Bitcoin puzzle transaction ~32 BTC prize to who solves it

[nomachine]

Code:

Private Key: 0xade6d7ce3b9b
Ops: 8690688 Stored: 135855
Speed: 396380 ops/s
Finished in 21.9 s

• KANGAROO: Thu Oct 17 08:35:42 2024
• [Puzzle]: 50
• [Lower range limit]: 562949953421312
• [Upper range limit]: 1125899906842623
• [EC Point Coordinate X]: 110560903758971929709743161563183868968201998016819862389797221564458485814982
• [EC Point Coordinate Y]: 106403041512432555215316396882584033752066537554388330180776939978150437217531
• [Expected Hops: 2^25.50 (47453132)]
• [Hops: 2^24.81 <-> 625037 h/s] [00:00:47]
• PUZZLE SOLVED: Thu Oct 17 08:36:29 2024
• Private key (dec): 611140496167764
• Hops: 29560288
• Average time to solve: 47 sec

It averages 625,037 h/s on a single core (AMD Ryzen 7 5700X). This is in full CPU mode. I achieve the best results on the Ampere® Altra® Q80-30 in multicore mode.

[Akito S. M. Hosana]

I achieve the best results on the Ampere® Altra® Q80-30 in multicore mode.

Do you have hosting on Ampere with Hetzner as your hosting provider?  

[nomachine]

I achieve the best results on the Ampere® Altra® Q80-30 in multicore mode.

Do you have hosting on Ampere with Hetzner as your hosting provider?  

Sure, I also have a pet unicorn that helps me manage the cluster.   

[kTimesG]

Code:

Private Key: 0xade6d7ce3b9b
Ops: 8690688 Stored: 135855
Speed: 396380 ops/s
Finished in 21.9 s

• KANGAROO: Thu Oct 17 08:35:42 2024
• [Puzzle]: 50
• Average time to solve: 47 sec

It averages 625,037 h/s on a single core (AMD Ryzen 7 5700X). This is in full CPU mode. I achieve the best results on the Ampere® Altra® Q80-30 in multicore mode.

Isn't a multicore full CPU mode that achieves like 50% higher speed than a single-threaded Python script, like... very slow? You're still not doing this?

LE: oh ok, you said single core, but still... should be 10x - 15x faster than 600k/s.

[alexxino]

Puzzle #60 with a MacBook M1 Max
4.01e+03 seconds is 4010 seconds. So 1 hour and 11 minutes
I'm curious how much would it be with multithreading.

Code:

Ops: 1640142848 Table size: 25626624 Speed: 408909 ops/s
Ops: 1640964096 Table size: 25639463 Speed: 408910 ops/s
Private Key: 0xfc07a1825367bbe
Ops: 1641142272 Stored: 25642283
Speed: 408885 ops/s
Finished in 4.01e+03 s

[AlanJohnson]

Puzzle #60 with a MacBook M1 Max
4.01e+03 seconds is 4010 seconds. So 1 hour and 11 minutes
I'm curious how much would it be with multithreading.

Code:

Ops: 1640142848 Table size: 25626624 Speed: 408909 ops/s
Ops: 1640964096 Table size: 25639463 Speed: 408910 ops/s
Private Key: 0xfc07a1825367bbe
Ops: 1641142272 Stored: 25642283
Speed: 408885 ops/s
Finished in 4.01e+03 s

What's the point of all of this ?  You will never solve puzzle #135 with consumer class CPU.  Lower ranges can be solved with currently existing tools much faster  than python script...

[nomachine]

LE: oh ok, you said single core, but still... should be 10x - 15x faster than 600k/s.

Rust is 15-20 times faster, but it depends on the architecture.

Btw...These days, I'm implementing Kangaroo in VHDL.  

Code:

architecture fsm of scalar_mult is
  type state_type is (INIT, DOUBLE_ADD, DONE);
  signal state : state_type := INIT;
  signal k : unsigned(255 downto 0); -- Scalar
  signal P, Q : point_type; -- Points on the elliptic curve

begin
  process(clk, reset)
  begin
    if reset = '1' then
      state <= INIT;
    elsif rising_edge(clk) then
      case state is
        when INIT =>
          -- Set up initial values
          Q <= identity_point; -- Q = O
          P <= input_point;    -- P = input point
          state <= DOUBLE_ADD;

        when DOUBLE_ADD =>
          if k(255) = '1' then
            Q <= point_add(Q, P); -- Q = Q + P
          end if;
          P <= point_double(P);   -- P = 2P
          k <= k(254 downto 0) & '0'; -- Shift scalar
          if k = 0 then
            state <= DONE;
          end if;

        when DONE =>
          result <= Q; -- Output the result
      end case;
    end if;
  end process;
end architecture;

and so on.......

[kTimesG]

Puzzle #60 with a MacBook M1 Max
4.01e+03 seconds is 4010 seconds. So 1 hour and 11 minutes
I'm curious how much would it be with multithreading.

Same speed. Python uses GIL by default, so all threads are actually sequential (interleaved) at the interpreter level, unless you mix in some native libraries and disable GIL while they run.

You'd need to run multiple processes instead (multiprocessing module) but at that point you'll need some way to have a shared concurrency-safe hashmap.

Moral? it's just a high-level kang, not a high-performance kang.

Btw...These days, I'm implementing Kangaroo in VHDL.  

Well, that's it, we're screwed. My 3-kangaroo C program also runs on Raspberry Pi. I also have it an Android app with native JNI bindings to it. So every time I wake it up it runs a few batches to mine DPs. Next step is to implement kang on mobile GPUs using Vulkan.

[nomachine]

Well, that's it, we're screwed. My 3-kangaroo C program also runs on Raspberry Pi. I also have it an Android app with native JNI bindings to it. So every time I wake it up it runs a few batches to mine DPs. Next step is to implement kang on mobile GPUs using Vulkan.

I'm now looking for a place to rent ASICs where I can run custom software. However, there are firmware restrictions. Most ASICs, such as those from Bitmain (Antminer) or MicroBT (Whatsminer), come with firmware that may limit the ability to install custom software.

[alexxino]

I'm now looking for a place to rent ASICs where I can run custom software. However, there are firmware restrictions. Most ASICs, such as those from Bitmain (Antminer) or MicroBT (Whatsminer), come with firmware that may limit the ability to install custom software.

Did you check bitaxe family ?

[kTimesG]

Well, that's it, we're screwed. My 3-kangaroo C program also runs on Raspberry Pi. I also have it an Android app with native JNI bindings to it. So every time I wake it up it runs a few batches to mine DPs. Next step is to implement kang on mobile GPUs using Vulkan.

I'm now looking for a place to rent ASICs where I can run custom software. However, there are firmware restrictions. Most ASICs, such as those from Bitmain (Antminer) or MicroBT (Whatsminer), come with firmware that may limit the ability to install custom software.

So, I guess you're going after #67 / 68 / etc?

At this point, we might as well send an inquiry directly to TSMC and ask them how much they'd ask for a custom 3nm secp256k1 SoC. I don't think it's an issue for them, surely NSA already bought a ton of those by now.

[COBRAS]

How to get 2^60 publick or privkey from 120bit privkey. This is not ready to use, but, maybe someone will be interested:

Code:

N = 115792089237316195423570985008687907852837564279074904382605163141518161494337

# Фyнкция для нaxoждeния oбpaтнoгo элeмeнтa
def inv(v):
    return pow(v, N - 2, N)
def divnum(a, b):
    return (a * inv(b)) % N



target = 2**40 #this is what thant in result

divider = 2**40

P= 0x0000000000000000000000000000000000b10f22572c497a836ea187f2e1fc23 #privkey of 2**120




D = (target * divider) %N

DD = (P - D) %N

print(hex(DD*1%N))

F = ((P -DD %N)*1%N)%N

print(hex(F))

result= divnum(F,divider)

print(hex(result))

output:

0xb10f22572b497a836ea187f2e1fc23
0x100000000000000000000
0x10000000000


for get 2**40  priv after dividing to 2**40,  from 2**120 priv need  substract  from 2**120 priv this number 0xb10f22572b497a836ea187f2e1fc23 and divide to 2**40

any ideas ?

[citb0in]

Digaran, Cobras, etc. go to bed please

[COBRAS]

Digaran, Cobras, etc. go to bed please

)))

use DD = (P - D) %N as a P many times, result  from 2^120 to
print( 0x29d7a836ea187f2e1fc2 -2**77) 78 bit.This is by hands calculation, without for/wile - not many pubkeys.

[albert0bsd]

Together with the target address I will also provide the range of the search interval.

This will be in the form (just an example):

Code:

minKey = 0xf2e542b46066c4e6f91abc80000000000000000000185e689447431d74c5b133
maxKey = 0xf2e542b46066c4e6f91abcbfffffffffffffffffffd85e689447431d74c5b133

The Hamming length of the range will therefore be 80 contiguous bits, but they may start anywhere.

Nice Challenge

Well If you provide the EXACT range it can be solve subtracting the bits that remain same in both start an end range example for some key as your example:

Code:

StarRange: f2e542b46066c4e6f91abc80000000000000000000185e689447431d74c5b133
ENDRange:  f2e542b46066c4e6f91abcbfffffffffffffffffff185e689447431d74c5b133

Key:       f2e542b46066c4e6f91abcc206b831c41b15d6bf49185e689447431d74c5b133
Publickey: 0259f57acc739162a68785c08baf201da1b2797d90ded6cd5dde5c3f26b6df24ae
MSB      : f2e542b46066c4e6f91abc000000000000000000000000000000000000000000

Subtracting Most significan bits:

Code:

./keymath 0259f57acc739162a68785c08baf201da1b2797d90ded6cd5dde5c3f26b6df24ae - 0xf2e542b46066c4e6f91abc000000000000000000000000000000000000000000
Result: 03dc89a446662604456da1f1fdfba0e578fb69e9750751081b3e070cb747280bfc

With this step the original  key may look like: 0xc206b831c41b15d6bf49185e689447431d74c5b133

Subtracting Less significan bits:

LSB:       000000000000000000000000000000000000000000185e689447431d74c5b133

Code:

./keymath 03dc89a446662604456da1f1fdfba0e578fb69e9750751081b3e070cb747280bfc - 0x185e689447431d74c5b133
Result: 029659ffde564a27b7e6ea76936dcc6c33ef969d1a089a05214151ebc9ef4f9db7

With this step the original key may look like: 0xc206b831c41b15d6bf490000000000000000000000

Now we need to remove zeros on the right:

0xc206b831c41b15d6bf490000000000000000000000
                   0x10000000000000000000000

Code:

./keymath 029659ffde564a27b7e6ea76936dcc6c33ef969d1a089a05214151ebc9ef4f9db7 / 0x10000000000000000000000
Result: 027fb98c7edb7aef934a25eaf02384dbb42a9b8a32a85b451a5e13e5ebdd613f85

With this step the original key may look like: 0xc206b831c41b15d6bf49
So once that you solve the public key: 027fb98c7edb7aef934a25eaf02384dbb42a9b8a32a85b451a5e13e5ebdd613f85

You need to do do the same steps backwards to get the original key.

So this is just a simple 80 bit challenge that can be solve with kangaroo:

Now

Currently I have a 80-bits solver DP database that can solve any key in under 6 seconds on a GPU, and under a minute if using the CPU.

If you can solve it under 6 seconds on GPU or under a minute un CPU then this is not any challenge if you already have the right tools and scripts to the operations on the public key.

Since time ago you have such DP dataset the I bet nobody is going to beat you

Well, that's it, we're screwed. My 3-kangaroo C program also runs on Raspberry Pi. I also have it an Android app with native JNI bindings to it. So every time I wake it up it runs a few batches to mine DPs. Next step is to implement kang on mobile GPUs using Vulkan.

[karrask]

Together with the target address I will also provide the range of the search interval.

This will be in the form (just an example):

Code:

minKey = 0xf2e542b46066c4e6f91abc80000000000000000000185e689447431d74c5b133
maxKey = 0xf2e542b46066c4e6f91abcbfffffffffffffffffffd85e689447431d74c5b133

The Hamming length of the range will therefore be 80 contiguous bits, but they may start anywhere.

Nice Challenge

Well If you provide the EXACT range it can be solve subtracting the bits that remain same in both start an end range example for some key as your example:

Code:

StarRange: f2e542b46066c4e6f91abc80000000000000000000185e689447431d74c5b133
ENDRange:  f2e542b46066c4e6f91abcbfffffffffffffffffff185e689447431d74c5b133

Key:       f2e542b46066c4e6f91abcc206b831c41b15d6bf49185e689447431d74c5b133
Publickey: 0259f57acc739162a68785c08baf201da1b2797d90ded6cd5dde5c3f26b6df24ae
MSB      : f2e542b46066c4e6f91abc000000000000000000000000000000000000000000

Subtracting Most significan bits:

Code:

./keymath 0259f57acc739162a68785c08baf201da1b2797d90ded6cd5dde5c3f26b6df24ae - 0xf2e542b46066c4e6f91abc000000000000000000000000000000000000000000
Result: 03dc89a446662604456da1f1fdfba0e578fb69e9750751081b3e070cb747280bfc

With this step the original  key may look like: 0xc206b831c41b15d6bf49185e689447431d74c5b133

Subtracting Less significan bits:

LSB:       000000000000000000000000000000000000000000185e689447431d74c5b133

Code:

./keymath 03dc89a446662604456da1f1fdfba0e578fb69e9750751081b3e070cb747280bfc - 0x185e689447431d74c5b133
Result: 029659ffde564a27b7e6ea76936dcc6c33ef969d1a089a05214151ebc9ef4f9db7

With this step the original key may look like: 0xc206b831c41b15d6bf490000000000000000000000

Now we need to remove zeros on the right:

0xc206b831c41b15d6bf490000000000000000000000
                   0x10000000000000000000000

Code:

./keymath 029659ffde564a27b7e6ea76936dcc6c33ef969d1a089a05214151ebc9ef4f9db7 / 0x10000000000000000000000
Result: 027fb98c7edb7aef934a25eaf02384dbb42a9b8a32a85b451a5e13e5ebdd613f85

With this step the original key may look like: 0xc206b831c41b15d6bf49
So once that you solve the public key: 027fb98c7edb7aef934a25eaf02384dbb42a9b8a32a85b451a5e13e5ebdd613f85

You need to do do the same steps backwards to get the original key.

So this is just a simple 80 bit challenge that can be solve with kangaroo:

Now

Currently I have a 80-bits solver DP database that can solve any key in under 6 seconds on a GPU, and under a minute if using the CPU.

If you can solve it under 6 seconds on GPU or under a minute un CPU then this is not any challenge if you already have the right tools and scripts to the operations on the public key.

Since time ago you have such DP dataset the I bet nobody is going to beat you

Well, that's it, we're screwed. My 3-kangaroo C program also runs on Raspberry Pi. I also have it an Android app with native JNI bindings to it. So every time I wake it up it runs a few batches to mine DPs. Next step is to implement kang on mobile GPUs using Vulkan.

hello! I'm sorry, it seemed to me or you explained everything somehow difficult. to solve the problem, you need to change the generation of kangaroos or bsgs. so that she leaves the beginning and the end and goes through the middle (the 80-bit segment selected by him in a 256-bit key). the public key, he will give. I'm sorry again...
and also, I have one question for you, can I write to you in private messages?

[albert0bsd]

hello! I'm sorry, it seemed to me or you explained everything somehow difficult. to solve the problem.

Difficult?

It clear like a water!!

can I write to you in private messages?

TBH i don't have enough time for this, so the answer is no.

[kTimesG]

Part of this challenge is to see how different people think about it. Take it as a survey of mindsets.

@albert0bsd: why would I ever need to break my own key? I will already know it...

No, I will not try to replace the TX.

All of you have until 11.01 00:00 to get your EC checked up. Let's all hope COBRAS doesn't break it by then, he's really into something interesting, dividing and multiplying values just to end up with what he started with.

[karrask]

hello! I'm sorry, it seemed to me or you explained everything somehow difficult. to solve the problem.

Difficult?

It clear like a water!!

can I write to you in private messages?

TBH i don't have enough time for this, so the answer is no.

Understood, sorry to bother you.

Part of this challenge is to see how different people think about it. Take it as a survey of mindsets.

@albert0bsd: why would I ever need to break my own key? I will already know it...

No, I will not try to replace the TX.

All of you have until 11.01 00:00 to get your EC checked up. Let's all hope COBRAS doesn't break it by then, he's really into something interesting, dividing and multiplying values just to end up with what he started with.

if you use bsgs(kangaroo) at a speed of 20 ekeys / sec, a complete search will take 9 hours. if you run 10-16 computers at a speed of 2ekeys / sec, it should be found in 1-2 hours. a rough approach to solving your problem and in fact the simplest) although, for this you need to change the generation of bsgs(kangaroo), and this may be more difficult. Good luck with you survey of mindsets.

[albert0bsd]

if you use bsgs(kangaroo)

What is bsgs(kangaroo)

Those are different things, ONE think is Kangaroo and another complete different thing is bsgs.
Kangaroo is much more faster because it doesn't depend of memory like BSGS does.

kangaroo can solve that challenge in less of one minute with the proper data already precomputed.