Bitcoin puzzle transaction ~32 BTC prize to who solves it

[nomachine]

Here's the reality: /dev/urandom is not a secure random number generator.

What kind of security are you talking about when we a brute-force  BTC here?
I want to crack the random number generator not to improve it !  
To break down random.seed. Here is example:

Code:

import random
import os
import time
import secp256k1 as ice

puzzle = 30
target = "d39c4704664e1deb76c9331e637564c257d68a08"
lower_range_limit = 2 ** (puzzle - 1)
upper_range_limit = (2 ** puzzle) - 1

start_time = time.time()

for x in range(10000000):
    #Random seed Config
    #constant_prefix = b''  #back to no constant
    constant_prefix = b'yx\xcb\x08\xb70l'
    prefix_length = len(constant_prefix)
    length = 8
    ending_length = length - prefix_length
    ending_bytes = os.urandom(ending_length)
    random_bytes = constant_prefix + ending_bytes
    random.seed(random_bytes)
    dec = random.randint(lower_range_limit, upper_range_limit)
    h160 = ice.privatekey_to_h160(0, True, dec).hex()
    if h160 == target:
        HEX = "%064x" % dec
        caddr = ice.privatekey_to_address(0, True, dec)
        wifc = ice.btc_pvk_to_wif(HEX)
        print("Bitcoin address Compressed: " + caddr)
        print("Private Key (decimal): " + str(dec))
        print("Private key (wif) Compressed : " + wifc)
        print(f"Random seed: {random_bytes}")
        break

end_time = time.time()
execution_time_ms = (end_time - start_time) * 1000

print("Execution Time (ms):", execution_time_ms)

This is a millisecond puzzle 30 solver.

Bitcoin address Compressed: 1LHtnpd8nU5VHEMkG2TMYYNUjjLc992bps
Private Key (decimal): 1033162084
Private key (wif) Compressed : KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M8diLSC5MyERoW
Random seed: b'yx\xcb\x08\xb70l\xf1'
Execution Time (ms): 2.8727054595947266

[k3ntINA]

Code:

1 3 7 8
21 49 76
224 467 514
1155 2683 5216
10544 26867 51510 95823
198669 357535 863317
1811764 3007503 5598802
14428676 33185509 54538862
111949941 227634408 400708894
1033162084 2102388551 3093472814 7137437912
14133072157 20112871792 42387769980
100251560595 146971536592 323724968937
1003651412950 1458252205147 2895374552463 7409811047825
15404761757071 19996463086597 51408670348612
119666659114170 191206974700443 409118905032525 611140496167764
2058769515153876 4216495639600700 6763683971478124 9974455244496707
30045390491869460 44218742292676575
138245758910846492 199976667976342049 525070384258266191
1135041350219496382 1425787542618654982 3908372542507822062 8993229949524469768
17799667357578236628 30568377312064202855 ********************  
********************* ********************* ********************* 970436974005023690481

Code:

1 3 7 8
15 31 4C E0
1D3 202 483 A7B
1460 2930 68F3 C936
1764F 3080D 5749F D2C55
1BA534 2DE40F 556E52 DC2A04
1FA5EE5 340326E 6AC3875 D916CE8
17E2551E 3D94CD64 7D4FE747 B862A62E
1A96CA8D8 34A65911D 4AED21170 9DE820A7C
1757756A93 22382FACD0 4B5F8303E9 E9AE4933D6
153869ACC5B 2A221C58D8F 6BD3B27C591 E02B35A358F
122FCA143C05 2EC18388D544 6CD610B53CBA ADE6D7CE3B9B
174176B015F4D 22BD43C2E9354 75070A1A009D4 EFAE164CB9E3C
180788E47E326C 236FB6D5AD1F43 6ABE1F9B67E114 9D18B63AC4FFDF
1EB25C90795D61C 2C675B852189A21 7496CBB87CAB44F FC07A1825367BBE
13C96A3742F64906 363D541EB611ABEE 7CCE5EFDACCF6808 F7051F27B09112D4
1A838B13505B26867  

[kTimesG]

Code:

1 3 7 8
15 31 4C E0
// rest of crap

Do you honestly want someone to waste their time explaining to you again how (hexa)decimal numbers work, and why they start with either a 1 2 3 6 7 .. E F (hint: the Nth left-most bit in any solution in range N is always 1, so the first digit in any base you'd use is biased)) and so on and why they magically get aligned in your horoscope circle (another hint: every solution is 1 bit longer than the previous one)

Send me 0.1 BTC and I will happily waste 6h explaining to you in detail (a 2nd time) why those arms get aligned in your circle and why you see those patterns. But you refuse to want to understand that there's nothing magical or unexpected in what you are doing there. You're the kid playing in the sand while the teenagers are trying to break down the building using resonance pulse generators. The adults are laughing their ass off watching us and don't even bother while waiting for the quantum bulldozer to arrive.

What kind of security are you talking about when we a brute-force  BTC here?
I want to crack the random number generator not to improve it !  

You only do around 128 loops on average, 2 milliseconds is very slow in this case. A regular single threaded C code can do around 20000 EC point additions in the same amount of time, and find any 30-bit private key.

We need to know
- what OS the creator was using in 2015 (break down kernel's code, emulate it)
- the code he used, search for vulnerabilities in it
- exact entropy state at the moment the presumed RNG was initialized and at every step of getting a next value

For example /dev/urandom reseeds itself from new entropy every now and then, that's yet another issue after potentially cracking its previous state somehow. I doubt the creator blindly used some simple deterministic 32-bit RNG such as the textbook merseinne twister one in the lowest level libc of the OS. Or that the higher level framework (deterministic wallet?) did such a nooby mistake as well.

[Tepan]

There are algorithms that are actually getting the uniform real randomness (not some deterministic PRNG bullshit like someone mentioned earlier, I mean really lol? Haven't they heard about os.urandom and how it works?)

Code:

import os, sys, random
import time

min_range = 18446744073709551615
max_range = 36893488147419103231
counter = 0  # Initialize counter
start_time = time.time()

while True:
    random_bytes = os.urandom(9)
    initial_bytes = b'\x00' * 23
    full_bytes = initial_bytes + random_bytes
    dec = int.from_bytes(full_bytes, byteorder='big')
    counter += 1  # Increment counter
    message = "\rPrivate Keys per second: {:.2f}".format(counter / (time.time() - start_time))
    messages = []
    messages.append(message)
    output = "\033[01;33m" + ''.join(messages) + "\r"
    sys.stdout.write(output)
    sys.stdout.flush()
    if min_range <= dec <= max_range:
       if dec == 30568377312064202855:
          print("\nSeed :", random_bytes)
          print("Generated number:", dec)
          break

This is Python script that will test os.urandom speed.
The example works for Puzzle 65. There is no hash or secp256k1 operations here - just numbers.
Result is (on my PC) :
Private Keys per second: 170893.39

Do you know how many numbers need to be generated per second to find Puzzle 65 in 10 minutes?

30744573456182586  Private Keys per second !

It's an mission impossible . Even in C++

We need Grey aliens hardware to solve this. From Zeta Reticuli  

Experiments with your python codes on rust language

use std::time::{Instant, Duration};
use std::io::{self, Write};

const UPDATE_INTERVAL: u64 = 1000000; // Update progress every 1 million iterations

fn main() {
    // Input minimum and maximum ranges in hexadecimal format
    let min_range_hex = "100000000";
    let max_range_hex = "1ffffffff";

    // Convert hexadecimal strings to u128 values
    let min_range: u128 = u128::from_str_radix(min_range_hex, 16).unwrap();
    let max_range: u128 = u128::from_str_radix(max_range_hex, 16).unwrap();

    let start_time = Instant::now();
    let mut counter = 0u64;

    let stdout = io::stdout();
    let mut handle = stdout.lock();

    for num in min_range..=max_range {
        counter += 1;

        if counter % UPDATE_INTERVAL == 0 || num == max_range {
            print_progress(&mut handle, num, counter, start_time.elapsed());
        }

        // Break the loop if the generated number matches a specific value
        if num == 0x1a96ca8d8 {
            writeln!(&mut handle, "\nGenerated number (decimal): {}", num).unwrap();
            break;
        }
    }
}

// Function to print progress to stdout
fn print_progress(handle: &mut io::StdoutLock, num: u128, counter: u64, elapsed_time: Duration) {
    let private_keys_per_second = counter as f64 / elapsed_time.as_secs_f64();
    let hex_representation = format!("{:#X}", num);

    // Move cursor to the beginning of the line and clear it
    print!("\r\x1B[K");

    // Write the output to stdout in a single line
    print!("{} | {:.2} keys/s", hex_representation, private_keys_per_second);
    handle.flush().unwrap();
}


Result
0x1A96CA8D8 | 82762283.93 keys/s
Generated number (decimal): 7137437912

single thread, M2 Proc.

[mochi86_]

I'm getting brainrot trying to understand this conspiracy theorist LMFAO

Rotating the keys in a circle ain't gonna do crap, that's simply not how it works. If this "theory" were to be even the slightest bit true, why haven't you solved anything with it? Why keep trying to persuade the rest who hardly believe by presenting the same dam spiral-y weird thing and say "CoInCiDeNcE? I tHiNk NoT!!"?

If you think your "theory" is worth the time, waste your own time trying to use your "theory" and see where it takes you cuz clearly, everyone else believes you're just a delusional guy. Wanna prove them wrong? Then do something with it, solve a puzzle with it or something. Show the evidence it works to solve anything. Otherwise, you really are just wasting time yapping and yapping about something that never was.

[nomachine]

Experiments with your python codes on rust language

You have here my full Puzzle sctipt in Rust:
https://bitcointalk.org/index.php?topic=1306983.msg63539973#msg63539973
It's very fast. Same as C++
But when you put Puzzle 66 and above as a test, everything is slow. Without a public key, I can only scratch my head.

[Tepan]

Experiments with your python codes on rust language

You have here my full Puzzle sctipt in Rust:
https://bitcointalk.org/index.php?topic=1306983.msg63539973#msg63539973
It's very fast. Same as C++
But when you put Puzzle 66 and above as a test, everything is slow. Without a public key, I can only scratch my head.

ahahah soo hilarious.

Try test with custom script address build then, it's faster.
private key > Compresssed public key > custom script > address format.

i try that method it's faster enough.

[nomachine]

Experiments with your python codes on rust language

You have here my full Puzzle sctipt in Rust:
https://bitcointalk.org/index.php?topic=1306983.msg63539973#msg63539973
It's very fast. Same as C++
But when you put Puzzle 66 and above as a test, everything is slow. Without a public key, I can only scratch my head.

ahahah soo hilarious.

Try test with custom script address build then, it's faster.
private key > Compresssed public key > custom script > address format.

i try that method it's faster enough.

I would like someone to make a Pollard's kangaroo for SECPK1 in Rust. Maybe it could work faster, Rust programs also optimize quite well, sometimes better than C. Enforces thread-safety of all code and data, even in 3rd party libraries.
It has incredible possibilities for compiling. I was able to run this on an ARM processor as well on Amd Zen 2, 3 and 4

 on almost everything.....on potatoe 

https://doc.rust-lang.org/rustc/platform-support.html


It's a pity that I don't have more time to deal with this.

[kTimesG]

Result
0x1A96CA8D8 | 82762283.93 keys/s
Generated number (decimal): 7137437912

single thread, M2 Proc.

Here's the ultimate private key cracking tool.

Code:

int main() {
   const uint64_t minRange = 0x100000000;
   const uint64_t maxRange = 0x1ffffffff;
   const uint64_t magic_number = 0x1a96ca8d8 - minRange;
   uint64_t max = maxRange - minRange + 1;      // range size
   uint64_t speed;
   uint64_t count = 0;

   struct timespec start, ticks;
   clock_gettime(CLOCK_MONOTONIC, &start);

   while (max--) {
        if (count == magic_number) {
            printf("Generated number: %16llx\n", count + minRange);
//            break;
        }

        ++count;
    }

    clock_gettime(CLOCK_MONOTONIC, &ticks);
    uint64_t ns = (ticks.tv_sec - start.tv_sec) * 1000000000ULL + ticks.tv_nsec - start.tv_nsec;
    // avoid 64-bit overflow
    speed = count * 1000000ULL / (ns / 1000);
    printf("Ops: %llu speed: %llu ops/s\n", count, speed);

    return 0;
}

Generated number:        1a96ca8d8
Ops: 4294967296 speed: 3099732241 ops/s

Apple M1, single thread.

I would like someone to make a Pollard's kangaroo for SECPK1 in Rust. Maybe it could work faster, Rust programs also optimize quite well, sometimes better than C. Enforces thread-safety of all code and data, even in 3rd party libraries.
It has incredible possibilities for compiling. I was able to run this on an ARM processor as well on Amd Zen 2, 3 and 4

We're bounded by secp256k1 field operations, it can't work faster than what a CPU is capable of. I made a kangaroo in plain C, and the bottleneck is the EC point addition, I can't squeeze out more than 852.000 affine point additions per second (the only speed up would be some assembler code). If someone finds a magical way to find an scale-invariant hash of a Jacobian point it would run 10x faster though. Otherwise we're stuck with having to compute a modular inverse at every kangaroo jump, and no programming language can save you from this limitation.

[nomachine]

I can't squeeze out more than 852.000 affine point additions per second

I have 249457 hops per second in python  converting this script with cpython into .so

Code:

import time
import os
import sys
import random
import secp256k1 as ice
import gmpy2

if os.name == 'nt':
    os.system('cls')
else:
    os.system('clear')
t = time.ctime()
sys.stdout.write(f"\033[?25l")
sys.stdout.write(f"\033[01;33m[+] Kangaroo: {t}\n")
sys.stdout.flush()

modulo = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
order = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141)
Gx = gmpy2.mpz(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
Gy = gmpy2.mpz(0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)

# Define Point class
class Point:
    def __init__(self, x=0, y=0):
        self.x = gmpy2.mpz(x)
        self.y = gmpy2.mpz(y)

PG = Point(Gx, Gy)
Z = Point(0, 0)  # zero-point, infinite in real x, y - plane

def add(P, Q, p=modulo):
    if P == Z:
        return Q
    elif Q == Z:
        return P
    elif P.x == Q.x and (P.y != Q.y or P.y == 0):
        return Z
    elif P.x == Q.x:
        m = (3 * P.x * P.x) * gmpy2.invert(2 * P.y, p) % p
    else:
        m = (Q.y - P.y) * gmpy2.invert(Q.x - P.x, p) % p
  
    x = (m * m - P.x - Q.x) % p
    y = (m * (P.x - x) - P.y) % p
    return Point(x, y)

def mul2(P, p=modulo):
    if P == Z:
        return Z
    m = gmpy2.f_mod(3 * P.x * P.x * gmpy2.invert(2 * P.y, p), p)
    x = gmpy2.f_mod(m * m - 2 * P.x, p)
    y = gmpy2.f_mod(m * (P.x - x) - P.y, p)
    return Point(x, y)

def mulk(k, P=PG, p=modulo):
    if k == 0:
        return Z
    elif k == 1:
        return P
    elif k % 2 == 0:
        return mulk(k // 2, mul2(P, p), p)
    else:
        return add(P, mulk((k - 1) // 2, mul2(P, p), p), p)

def X2Y(X, y_parity, p=modulo):
    X_cubed = gmpy2.powmod(X, 3, p)
    X_squared = gmpy2.powmod(X, 2, p)
    tmp = gmpy2.f_mod(X_cubed + 7, p)
    Y = gmpy2.powmod(tmp, gmpy2.f_div(gmpy2.add(p, 1), 4), p)
    if y_parity == 1:
        Y = gmpy2.f_mod(-Y, p)
    return Y


def comparator(A, Ak, B, Bk):
    result = set(A).intersection(set(B))
    if result:
        sol_kt = A.index(next(iter(result)))
        sol_kw = B.index(next(iter(result)))
        HEX = "%064x" % abs(Ak[sol_kt] - Bk[sol_kw])
        dec = int(HEX, 16)
        wifc = ice.btc_pvk_to_wif(HEX)
        wifu = ice.btc_pvk_to_wif(HEX, False)
        caddr = ice.privatekey_to_address(0, True, dec)
        uaddr = ice.privatekey_to_address(0, False, dec)
        total_time = time.time() - starttime
        print('\n[+] total time: %.2f sec' % (total_time))
        t = time.ctime()
        print(f"\033[32m[+] PUZZLE SOLVED: {t} \033[0m")
        print(f"\033[32m[+] Private key (wif) Compressed : {wifc} \033[0m")
        with open("KEYFOUNDKEYFOUND.txt", "a") as file:
            file.write("\n\nSOLVED " + t)
            file.write(f"\nTotal Time: {total_time:.2f} sec")
            file.write(f"\nRandom seed: {seed}")
            file.write("\nPrivate Key (decimal): " + str(dec))
            file.write("\nPrivate Key (hex): " + HEX)
            file.write("\nPrivate key (wif) Compressed : " + wifc)
            file.write("\nPrivate key (wif) Uncompressed: " + wifu)
            file.write("\nBitcoin address Compressed: " + caddr)
            file.write("\nBitcoin address Uncompressed: " + uaddr)
            file.write(
                "\n-------------------------------------------------------------------------------------------------------------------------------------------\n"
            )
        file.close()
        return True
    else:
        return False

def check(P, Pindex, DP_rarity, A, Ak, B, Bk):
    if P.x % DP_rarity == 0:
        A.append(gmpy2.mpz(P.x))
        Ak.append(gmpy2.mpz(Pindex))
        return comparator(A, Ak, B, Bk)
    else:
        return False

# Generate a list of powers of two for faster access

def generate_powers_of_two(hop_modulo):
    return [gmpy2.mpz(1 << pw) for pw in range(hop_modulo)]

def search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two):
    solved = False
    t = [gmpy2.mpz(lower_range_limit + gmpy2.mpz(random.randint(0, upper_range_limit - lower_range_limit))) for _ in range(Nt)]
    T = [mulk(ti) for ti in t]
    dt = [gmpy2.mpz(0) for _ in range(Nt)]
    w = [gmpy2.mpz(random.randint(0, upper_range_limit - lower_range_limit)) for _ in range(Nw)]
    W = [add(W0, mulk(wk)) for wk in w]
    dw = [gmpy2.mpz(0) for _ in range(Nw)]
    print('[+] tame and wild herds are prepared')
    Hops, Hops_old = 0, 0
    t0 = time.time()  
    while not solved:
        for k in range(Nt):
            Hops += 1
            pw = T[k].x % hop_modulo
            dt[k] = powers_of_two[pw]
            solved = check(T[k], t[k], DP_rarity, T, t, W, w)
            if solved: break
            t[k] += dt[k]
            T[k] = add(P[int(pw)], T[k])
        if solved: break
        for k in range(Nw):
            Hops += 1
            pw = W[k].x % hop_modulo
            dw[k] = powers_of_two[pw]
            solved = check(W[k], w[k], DP_rarity, W, w, T, t)
            if solved: break
            w[k] += dw[k]
            W[k] = add(P[int(pw)], W[k])
        if solved: break
        t1 = time.time()
        if (t1 - t0) > 5:
            print('\r[+] Hops: %.0f h/s' % ((Hops - Hops_old) / (t1 - t0)), end='', flush=True)
            t0 = t1
            Hops_old = Hops
    print('[+] Hops:', Hops)
    return 'sol. time: %.2f sec' % (time.time() - starttime)

puzzles = [\
    ('0209c58240e50e3ba3f833c82655e8725c037a2294e14cf5d73a5df8d56159de69',32),\
    ('03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4',40),\
    ('025e466e97ed0e7910d3d90ceb0332df48ddf67d456b9e7303b50a3d89de357336',44),\
    ('026ecabd2d22fdb737be21975ce9a694e108eb94f3649c586cc7461c8abf5da71a',45),\
    ('03f46f41027bbf44fafd6b059091b900dad41e6845b2241dc3254c7cdd3c5a16c6',50),\
    ('0230210c23b1a047bc9bdbb13448e67deddc108946de6de639bcc75d47c0216b1b',65),\
    ('03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852',130)]

puzzle = 40
for elem in puzzles:
    s, n = elem
    if puzzle == n: break

kangaroo_power = 4
DP_rarity = 1 << int(((puzzle -  2*kangaroo_power)/2 - 2))
hop_modulo = ((puzzle - 1) // 2) + kangaroo_power
Nt = Nw = 2**kangaroo_power

X = gmpy2.mpz(s[2:66], 16)
Y = X2Y(X, gmpy2.mpz(s[:2]) - 2)

W0 = Point(X,Y)
starttime = oldtime = time.time()
search_range = 2**(puzzle-1)

lower_range_limit = 2 ** (puzzle - 1)
upper_range_limit = (2 ** puzzle) - 1

print(f"[+] [Puzzle]: {puzzle}")
print(f"[+] [Lower range limit]: {lower_range_limit}")
print(f"[+] [Upper range limit]: {upper_range_limit}")

# Precompute powers of two for faster access
powers_of_two = generate_powers_of_two(hop_modulo)

# Initialize variables
T, t, dt = [], [], []
W, w, dw = [], [], []

#Random seed Config
seed = os.urandom(9)
print(f"[+] [Random seed]: {seed}")
random.seed(seed)

Hops = 0
N_tests = 1

P = [PG]
for k in range(255): P.append(mul2(P[k]))  
print('[+] P-table prepared')

for k in range(N_tests):
    solved = False
    search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two)

print('[+] Average time to solve: %.2f sec' % ((time.time()-starttime)/N_tests))

It normally goes to 207301 h/s

Imagine this in Rust, how fast would it go?

u128

const uint64_t

uint64 in C & u128 in Rust not work for Puzzle 130 (try to deal with dinosaur numbers)

BigUint/BIGINT from SSL works or GMP can be used

[kTimesG]

I can't squeeze out more than 852.000 affine point additions per second

I have 249457 hops per second in python  converting this script with cpython into .so

Imagine this in Rust, how fast would it go?

No idea, but I can tell you how fast it would go in C using the GMP routines, as I benchmarked a lot of tweaks and misc. formulas.

Close to 690k jumps /s, in-place point addition, no reallocs - this with using lowest level mpn_* routines (assembler optimized).
Around 638k jumps/s with the mpz_* routines.

Compare this to using the routines in libsecp256k1 field_impl.h and same formula steps:
affine + affine: 852k jumps/s (1 inversion, 2 multiplications, 1 squaring)

libsecp256k1 jacobian + affine addition -> jacobian result:
7.5M jumps/s (8M 3S) - removed safety checks since no point is the infinity and neither can be the result)
But... non-deterministic, I struggled for weeks to find a way to use a J point represented in multiple different ways to produce a stable hash, even a single one bit 50% probability hash as a base for deterministic jump). Seems we can only compare two J points for equality or non-equality, comparison result can vary its sign due to Z scaling.

It doesn't matter what Rust compiles down to, it can never ever generate machine code that runs faster than what the lowest level assembler routines can handle.

So we either need lots of threads (GPU) or some special hardware to speed things up.

[nomachine]

The problem is what are you going to use for the dinosaur numbers above Puzzle 128. I wrote above additionally. These test scripts will not work configured like this with Puzzle 130.

This will work whatever number you insert - use gmp.h

Code:

#include <iostream>
#include <gmp.h>
#include <gmpxx.h>
#include <cstdlib>
#include <ctime>
#include <iomanip>

int main() {
    mpz_class min_range("18446744073709551615");
    mpz_class max_range("36893488147419103231");
    mpz_class counter = 0;
    mpz_class dec;
    gmp_randstate_t state;

    gmp_randinit_default(state);
    std::time_t start_time = std::time(nullptr);
    double total_time = 0;

    mpz_t range;
    mpz_sub(range, max_range.get_mpz_t(), min_range.get_mpz_t());

    while (true) {
        mpz_urandomm(dec.get_mpz_t(), state, range);
        mpz_add(dec.get_mpz_t(), dec.get_mpz_t(), min_range.get_mpz_t());
        counter++;

        std::time_t current_time = std::time(nullptr);
        double elapsed_time = difftime(current_time, start_time);

        if (elapsed_time > total_time) {
            std::cout << "Total " << counter << " numbers in " << elapsed_time << " seconds: " << std::setprecision(0) << std::fixed << counter / elapsed_time << " numbers/s" << std::endl;
            total_time = elapsed_time;
        }

    }

    gmp_randclear(state);
    mpz_clear(range);
    return 0;
}

[kTimesG]

The problem is what are you going to use for the dinosaur numbers above Puzzle 128. I wrote above additionally.

Irrelevant. EC field (x, y) is always 256-bit, so this is the size of the operands always even for private key 0x1. Scalar (private key) size does not matter, beyond the initial multiplication. Jump points are precomputed, so we only have additions. The larger keyspace is only problematic due to its size, it doesn't affect the speed itself. Finding a 30-bit or 256-bit solution runs at the same speed. Actually, you don't even need to have any knowledge of the group size itself, just of the interval size.

What we need is algorithms breakthrough, or lots of coordinated "potatoes" and patience.

[k3ntINA]

Why are you nervous?
All the keys are merged together, there is no space between the keys, and it becomes a key with a length of 561 characters like this:
137815314CE01D3202483A7B1460293068F3C9361764F3080D5749FD2C551BA5342DE40F556E52D C2A041FA5EE5340326E6AC3875D916CE817E2551E3D94CD647D4 FE747B862A62E1A96CA8D834A65911D4AED211709DE820A7C1757756A9322382FACD04B5F8303E9 E9AE4933D6153869ACC5B2A221C58D8F6BD3B27C591E02B35A358F 122FCA143C052EC18388D5446CD610B53CBAADE6D7CE3B9B174176B015F4D22BD43C2E935475070 A1A009D4EFAE164CB9E3C180788E47E326C236FB6D5AD1F436ABE1F9B6 7E1149D18B63AC4FFDF1EB25C90795D61C2C675B852189A217496CBB87CAB44FFC07A1825367BBE 13C96A3742F64906363D541EB611ABEE7CCE5EFDACCF6808F7051F27B09 112D41A838B13505B26867
  It is interesting that the number of characters in hex mode by adjusting the distance between the characters of numbers (550) is only 11 away from the length of the key.
Now this one key with the length of 561 is placed inside the spiral circle and we have magic order in setting the distance of all characters (one by one) on 550.
did you understand?

https://www.talkimg.com/images/2024/05/05/roBa2.gif

[giovanimarks]

The Bitcoin puzzle transaction involving multiple addresses generated by a formula with corresponding private key values has intrigued many. The challenge to decipher the formula behind these addresses, with the prize of approximately 32 BTC, remains unsolved, inviting the Bitcoin community's collective efforts and ingenuity to crack it.

[nomachine]

The Bitcoin puzzle transaction involving multiple addresses generated by a formula with corresponding private key values has intrigued many. The challenge to decipher the formula behind these addresses, with the prize of approximately 32 BTC, remains unsolved, inviting the Bitcoin community's collective efforts and ingenuity to crack it.

Oh, sure! Because nothing screams "fun weekend activity" like trying to crack a cryptographic puzzle for a chance at some digital gold. Who needs Netflix when you can spend hours staring at strings of alphanumeric characters, hoping they form a magical circle that summons the secrets of the universe? It's like a high-stakes Sudoku, except instead of filling in numbers, you're filling in existential dread. But hey, at least you might end up with enough Bitcoin to buy a small tropical island, right? Totally worth it! 

[citb0in]

The Bitcoin puzzle transaction involving multiple addresses generated by a formula with corresponding private key values has intrigued many. The challenge to decipher the formula behind these addresses, with the prize of approximately 32 BTC, remains unsolved, inviting the Bitcoin community's collective efforts and ingenuity to crack it.

uninteresting output of  ChatGPT caused by non-sens input. Actually totally pointless and a waste of time. But somehow you have to keep your fake double-triple-four accounts on their toes, don't you?

[nomachine]

Keeping those Digaran fake accounts on their toes is practically a full-time gig now. 

[citb0in]

quote author=nomachine link=topic=1306983.msg64056686#msg64056686 date=1715321668]
Keeping those Digaran fake accounts on their toes is practically a full-time gig now. 
[/quote]

absolutely true. Unfortunately he is not alone abusing this forum by such techniques but I am not allowed to post detailed info.

[Tepan]

I can't squeeze out more than 852.000 affine point additions per second

I have 249457 hops per second in python  converting this script with cpython into .so

Code:

import time
import os
import sys
import random
import secp256k1 as ice
import gmpy2

if os.name == 'nt':
    os.system('cls')
else:
    os.system('clear')
t = time.ctime()
sys.stdout.write(f"\033[?25l")
sys.stdout.write(f"\033[01;33m[+] Kangaroo: {t}\n")
sys.stdout.flush()

modulo = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
order = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141)
Gx = gmpy2.mpz(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
Gy = gmpy2.mpz(0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)

# Define Point class
class Point:
    def __init__(self, x=0, y=0):
        self.x = gmpy2.mpz(x)
        self.y = gmpy2.mpz(y)

PG = Point(Gx, Gy)
Z = Point(0, 0)  # zero-point, infinite in real x, y - plane

def add(P, Q, p=modulo):
    if P == Z:
        return Q
    elif Q == Z:
        return P
    elif P.x == Q.x and (P.y != Q.y or P.y == 0):
        return Z
    elif P.x == Q.x:
        m = (3 * P.x * P.x) * gmpy2.invert(2 * P.y, p) % p
    else:
        m = (Q.y - P.y) * gmpy2.invert(Q.x - P.x, p) % p
  
    x = (m * m - P.x - Q.x) % p
    y = (m * (P.x - x) - P.y) % p
    return Point(x, y)

def mul2(P, p=modulo):
    if P == Z:
        return Z
    m = gmpy2.f_mod(3 * P.x * P.x * gmpy2.invert(2 * P.y, p), p)
    x = gmpy2.f_mod(m * m - 2 * P.x, p)
    y = gmpy2.f_mod(m * (P.x - x) - P.y, p)
    return Point(x, y)

def mulk(k, P=PG, p=modulo):
    if k == 0:
        return Z
    elif k == 1:
        return P
    elif k % 2 == 0:
        return mulk(k // 2, mul2(P, p), p)
    else:
        return add(P, mulk((k - 1) // 2, mul2(P, p), p), p)

def X2Y(X, y_parity, p=modulo):
    X_cubed = gmpy2.powmod(X, 3, p)
    X_squared = gmpy2.powmod(X, 2, p)
    tmp = gmpy2.f_mod(X_cubed + 7, p)
    Y = gmpy2.powmod(tmp, gmpy2.f_div(gmpy2.add(p, 1), 4), p)
    if y_parity == 1:
        Y = gmpy2.f_mod(-Y, p)
    return Y


def comparator(A, Ak, B, Bk):
    result = set(A).intersection(set(B))
    if result:
        sol_kt = A.index(next(iter(result)))
        sol_kw = B.index(next(iter(result)))
        HEX = "%064x" % abs(Ak[sol_kt] - Bk[sol_kw])
        dec = int(HEX, 16)
        wifc = ice.btc_pvk_to_wif(HEX)
        wifu = ice.btc_pvk_to_wif(HEX, False)
        caddr = ice.privatekey_to_address(0, True, dec)
        uaddr = ice.privatekey_to_address(0, False, dec)
        total_time = time.time() - starttime
        print('\n[+] total time: %.2f sec' % (total_time))
        t = time.ctime()
        print(f"\033[32m[+] PUZZLE SOLVED: {t} \033[0m")
        print(f"\033[32m[+] Private key (wif) Compressed : {wifc} \033[0m")
        with open("KEYFOUNDKEYFOUND.txt", "a") as file:
            file.write("\n\nSOLVED " + t)
            file.write(f"\nTotal Time: {total_time:.2f} sec")
            file.write(f"\nRandom seed: {seed}")
            file.write("\nPrivate Key (decimal): " + str(dec))
            file.write("\nPrivate Key (hex): " + HEX)
            file.write("\nPrivate key (wif) Compressed : " + wifc)
            file.write("\nPrivate key (wif) Uncompressed: " + wifu)
            file.write("\nBitcoin address Compressed: " + caddr)
            file.write("\nBitcoin address Uncompressed: " + uaddr)
            file.write(
                "\n-------------------------------------------------------------------------------------------------------------------------------------------\n"
            )
        file.close()
        return True
    else:
        return False

def check(P, Pindex, DP_rarity, A, Ak, B, Bk):
    if P.x % DP_rarity == 0:
        A.append(gmpy2.mpz(P.x))
        Ak.append(gmpy2.mpz(Pindex))
        return comparator(A, Ak, B, Bk)
    else:
        return False

# Generate a list of powers of two for faster access

def generate_powers_of_two(hop_modulo):
    return [gmpy2.mpz(1 << pw) for pw in range(hop_modulo)]

def search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two):
    solved = False
    t = [gmpy2.mpz(lower_range_limit + gmpy2.mpz(random.randint(0, upper_range_limit - lower_range_limit))) for _ in range(Nt)]
    T = [mulk(ti) for ti in t]
    dt = [gmpy2.mpz(0) for _ in range(Nt)]
    w = [gmpy2.mpz(random.randint(0, upper_range_limit - lower_range_limit)) for _ in range(Nw)]
    W = [add(W0, mulk(wk)) for wk in w]
    dw = [gmpy2.mpz(0) for _ in range(Nw)]
    print('[+] tame and wild herds are prepared')
    Hops, Hops_old = 0, 0
    t0 = time.time()  
    while not solved:
        for k in range(Nt):
            Hops += 1
            pw = T[k].x % hop_modulo
            dt[k] = powers_of_two[pw]
            solved = check(T[k], t[k], DP_rarity, T, t, W, w)
            if solved: break
            t[k] += dt[k]
            T[k] = add(P[int(pw)], T[k])
        if solved: break
        for k in range(Nw):
            Hops += 1
            pw = W[k].x % hop_modulo
            dw[k] = powers_of_two[pw]
            solved = check(W[k], w[k], DP_rarity, W, w, T, t)
            if solved: break
            w[k] += dw[k]
            W[k] = add(P[int(pw)], W[k])
        if solved: break
        t1 = time.time()
        if (t1 - t0) > 5:
            print('\r[+] Hops: %.0f h/s' % ((Hops - Hops_old) / (t1 - t0)), end='', flush=True)
            t0 = t1
            Hops_old = Hops
    print('[+] Hops:', Hops)
    return 'sol. time: %.2f sec' % (time.time() - starttime)

puzzles = [\
    ('0209c58240e50e3ba3f833c82655e8725c037a2294e14cf5d73a5df8d56159de69',32),\
    ('03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4',40),\
    ('025e466e97ed0e7910d3d90ceb0332df48ddf67d456b9e7303b50a3d89de357336',44),\
    ('026ecabd2d22fdb737be21975ce9a694e108eb94f3649c586cc7461c8abf5da71a',45),\
    ('03f46f41027bbf44fafd6b059091b900dad41e6845b2241dc3254c7cdd3c5a16c6',50),\
    ('0230210c23b1a047bc9bdbb13448e67deddc108946de6de639bcc75d47c0216b1b',65),\
    ('03633cbe3ec02b9401c5effa144c5b4d22f87940259634858fc7e59b1c09937852',130)]

puzzle = 40
for elem in puzzles:
    s, n = elem
    if puzzle == n: break

kangaroo_power = 4
DP_rarity = 1 << int(((puzzle -  2*kangaroo_power)/2 - 2))
hop_modulo = ((puzzle - 1) // 2) + kangaroo_power
Nt = Nw = 2**kangaroo_power

X = gmpy2.mpz(s[2:66], 16)
Y = X2Y(X, gmpy2.mpz(s[:2]) - 2)

W0 = Point(X,Y)
starttime = oldtime = time.time()
search_range = 2**(puzzle-1)

lower_range_limit = 2 ** (puzzle - 1)
upper_range_limit = (2 ** puzzle) - 1

print(f"[+] [Puzzle]: {puzzle}")
print(f"[+] [Lower range limit]: {lower_range_limit}")
print(f"[+] [Upper range limit]: {upper_range_limit}")

# Precompute powers of two for faster access
powers_of_two = generate_powers_of_two(hop_modulo)

# Initialize variables
T, t, dt = [], [], []
W, w, dw = [], [], []

#Random seed Config
seed = os.urandom(9)
print(f"[+] [Random seed]: {seed}")
random.seed(seed)

Hops = 0
N_tests = 1

P = [PG]
for k in range(255): P.append(mul2(P[k]))  
print('[+] P-table prepared')

for k in range(N_tests):
    solved = False
    search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two)

print('[+] Average time to solve: %.2f sec' % ((time.time()-starttime)/N_tests))

It normally goes to 207301 h/s

Imagine this in Rust, how fast would it go?

u128

const uint64_t

uint64 in C & u128 in Rust not work for Puzzle 130 (try to deal with dinosaur numbers)

BigUint/BIGINT from SSL works or GMP can be used

okay good information here, i'll learn that for P#130, thankyou.