o great translate.google, come and help me)

According to the author, the puzzle addresses are formed from truncated leading zeros of a hierarchical deterministic wallet. This means that the distribution is close to the ideal random, as far as hmac_sha512 is good, that is, very much.

There is no magic formula. As the author of the puzzle stated the addresses were selected randomly. Random = no formula, got it? Continue to waste your time looking but you will never find it.

Alas, blockheads constantly try to solve "something" in this, usually by trying to spot a pattern in walls of digits in every possible notation, missing the point that brute-forcing the private keys is only possible option, and there is no other possible approach. Looks like many humans are not only bad in comprehending extremely large numbers, they also fail to understand what word "random" means.

Lol. I remind you once again that the private key does not result from any algorithm. It's located at 2 ^ 59 and only this rule applies here.

why are you trying so hard to find a pattern where there are none?

this is not even "exactly a puzzle", i think you are misled by the choice of words by the starter. all these numbers you are trying to find a pattern for are chosen using a cryptographically secure pseudorandom number generator which has no pattern, if it did then it would have never been "secure" and should be considered broken.

Stop! Randomness does not mean the absence of patterns. What do you know about game theory?)

Do you have a formula or anything close? What exactly do your calculations mean? I'll appreciate some explanations!

Yes, i have.

I know it's been said already but to those of you who are posting these giant walls of numbers and analysis you're wasting your time. The only way these wallets will be cracked is by brute force. If you manage to find a flaw in the process used to generate random addresses you'd be much better off focusing on a larger payout. That being said, if you do manage to come up with a solid theory but lack the capacity to test a certain keyspace, post it here. I'll run it for you and even let you sweep the wallet yourself if you prove to be correct. The conjecture is ugly to try to read here and generally irrelevant nonsense.

Ok) let's start

More than a year I have been watching this topic. But no one has described many obvious things.

What random factors affect search?

**1) Classic factor 50%: on average we will find prvkey by sorting around 50% of the range.**(example, its stat print vanity-gen, where search vanity address)

**2) The classical theory of probability, as the average distribution.**Divide each range into N parts.

We calculate in which part each known prvkey is located.

Parts with less prvkeys have a higher probability of finding a prvkey in the next puzzle.

In the theory of games, when the casino guarantees that all possible options will fall out approximately equal to the number of times.

*+50% prob***3) The classical theory of probability, as in time.**Divide each range into N parts.

We calculate in which part each known prvkey is located.

The lowest probability will be in the part in which prvkey was found the previous time.

In game theory, this is known as the "double up game".

*+50%prob*C:\php-5.6.32>php _puzzle2prob.php

[002]{.........................$........................} 2.0%

[003]{.....................................$............} 4.0%

[004]{$.................................................} 5.9%

[005]{...............$..................................} 7.8%

[006]{..........................$.......................} 9.6%

[007]{.........$........................................}11.4%

[008]{.....................................$............} 9.6%

[009]{.........................................$........}14.9%

[010]{$.................................................}11.4%

[011]{......$...........................................}18.3%

[012]{...............$..................................}13.2%

[013]{.............$....................................}21.5%

[014]{..............$...................................}23.1%

[015]{...............................$..................}24.6%

[016]{............................$.....................}26.1%

[017]{.......................$..........................}27.6%

[018]{.........................$........................}27.6%

[019]{..................$...............................}30.5%

[020]{................................$.................}31.9%

[021]{....................................$.............}33.2%

[022]{.....................$............................}34.6%

[023]{................$.................................}35.9%

[024]{....................................$.............} 5.9%

[025]{................................................$.}38.4%

[026]{...............................$..................}19.9%

[027]{.................................$................}40.9%

[028]{..................................$...............}42.1%

[029]{........................$.........................}43.2%

[030]{..............................................$...}44.4%

[031]{...............................................$..}45.5%

[032]{......................$...........................}46.6%

[033]{.................................$................}11.4%

[034]{................................$.................}24.6%

[035]{........$.........................................}49.7%

[036]{...........$......................................}50.7%

[037]{......................$...........................} 9.6%

[038]{...$..............................................}52.7%

[039]{........$.........................................} 7.8%

[040]{.........................................$........}46.6%

[041]{................$.................................}30.5%

[042]{...............$..................................}45.5%

[043]{..................................$...............}26.1%

[044]{.....................................$............}51.7%

[045]{......$...........................................}49.7%

[046]{.......................$..........................}44.4%

[047]{...................................$..............}60.6%

[048]{.................$................................}61.3%

[049]{......................$...........................}21.5%

[050]{....$.............................................}62.9%

[051]{.........................................$........}19.9%

[052]{...........................................$......}64.3%

[053]{.........................$........................}50.7%

[054]{.....$............................................}65.8%

[055]{.................................$................}35.9%

[056]{...........$......................................}33.2%

[057]{.............................................$....}67.8%

[058]{...................$..............................}68.4%

[059]{.........................................$........}14.9%

[060]{................................................$.}50.7%

[___]{__________________________________________________}

[N50]{67742137477176633261752351776775413253777072715507}

[N25]{|5|3|2|5|7|4|6|3|4|4|4|4|4|7|7|5|2|4|5|7|4|4|3|2|9}

[N10]{|4 |5 |5 |4 |3 |7 |3 |6 |3 |5 }

[N 5]{|4 |4 |5 |5 |4 }

[N 2]{|4 |5 }

The graph is built for Nmax = 50 for convenience (as the well-known prvkey is a little over 50 and a lot less than 100)

Below - the theory of probability as an average distribution, from 0 to 9 points, for N = 50,25,10,5,2.

On the side, the theory of probability, as in time, is indicated in% (it does not matter in principle, it can be expressed in points of 0-9, etc.).

It will be enough just to add a code taking into account these probabilities to the pool in order to start searching from them and find the average faster.

**4) The paradox of birthdays as a hash function ripemd160**The most useless case for us, since the simplification to 2 ^ 80 is still too great.

**5) The paradox of birthdays, as recurring characters in the password (prvkey).**This is much more interesting.

And this affects 99% of the existing id / password generators / token-csrf and so on.

(Andzhig constantly writes about this, he just doesn't know what it is called, the "collective unconscious" lol)

Take the known prvkeys in base10 and analyze how often repetitions occur in them.

C:\php-5.6.32>php _puzzle2birthdayparadox.php

[ Puzzle Analyzer ]

[~] Analyse...

[+] success

[i] Origin keys:

[3]

[7]

[8]

[21]

[49]

[76]

[224] /2=1

[467]

[514]

[1155] /2=2

[2683]

[5216]

[10544] /2=1

[26867] /2=1

[51510] /2=2

[95823]

[198669] /2=2

[357535] /3=1/2=1

[863317] /2=1

[1811764] /3=1

[3007503] /3=1/2=1

[5598802] /2=2

[14428676] /2=2

[33185509] /2=2

[54538862] /2=2

[111949941] /4=1/3=1/2=1

[227634408] /2=2

[400708894] /3=1/2=2

[1033162084] /2=3

[2102388551] /2=4

[3093472814] /2=2

[7137437912] /3=1/2=2

[14133072157] /3=1/2=2

[20112871792] /3=2/2=1

[42387769980] /2=3

[100251560595] /4=1/3=1/2=1

[146971536592] /2=4

[323724968937] /3=1/2=3

[1003651412950] /3=2/2=1

[1458252205147] /3=2/2=2

[2895374552463] /3=1/2=3

[7409811047825] /2=5

[15404761757071] /4=1/3=1/2=3

[19996463086597] /4=1/3=1

[51408670348612] /2=5

[119666659114170] /5=1/4=1/2=1

[191206974700443] /3=2/2=3

[409118905032525] /3=2/2=3

[611140496167764] /4=2/3=1/2=1

[2058769515153876] /4=1/2=4

[4216495639600700] /4=1/3=1/2=2

[6763683971478124] /3=2/2=4

[9974455244496708] /5=1/3=1/2=2

[30045390491869460] /4=1/3=2/2=2

[44218742292676576] /4=1/3=3

[138245758910846506] /3=2/2=4

[199976667976342048] /4=2/3=1/2=1

[525070384258266266] /4=2/3=1/2=2

[1135041350219496420] /4=1/3=2/2=4

[x] EXIT.

For

[9974455244496708] /5=1/3=1/2=2

means one 5x repeat, one 3x repeat, two 2x repeat

What part of the whole range will be set /5=1/3=1/2=2 repetitions?

Unfortunately, I am not strong in combinatorics to create a universal formula for calculating any large ranges.

But we can empirically analyse a small sample in order to roughly estimate the entire range.

Generate 1000 random prvkey from the range 10 ^ 18 (~ 2 ^ 60)

(prvkey consists of "1234567890" and a length of 18)

C:\php-5.6.32>php _puzzle2birthdayparadox.php

(str = "1234567890" and length = 18)

[range^order] 10^18 = ~2^60

[range] 10

[order] 18

[~] Generate Passwords...

[pairs/pcs] pairs=9482; avg=9.5; /0=0.0%/1=0.0%/2=0.0%/3=0.0%/4=0.0%/5=0.0%/6=0.0%/7=0.0%/8=14.2%/9=39.0%/10=33.5%/11=11.2%/12=1.9%/13=0.2%/../13;

- 9482 repetitions found in 1000 random prvkeys

- prvkey c less than 7 or more than 13 by any repetitions - rare or absent

- in 39.0% prvkeys 9 any repetitions were found, in 35% there are 10 any repetitions, ..

[pairN/pairs] pairs=9482; /2=29.9%/3=35.0%/4=22.3%/5=9.9%/6=2.5%/7=0.4%/../7;

- 9482 make up 29.9% 2x repeats, 35% 3x, 22% 4x, ..

[pairN/pcs] pcs=1000; /2=283.4%/3=165.7%/4=70.6%/5=23.5%/6=4.8%/7=0.6%/../7;

- in each prvkey found 2-3 2x repeat, 1-2 3x, 0-1 4x, ..

- in 235 prvkey 5x repetition found, in 48 prvkey 6x repetition found, ..

Then, to narrow the search range to 39.0%, we could only check prvkeys with 9 any repetitions. (/9=39.0%/)

These 9 any repetitions will form two 2x and one 3x (/2=283.4%/3=165.7%/)

or

Then, to narrow the search range to 33.5%, we could only check prvkeys with 9 any repetitions. (/10=33.5%/)

These 10 any repetitions form two 3x and one 4x (/3=165.7%/4=70.6%/)

It is necessary to remake the program generator (BitCrack / Vanity) from a naive increment to a smart one.

But there is a problem. The increment does not require resources at all, and smart generation will require so many resources that we will spend a lot more on generating the prvkey candidate than on calculating ecdsa pubkey.

Especially, it is expensive for the GPU, where every extra IF () leads to a loss of concurrency of simultaneous calculations.

What to do?

If BitCrack counts 250Mh / s (gtx1070), then for 1 hour, 250,000,000 * 3,600 = 9 * 10^11. Round up to 10^12

0

**000001**000000000000 (=10^12)

1

**152921**000000000000 (~ 2^60)

2

**305843**000000000000 (~ 2^61)

Let's drop 1-12 first and last 19 bits - we can control 6 bits with a minimum step of about 1 hour of operation of 1 video card.

We can generate a new task, excluding ranges without repetitions.

What part of the whole range will be set /2=1 repetitions?

Empirically analyse a small sample in order to roughly estimate the entire range.

Generate 1000 random prvkey from the range 10^6

(prvkey consists of "1234567890" and a length of 6)

C:\php-5.6.32>php _puzzle2birthdayparadox.php

(str = "1234567890" and length = 6)

[range^order] 10^6 = ~2^20

[range] 10

[order] 6

[~] Generate Passwords...

[pairs/pcs] pairs=1283; avg=1.3; /0=16.1%/1=45.9%/2=31.7%/3=6.2%/4=0.1%/../4;

[pairN/pairs] pairs=1283; /2=74.0%/3=23.5%/4=2.1%/5=0.3%/../5;

[pairN/pcs] pcs=1000; /2=95.0%/3=15.1%/4=0.9%/5=0.1%/../5;

Then, to narrow the search range to 45.9%, we could only check prvkeys with 1 repetition. (/1=45.9%/)

This 1 repetition will form one 2x (/2=95.0%/)

It will be enough just to add a code that takes into account these repetitions into the pool in order to start searching from them and find them faster.

*+45.9% prob***6) The paradox of birthdays as an average prvkey distribution.***with what probability the limit of characters in this post will be reached?) I will not risk and I will write continuation in the following. *

(I'm not sure that due to the status of the user I can do it immediately and quickly, wait)

to be continued