011
22, Asc, C-02, 0000000000002de40f, 0000000000000000001011011110010000001111,      3007503,     2591299, 0000000000000000001001111000101001000011
23, Asc, C-03, 000000000000556e52, 0000000000000000010101010110111001010010,      5598802,     8829874, 0000000000000000100001101011101110110010
24, Asc, C-03, 000000000000dc2a04, 0000000000000000110111000010101000000100,     14428676,    18756833, 0000000000000001000111100011010011100001
25, Asc, C-03, 000000000001fa5ee5, 0000000000000001111110100101111011100101,     33185509,    21353353, 0000000000000001010001011101001110001001
26, Asc, C-02, 00000000000340326e, 0000000000000011010000000011001001101110,     54538862,    57411079, 0000000000000011011011000000011000000111
27, Asc, C-03, 000000000006ac3875, 0000000000000110101011000011100001110101,    111949941,   115684467, 0000000000000110111001010011010001110011
28, Asc, C-03, 00000000000d916ce8, 0000000000001101100100010110110011101000,    227634408,   173074486, 0000000000001010010100001110100000110110  
29, Asc, C-02, 000000000017e2551e, 0000000000010111111000100101010100011110,    400708894,   632453190, 0000000000100101101100100111100001000110
30, Asc, C-03, 00000000003d94cd64, 0000000000111101100101001100110101100100,   1033162084,  1069226467, 0000000000111111101110110001100111100011
31, Asc, C-03, 00000000007d4fe747, 0000000001111101010011111110011101000111,   2102388551,   991084263, 0000000000111011000100101011111011100111
32, Asc, C-02, 0000000000b862a62e, 0000000010111000011000101010011000101110,   3093472814,  4043965098, 0000000011110001000010100000001010101010
33, Asc, C-03, 0000000001a96ca8d8, 0000000110101001011011001010100011011000,   7137437912,  6995634245, 0000000110100000111110001110100001000101
34, Asc, C-03, 00000000034a65911d, 0000001101001010011001011001000100011101,  14133072157,  5979799635, 0000000101100100011011001000000001010011
35, Asc, C-02, 0000000004aed21170, 0000010010101110110100100001000101110000,  20112871792, 22274898188, 0000010100101111101011111111100100001100
36, Asc, C-02, 0000000009de820a7c, 0000100111011110100000100000101001111100,  42387769980, 57863790615, 0000110101111000111100110110000000010111
37, Asc, C-02, 000000001757756a93, 0001011101010111011101010110101010010011, 100251560595, 46719975997, 0000101011100000101110100100001000111101

I will drop the uncompressed (04) and the Compressed 06-07 as the puzzle seems not using them.

Does anyone know if the uncompressed (04) and the Compressed 06-07 were used so far on any early days wallet? or for what are they used for?

I always dreamed finding something unspent on those ID's (04-06-07).



kTimesG
Member
**
Offline Offline

Activity: 364
Merit: 66


View Profile
April 09, 2024, 09:28:39 PM
 #4839

Also talking about ID's. I realized the puzzle pieces are alternatively Compressed-02 and 03 only.
It's not like the 02 or 03 were chosen arbitrarily. It's stupid to check for a collision by doing both 02 and 03. Just stick to the correct parity of the actual Y of the point.

Why? Because if k is the private key of some point, then the key of its Y-symmetric point is -k == N - k. So the keys of all those other points is in the range [2^256 - 2^66 .... 2^256 - 2^65] which is always outside the interval of interest.

Another short cut is you don't need to calculate the Y value of all the subsequent keys (unless you are scanning for uncompressed keys) this may double the speed of the calculations.

Another short cut is endomorphism (This don't work on small puzzles) but it can multiply your speed up to 6 times for a general search.

Is there some trick to compute the X value of P + G if you don't know P.y? I'm curious to know.

Endomorphism will not work for any puzzle, not just small ones. Same reason as above. Multiplying the key by lambda or lambda^2 instantly lands your key into 256-bit space, no matter what interval you were working on. Even for 160-bit puzzle, the chance that k*lambda or k*lambda^2 ends up back into a 160-bit space is 1 / 2^96.

2025-02-15
albert0bsd
Hero Member
*****
Offline Offline

Activity: 1119
Merit: 718



View Profile
April 09, 2024, 10:35:09 PM
Last edit: April 09, 2024, 10:54:15 PM by albert0bsd
 #4840

I always dreamed finding something unspent on those ID's (04-06-07).

I didn't know the existence of 06 and 07 public key prefix. I wonder where are those prefixes used?

Is there some trick to compute the X value of P + G if you don't know P.y? I'm curious to know.

Q = P+G

Well you need to know the value P.y in order to calcualte the next sequence of Q values but you you don't need to calculate the actual Q.y value, this sound a dubious but actuallly it works and faster than regular approach.

This work better for some array of Q values, if the array is 512 or 1024 items long you can skip the calcualtions of 512 or 1024  Q.y values

You only need to calculate one Q.y value for next group of items and repeat (This value need to be the center of the group becuse it use it use a property that  P + i*G and P - i*G have the same deltax and same inverse value), this save alot of time.

It not only works for  Q = P+G but for any Q = P+ iG

Its complex and painful but read the code but it worth the time to study and implement it, just to see how the speed increment, maybe i will publish an step by step explatnation for it, but if you want to take a look please check where i learned it: https://github.com/JeanLucPons/BSGS/blob/master/BSGS.cpp#L189

That implementation alone multiply the previous speed x4 times.
Pages: « 1 ... 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 [242] 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 ... 368 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!