Bitcoin puzzle transaction ~32 BTC prize to who solves it

[kTimesG]

maybe speed up your Python.

Thanks for the input and insight , kang == jump point , enlighten me please.

It means that you''ll get the exception that you have same X when doing Group.add() if the kangaroo is on the same (or opposite) point that is the deterministic next jump point, which can (and will) happen if the range that is searched contains the jump positions themselves.

But looking fast over your code, it's not even doing an actual Kangaroo algo. it does EC point multiplications over subranges, so it's actually extremely inefficient. It looks more like a brute force attempt.

[nomachine]

its a bit mumbled up , wanted your perspective  , and not working also as intended , be gentle:

maybe speed up your Python.

What are you trying to do? It looks like you made some changes to the Python Kangaroo I posted 4 months ago that worked fine (sort of). What are the theoretical bases for your changes though? Some things to consider:

1. I stated several times the code is just for learning purposes. It has its own limitations and had some bugs as well, in edge-cases.
2. Python is very slow, even when using GMP.
3. Kangaroo with only 2 kang types takes longer to solve.
4. Kangaroo that doesn't take advantage of curve symmetry takes longer to solve.
5. Once you change jump tables, alpha, etc. you should really, really know what you're doing, and why. Point doublings (kang == jump_point) are not supported, for private reasons (that code was shrinked down from a larger implementation, I never need to bother with point doublings in any of my algorithms).

Thanks for the input and insight , kang == jump point , enlighten me please.

Code:

import time
import os
import sys
import gmpy2
from secrets import randbelow
from math import log2, sqrt, log

os.system("cls||clear")
t = time.ctime()
sys.stdout.write(f"\033[?25l\033[01;33m[+] Kangaroo: {t}\n")
sys.stdout.flush()

modulo = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
order = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141)
Gx = gmpy2.mpz(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
Gy = gmpy2.mpz(0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
PG = (Gx, Gy)

def add(P, Q):
    if P == (0, 0): return Q
    if Q == (0, 0): return P
    Px, Py = P
    Qx, Qy = Q
    if Px == Qx:
        if Py == Qy:
            inv_den = gmpy2.invert(Py << 1, modulo)
            m = (3 * Px * Px * inv_den) % modulo
        else:
            return (0, 0)
    else:
        inv_dx = gmpy2.invert(Qx - Px, modulo)
        m = ((Qy - Py) * inv_dx) % modulo
    x = (m * m - Px - Qx) % modulo
    y = (m * (Px - x) - Py) % modulo
    return (x, y)

def mul(k, P=PG):
    R0, R1 = (0, 0), P
    for i in reversed(range(k.bit_length())):
        if (k >> i) & 1:
            R0, R1 = add(R0, R1), add(R1, R1)
        else:
            R1, R0 = add(R0, R1), add(R0, R0)
    return R0

def X2Y(X, y_parity, p=modulo):
    X3_7 = (pow(X, 3, p) + 7) % p
    if gmpy2.jacobi(X3_7, p) != 1:
        return None
    Y = gmpy2.powmod(X3_7, (p + 1) >> 2, p)
    return Y if (Y & 1) == y_parity else (p - Y)

def generate_powers_of_two(hop_modulo):
    return [1 << pw for pw in range(hop_modulo)]

def handle_solution(solution):
    HEX = f"{abs(solution):064x}"
    dec = int(HEX, 16)
    print(f"\n\033[32m[+] PUZZLE SOLVED \033[0m")
    print(f"\033[32m[+] Private key (dec): {dec} \033[0m")
    with open("KEYFOUNDKEYFOUND.txt", "a") as file:
        file.write(f"\n\nSOLVED {t}\nPrivate Key (decimal): {dec}\nPrivate Key (hex): {HEX}\n{'-' * 100}\n")
    return True

def search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two):
    solved = False
    rand_range = upper_range_limit - lower_range_limit
    t_values = [lower_range_limit + randbelow(rand_range) for _ in range(Nt)]
    w_values = [randbelow(rand_range) for _ in range(Nw)]
    T = [mul(ti) for ti in t_values]
    W = [add(W0, mul(wk)) for wk in w_values]
    dt = [0] * Nt
    dw = [0] * Nw
    tame_dps, wild_dps = {}, {}
    print('[+] Tame and wild herds prepared')
    last_print_time = starttime = time.time()
    Hops, Hops_old = 0, 0
    while not solved:
        current_time = time.time()
        for k, Tk in enumerate(T):
            Hops += 1
            Tk_x = Tk[0]
            pw = Tk_x % hop_modulo
            dt[k] = powers_of_two[pw]
            if Tk_x % DP_rarity == 0:
                wild_value = wild_dps.get(Tk_x)
                if wild_value is not None:
                    return handle_solution(wild_value - t_values[k])
                tame_dps[Tk_x] = t_values[k]
            t_values[k] += dt[k]
            T[k] = add(P[pw], Tk)
        for k, Wk in enumerate(W):
            Hops += 1
            Wk_x = Wk[0]
            pw = Wk_x % hop_modulo
            dw[k] = powers_of_two[pw]
            if Wk_x % DP_rarity == 0:
                tame_value = tame_dps.get(Wk_x)
                if tame_value is not None:
                    return handle_solution(w_values[k] - tame_value)
                wild_dps[Wk_x] = w_values[k]
            w_values[k] += dw[k]
            W[k] = add(P[pw], Wk)

        if current_time - last_print_time >= 5:
            elapsed_time = current_time - starttime
            hops_since_last = Hops - Hops_old
            hops_per_second = hops_since_last / (current_time - last_print_time)
            last_print_time = current_time
            Hops_old = Hops
            elapsed_time_str = time.strftime('%H:%M:%S', time.gmtime(elapsed_time))
            hops_log = f'{log2(Hops):.2f}' if Hops > 0 else '0.00'
            print(f'[+] [Hops: 2^{hops_log} <-> {hops_per_second:.0f} h/s] [{elapsed_time_str}]',
                  end='\r', flush=True)
    print('\r[+] Hops:', Hops)
    print(f'[+] Average time to solve: {time.time() - starttime:.2f} sec')

# Configuration
puzzle = 40
compressed_public_key = "03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4"
kangaroo_power = puzzle // 5
lower_range_limit, upper_range_limit = 2**(puzzle-1), (2**puzzle) - 1
DP_rarity = 1 << ((puzzle - 1) // 2 - 2) // 2 + 2
hop_modulo = round(log(2**puzzle)+5)
Nt = Nw = 2**kangaroo_power
powers_of_two = generate_powers_of_two(hop_modulo)

if len(compressed_public_key) == 66:
    X = gmpy2.mpz(int(compressed_public_key[2:66], 16))
    Y = X2Y(X, int(compressed_public_key[:2]) - 2)
else:
    print("[error] Public key length invalid!")
    sys.exit(1)

W0 = (X, Y)
P = [PG]
for _ in range(int(puzzle ** 1.1)): 
    P.append(mul(2, P[-1])) 
print('[+] P-table prepared')

starttime = time.time()
print(f"[+] Puzzle: {puzzle}")
print(f"[+] Lower range limit: {lower_range_limit}")
print(f"[+] Upper range limit: {upper_range_limit}")
print(f"[+] DP: 2^{int(log2(DP_rarity))} ({DP_rarity:d})")
print(f"[+] Expected Hops: 2^{log2(2 * sqrt(1 << puzzle)):.2f} ({int(2 * sqrt(1 << puzzle))})")

search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two)
print(f"[+] Total time: {time.time() - starttime:.2f} seconds")

• Kangaroo: Fri Feb  7 22:00:56 2025
• P-table prepared
• Puzzle: 40
• Lower range limit: 549755813888
• Upper range limit: 1099511627775
• DP: 2^10(400)
• Expected Hops: 2^21.00 (2097152)
• Tame and wild herds prepared.
• [Hops: 2^20.59 <-> 316085 h/s] [00:00:05]
• PUZZLE SOLVED
• Private key (dec): 1003651412950
• Total time: 5.21 seconds

You can also try my script for learning process.

But I won't give you false hope that this script can solve anything above 60 soon. It's simply beyond the reach of python's capabilities.

[Cricktor]

~~~

Are you actually that dumb or do you only pretend to be dumb? I can't yet decide...

Because you fail to post your code in [code]...[/code] tags, at minimum any occurrance of strings [i] gets swallowed up and I can tell you it's not only at one spot. Ever wondered why some portions of your ill-posted code come out in italic? Guess which BBcode does that...

[code]...[/code] tags have a purpose...

[Cryptoman2009]

How do bots anticipate the transfer transaction if a puzzle wallet is found ?

[madogss]

How do bots anticipate the transfer transaction if a puzzle wallet is found ?

They don't, you set up a bot to check the blockchain whether through your own node or a public node like blockchain.com to see if a public key is available for the puzzle wallet every few seconds (public nodes usually have rate limits so you might have to check less often).

You can look at the history here some people have discussed this and posted versions of their bot code.

[Cryptoman2009]

How do bots anticipate the transfer transaction if a puzzle wallet is found ?

............... You can look at the history here some people have discussed this and posted versions of their bot code.

"here" do you mean in this thread or is there a link?
thanks

another question for the experts, is it possible to do a bruteforce search with GPUs (lots of them) that produces 1.44×10^30 keys per second?
That's about 1,440,000,000,000,000,000,000,000,000,000,000 keys/s
One nonillion four hundred forty octillion......

[madogss]

"here" do you mean in this thread or is there a link?
thanks

another question for the experts, is it possible to do a bruteforce search with GPUs (lots of them) that produces 1.44×10^30 keys per second?
That's about 1,440,000,000,000,000,000,000,000,000,000,000 keys/s
One nonillion four hundred forty octillion......

yes in this thread.

yes you can it's easy if you have tons of GPUs.

[puzzlemandelux]

Today I found this
1BY8GQbnue8D5XmBEE3PtbUMGLRAynLeSa

prefix: 1BY8GQbnue

[cryptouser1001]

There may be something to vanity searches after all...

private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0fe , address: 0xbC22eB6e2c46349F29930Bb134A4c97763a54dec
private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff ,  address: 0xeB351eb00c7A274d8A2AeBb1F22a6921A0C66ee3

Two consecutive private keys that have addresses with 3 matching hex digits in the same position ("Bb1", position 22-24).

Oh yeah, in case you were wondering (and since this is the Bitcoin puzzle forum and all) the compressed BTC addresses for these keys share consecutive hex digits characters as well.

If this pattern holds true this encryption is broken.

[kTimesG]

There may be something to vanity searches after all...

private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0fe , address: 0xbC22eB6e2c46349F29930Bb134A4c97763a54dec
private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff ,  address: 0xeB351eb00c7A274d8A2AeBb1F22a6921A0C66ee3

Two consecutive private keys that have addresses with 3 matching hex digits in the same position ("Bb1", position 22-24).

Oh yeah, in case you were wondering (and since this is the Bitcoin puzzle forum and all) the BTC addresses for these keys share consecutive hex digits as well.

If this pattern holds true this encryption is broken.

Amazing, but before you go breaking the encryption and all, the only thing I wonder is if hex numbers that mix lower and upper hex digits are a new thing. Or do you randomly pick whether you should print a "B" or a "b", and a "C" or a "c", when displaying a nibble, just for fun? Neat, it was boring to always see those pesky A-F in either all capital or all lower!

[cryptouser1001]

There may be something to vanity searches after all...

private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0fe , address: 0xbC22eB6e2c46349F29930Bb134A4c97763a54dec
private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff ,  address: 0xeB351eb00c7A274d8A2AeBb1F22a6921A0C66ee3

Two consecutive private keys that have addresses with 3 matching hex digits in the same position ("Bb1", position 22-24).

Oh yeah, in case you were wondering (and since this is the Bitcoin puzzle forum and all) the compressed BTC addresses for these keys share consecutive hex digits characters as well.

If this pattern holds true this encryption is broken.

Amazing, but before you go breaking the encryption and all, the only thing I wonder is if hex numbers that mix lower and upper hex digits are a new thing. Or do you randomly pick whether you should print a "B" or a "b", and a "C" or a "c", when displaying a nibble, just for fun? Neat, it was boring to always see those pesky A-F in either all capital or all lower!

Case sensitivity is a moot point.

You may have to follow that yellow brick road called the elliptical curve to see Oz.

Sticking with the hockey theme:
private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face058 , address: 0xC8A738e409B685E9B5622EC94C1E7F656Bc38c49 matching characters: EC94 , matching positions (w/o 0x): 22,23,24,25
private key: 0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face0ff0face059 , address: 0x111bebd4b1a847498E7AfBe70Ec9423d2bf7Cd37 , matching characters: Ec94  , matching positions (w/o 0x): 26,27,28,29 (following the yellow brick road from above which led to position 26)
   
Someone shouldn't know (a segment of) your password based on the account number at the bottom of the check you hand them.

[nomachine]

Ole, FE57, oldie but goodie!  I believe it's sprinkled in the python script as well.  But this was one of the first Python scripts that I remember seeing put out for the public. Many worked on it.

I'm wondering if going from GMP to iceland's package, would offer some speed up.

It might be 5-10% faster now.  

Code:

# based on http://fe57.org/forum/thread.php?board=4&thema=1
import time, os, sys
from secrets import randbelow
import secp256k1 #https://github.com/iceland2k14/secp256k1
from math import log2, sqrt, log

os.system("cls||clear")
t = time.ctime()
sys.stdout.write(f"\033[?25l\033[01;33m[+] Kangaroo: {t}\n")
sys.stdout.flush()

def generate_powers_of_two(hop_modulo):
    return [1 << pw for pw in range(hop_modulo)]

def handle_solution(solution):
    HEX = f"{abs(solution):064x}"
    dec = int(HEX, 16)
    print(f"\n\033[32m[+] PUZZLE SOLVED \033[0m")
    print(f"\033[32m[+] Private key (dec): {dec} \033[0m")
    with open("KEYFOUNDKEYFOUND.txt", "a") as file:
        file.write(f"\n\nSOLVED {t}\nPrivate Key (decimal): {dec}\nPrivate Key (hex): {HEX}\n{'-' * 130}\n")
    return True

def search(W0, DP_rarity, Nw, Nt, hop_modulo, end, start, powers_of_two, P_table):
    solved = False
    rand_range = end - start
    t_values = [start + randbelow(rand_range) for _ in range(Nt)]
    w_values = [randbelow(rand_range) for _ in range(Nw)]
    T = [secp256k1.scalar_multiplication(ti) for ti in t_values]
    W = [secp256k1.point_addition(W0, secp256k1.scalar_multiplication(wk)) for wk in w_values]   
    dt = [0] * Nt
    dw = [0] * Nw
    tame_points, wild_points = {}, {}   
    print('[+] Tame and wild herds prepared')
    last_print_time = starttime = time.time()
    Hops, Hops_old = 0, 0   
    while not solved:
        current_time = time.time()
        for k, Tk in enumerate(T):
            Hops += 1
            pub_t = secp256k1.point_to_cpub(Tk)[2:].zfill(64)
            pw = int(pub_t, 16) % hop_modulo
            dt[k] = powers_of_two[pw]           
            if int(pub_t, 16) & (DP_rarity - 1) == 0:  # DP check
                tame_points[pub_t] = t_values[k]
                if pub_t in wild_points:
                    return handle_solution(t_values[k] - wild_points[pub_t])         
            t_values[k] += dt[k]
            T[k] = secp256k1.point_addition(P_table[pw], Tk)
        for k, Wk in enumerate(W):
            Hops += 1
            pub_w = secp256k1.point_to_cpub(Wk)[2:].zfill(64)
            pw = int(pub_w, 16) % hop_modulo
            dw[k] = powers_of_two[pw]           
            if int(pub_w, 16) & (DP_rarity - 1) == 0:  # DP check
                wild_points[pub_w] = w_values[k]
                if pub_w in tame_points:
                    return handle_solution(tame_points[pub_w] - w_values[k])        
            w_values[k] += dw[k]
            W[k] = secp256k1.point_addition(P_table[pw], Wk)
        
        if current_time - last_print_time >= 5:
            elapsed_time = current_time - starttime
            hops_since_last = Hops - Hops_old
            hops_per_second = hops_since_last / (current_time - last_print_time)
            last_print_time = current_time
            Hops_old = Hops
            elapsed_time_str = time.strftime('%H:%M:%S', time.gmtime(elapsed_time))
            hops_log = f'{log2(Hops):.2f}' if Hops > 0 else '0.00'
            print(f'[+] [Hops: 2^{hops_log} <-> {hops_per_second:.0f} h/s] [{elapsed_time_str}]',
                  end='\r', flush=True)

    print('\r[+] Hops:', Hops)
    print(f'[+] Average time to solve: {time.time() - starttime:.2f} sec')

# Configuration
puzzle = 40
compressed_public_key = "03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4"
kangaroo_power = puzzle // 5
start, end = 2**(puzzle-1), (2**puzzle) - 1
DP_rarity = 1 << ((puzzle - 1) // 2 - 2) // 2 + 2
hop_modulo = round(log(2**puzzle)+5)
Nt = Nw = 2**kangaroo_power
powers_of_two = generate_powers_of_two(hop_modulo)

P_table = []
pk = 1
for _ in range(255):
    P_table.append(secp256k1.scalar_multiplication(pk)) 
    pk *= 2    
print(f"[+] P-table prepared with {len(P_table)} points")

W0 = secp256k1.pub2upub(compressed_public_key)
starttime = time.time()

print(f"[+] Puzzle: {puzzle}")
print(f"[+] Lower range limit: {start}")
print(f"[+] Upper range limit: {end}")
print(f"[+] DP: 2^{int(log2(DP_rarity))} ({DP_rarity:d})")
print(f"[+] Expected Hops: 2^{log2(2 * sqrt(1 << puzzle)):.2f} ({int(2 * sqrt(1 << puzzle))})")

search(W0, DP_rarity, Nw, Nt, hop_modulo, end, start, powers_of_two, P_table)
print(f"[+] Total time: {time.time() - starttime:.2f} seconds")

• Kangaroo: Wed Feb 12 07:18:30 2025
• P-table prepared with 255 points
• Puzzle: 40
• Lower range limit: 549755813888
• Upper range limit: 1099511627775
• DP: 2^10 (1024)
• Expected Hops: 2^21.00 (2097152)
• Tame and wild herds prepared
• [Hops: 2^20.28 <-> 253984 h/s] [00:00:05]
• PUZZLE SOLVED
• Private key (dec): 1003651412950
• Total time: 6.89 seconds

p.s.

 It depends on how point_addition and scalar_multiplication are implemented in C. Cython can call these functions without the overhead of Python's function call mechanism.

[fecell]

It might be 5-10% faster now.  

it might be 70% faster with some check of tame's and wild's values.
like "cancer grow".
no more secrets.

[brainless]

It's page 369, it's secret code of nikola Tesla , hope someone shows success before page number change

[karrask]

It's page 369, it's secret code of nikola Tesla , hope someone shows success before page number change

brainless
Member
**


Activity: 369
Merit: 35

[Menowa*]

Which ranges do we have already scanned?

[nomachine]

it might be 70% faster with some check of tame's and wild's values.
like "cancer grow".
no more secrets.

I have developed a new method now.

Collisions can now occur between:

Tame and Wild kangaroos,

Tame Inverse and Wild kangaroos,

Tame and Wild Inverse kangaroos,

Tame Inverse and Wild Inverse kangaroos.

 

[the crack]

IS THIS SOLVED?>

[bibilgin]

IS THIS SOLVED?>

Yes

Some VERY SMART people even show these pictures around to prove that they have been solved.

The reason he didn't transfer was because he was afraid of BOTS.
(BE CAREFUL about scammers!)

https://ibb.co/VW77RSBK
https://ibb.co/8ghhY5Nd

[kTimesG]

it might be 70% faster with some check of tame's and wild's values.
like "cancer grow".
no more secrets.

I have developed a new method now.

Collisions can now occur between:

Tame and Wild kangaroos,

Tame Inverse and Wild kangaroos,

Tame and Wild Inverse kangaroos,

Tame Inverse and Wild Inverse kangaroos.

 

"New", lol. I written about these since last September, if not August, months before even RCKang was made public. How are these new? I even explained all the formulas for why they work.

Also, you missed a few, let me fix your list of solvable collisions:

Wild and Wild;

Wild inverse and Wild inverse.

Wild and Wild inverse.

Wild inverse and Wild.

Tames are not mandatory to solve ECDLP with Kangaroo - it can even be solved with only either Wild or inverse Wilds kangaroos.

There's a lot more to say about this subject, but since this thread managed to transform again into a big pile of BS where everyone seems to have reinvented the basic laws of nature, it's not worthy for serious discussions.

IS THIS SOLVED?>

Yes

Some VERY SMART people even show these pictures around to prove that they have been solved.

The reason he didn't transfer was because he was afraid of BOTS.
(BE CAREFUL about scammers!)

Any semi-analphabet (or smarter) person can do a one-liner of Python and post the SHA-256 hash of the public key, this is the only necessary and required piece of evidence anyone needs to verify a statement that a private key of an address was found; not some blurry picture that has no actual relevance to anything.

And a smart person that knows about BOTS and that disabled RBF is totally futile and that any key below 100 bits can be cracked in less than 10 minutes, would not even bother trying to crack the private key. That is the smart way to handle the problem.