Bitcoin puzzle transaction ~32 BTC prize to who solves it

[digaran]

Make sure to keep your anonymity at all times, one could only imagine what has happened to other developers working on ECDLP.

[1715061583]

1715061583

[1715061583]

1715061583

[1715061583]

1715061583

[Feron]

I'll put it this way, when you know the public key at 120, it's logically easier to crack than a 64 puzzle address


the one who broke 120 will be someone new because he forgot to take bitcoin cash and other coin

[GoldTiger69]

the one who broke 120 will be someone new because he forgot to take bitcoin cash and other coin

Maybe he/she is taking the time to do that and that's why he/she haven't revealed the privet key

[Evillo]

the one who broke 120 will be someone new because he forgot to take bitcoin cash and other coin

Maybe he/she is taking the time to do that and that's why he/she haven't revealed the privet key

Let this be an indication of how secure Bitcoin really is .. as small as 120 bits out of  the entire 160 bits range, 120 is still merely hackable by only 1 person on the planet with either unbelievable luck or rediculous resources. And that with the public key revealed. Imagine not knowing the public key. Imagine 121 bits or 122 up to 160 bits of difficulty. Satoshi really did think this whole Bitcoin security concept through. Hats off to the legend.

[Evillo]

#125 & #130 would be solved before #66

Now that's a practical thinking.

You would simply search the range of 66 with a brute forcer along your entire life and not even land on the same first 18 prefix characters let alone the entire address of that puzzle.

[zielar]

The best and fastest program that was developed to solve puzzles until now is and will stay Kangaroo developed by Jean_Luc based on Vanitysearch.

Now unfortunately Jean_Luc seems to be retired or dead. We dont even know if we will ever get a ECDLP solver that is faster than Kangaroo.

Only time will tell

JeanLucPons is alive.
I received information from him that he does not currently have time to deal with this project.
It remains to believe that when he has this time - he will improve his priceless tools.

[WanderingPhilospher]

#125 & #130 would be solved before #66

Now that's a practical thinking.

You would simply search the range of 66 with a brute forcer along your entire life and not even land on the same first 18 prefix characters let alone the entire address of that puzzle.

Easier to look for the priv key "characters". There are only 17 of those.

And honestly, if people were to pool resources, it would not take that long to find #66. I have a 6 card rig (plain 3070s) that can go through a complete 53 bit range in about 10 days.

If we assume the worst case scenario and it takes searching the entire range (2^65) ... if a mining farm really wanted to attack these challenges, it could be done rather quickly.
Or if people would pool resources, take your novice miners, gamers, etc. around 25,000 GPUs could solve in less than 10 days.

As for #125, #130, #66, comparing or estimating which one would be found first; in theory, #125 would take less computations than #66, but #130 would take more than #66. And that is based on program (theory, Kangaroo vs brute) run times, not speculation.

[crewchill]

I think it was cobras that cracked 120, a few month ago I found him asking for help cracking the public key . I assume it is the public key for puzzle number 120 which has been subtracted to a smaller range.
https://bitcointalk.org/index.php?topic=5358408.msg57868189#msg57868189

Code:

 ./keysubtracter -p 02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630 -n 2 -b 120
[+] Min range: 800000000000000000000000000000
[+] Max range: ffffffffffffffffffffffffffffff
0362f33083aae318c8872e495305ced03b567de068919193d3fa70134a2cd1a26a # - 664613997892457936451903530140172287
034c75bc6ae92e6bf22ccae3bec05d6d82396cc42d2a63a6ead4d77ca5b92d09eb # + 664613997892457936451903530140172287
02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630 # target
 ./keysubtracter -p 034c75bc6ae92e6bf22ccae3bec05d6d82396cc42d2a63a6ead4d77ca5b92d09eb -n 2 -b 119
[+] Min range: 400000000000000000000000000000
[+] Max range: 7fffffffffffffffffffffffffffff
03af9ff2319ca56bbae0d859e595f32688b407ede77449b6c2cf27dbb25f5ecee0 # - 332306998946228968225951765070086143
024784d11152aaef647c03b76281e2c41d4c64d4ebb821b24da76785b046d145b4 # + 332306998946228968225951765070086143
034c75bc6ae92e6bf22ccae3bec05d6d82396cc42d2a63a6ead4d77ca5b92d09eb # target
 ./keysubtracter -p 024784d11152aaef647c03b76281e2c41d4c64d4ebb821b24da76785b046d145b4 -n 2 -b 118
[+] Min range: 200000000000000000000000000000
[+] Max range: 3fffffffffffffffffffffffffffff
0288f732f22c5e98e63e58fb6fbebbf857c9fa5deefa1f672b5abfd6f1d5bf3651 # - 166153499473114484112975882535043071
037e9417c523e5f04d97d86ec49a2580539e494f32f986331b7e6bd234ed79367d # + 166153499473114484112975882535043071  <=you can search this pubkey on range 117 bits
024784d11152aaef647c03b76281e2c41d4c64d4ebb821b24da76785b046d145b4 # target
 

Of course this requires trial and error, with the kangaroo method it will take us less time if we find the right public key in a smaller range.

[GR Sasa]

I don't think so. Cobras is well known for lying and trolling people.

[Evillo]

#125 & #130 would be solved before #66

Now that's a practical thinking.

You would simply search the range of 66 with a brute forcer along your entire life and not even land on the same first 18 prefix characters let alone the entire address of that puzzle.

Easier to look for the priv key "characters". There are only 17 of those.

And honestly, if people were to pool resources, it would not take that long to find #66. I have a 6 card rig (plain 3070s) that can go through a complete 53 bit range in about 10 days.

If we assume the worst case scenario and it takes searching the entire range (2^65) ... if a mining farm really wanted to attack these challenges, it could be done rather quickly.
Or if people would pool resources, take your novice miners, gamers, etc. around 25,000 GPUs could solve in less than 10 days.

As for #125, #130, #66, comparing or estimating which one would be found first; in theory, #125 would take less computations than #66, but #130 would take more than #66. And that is based on program (theory, Kangaroo vs brute) run times, not speculation.

Good insight thanks 👍 .. i still don't think we'll ever be able to gather 25000 GPUs in a group of people as guess what.. not so many people are searching that enthusiastically for puzzles. Large BTC collider was a massive pool and yet couldn't make it far enough and ppl quickly abandoned it.. and even with nowadays faster techniques, nobody seems to trust or willing to try and help grow a huge pool.. it makes you wonder if human nature is greedy: "i" wanna be the winner .. not "Us"

most likely the only scenario for finding 66 is that one guy in boxers will wake up in the morning one day only to find out that he was a lucky bastard. Such range can't be deliberately scanned.

[AlanJohnson]

the one who broke 120 will be someone new because he forgot to take bitcoin cash and other coin

Maybe he/she is taking the time to do that and that's why he/she haven't revealed the privet key

Let this be an indication of how secure Bitcoin really is .. as small as 120 bits out of  the entire 160 bits range, 120 is still merely hackable by only 1 person on the planet with either unbelievable luck or rediculous resources. And that with the public key revealed. Imagine not knowing the public key. Imagine 121 bits or 122 up to 160 bits of difficulty. Satoshi really did think this whole Bitcoin security concept through. Hats off to the legend.

I can see it in completely different way ... It shows how UNSAFE Bitcoin really is.

The whole Bitcoin security lies in the fact that currently it is quite hard to bruteforce the whole range used for creating HEX private key.

So i could assume that Bitcoins security lies in currently used hardware weakness.

But that state will not last forever. In the end quantum computers will be able to crack all private keys where the public key is known (and there are many of such addresses).

Bitcoin security in its current form is TEMPORARY ... It's a matter of time.

Don't forget that every transaction you put into mempool means revealing public key ... so with quantum computer powerful enough to crack the private key from the public key in time-window when the transaction isn't confirmed  shows that bitcoin is CURRENTLY safe ... but in long term its security will definitelly be cracked.

Seeing how hard is to acheive any change in BTC code now  i would say that migrating BTC into quantum secure signatures can take too long to consider bitcoin safe.

[digaran]

Yeah, imagine that, a super fast quantum computer sitting and waiting for a large amount in a transaction to compute it's private key in a 256 bit range to do what, steal them? There is a solution for that, connect your node directly to honest miners and broadcast your tx to them, they will mine your large sum tx. However there is a problem with that, the thieves could double spend the txs before the block reaches maturity, there is a solution for that, turn off RBF. Now go and see what are they doing about turning off RBF. The problem is not with bitcoin.

[Evillo]

the one who broke 120 will be someone new because he forgot to take bitcoin cash and other coin

Maybe he/she is taking the time to do that and that's why he/she haven't revealed the privet key

Let this be an indication of how secure Bitcoin really is .. as small as 120 bits out of  the entire 160 bits range, 120 is still merely hackable by only 1 person on the planet with either unbelievable luck or rediculous resources. And that with the public key revealed. Imagine not knowing the public key. Imagine 121 bits or 122 up to 160 bits of difficulty. Satoshi really did think this whole Bitcoin security concept through. Hats off to the legend.

I can see it in completely different way ... It shows how UNSAFE Bitcoin really is.

The whole Bitcoin security lies in the fact that currently it is quite hard to bruteforce the whole range used for creating HEX private key.

So i could assume that Bitcoins security lies in currently used hardware weakness.

But that state will not last forever. In the end quantum computers will be able to crack all private keys where the public key is known (and there are many of such addresses).

Bitcoin security in its current form is TEMPORARY ... It's a matter of time.

Don't forget that every transaction you put into mempool means revealing public key ... so with quantum computer powerful enough to crack the private key from the public key in time-window when the transaction isn't confirmed  shows that bitcoin is CURRENTLY safe ... but in long term its security will definitelly be cracked.

Seeing how hard is to acheive any change in BTC code now  i would say that migrating BTC into quantum secure signatures can take too long to consider bitcoin safe.

The biggest quantum computer ever exists is merely 3k qubits .. find me a quantum computer with at least 500k qubits and then we could talk about Bitcoin vulnerability 👍 and it's not a matter of time until it gets broken because that time is more than enough for all algorithms in the world to migrate to quantum-safe tech. Bitcoin will not be an exception then.

The best and fastest program that was developed to solve puzzles until now is and will stay Kangaroo developed by Jean_Luc based on Vanitysearch.

Now unfortunately Jean_Luc seems to be retired or dead. We dont even know if we will ever get a ECDLP solver that is faster than Kangaroo.

Only time will tell

JeanLucPons is alive.
I received information from him that he does not currently have time to deal with this project.
It remains to believe that when he has this time - he will improve his priceless tools.

JeanLuc is a God. He doesn't die.

[AlanJohnson]

The biggest quantum computer ever exists is merely 3k qubits .. find me a quantum computer with at least 500k qubits and then we could talk about Bitcoin vulnerability 👍 and it's not a matter of time until it gets broken because that time is more than enough for all algorithms in the world to migrate to quantum-safe tech. Bitcoin will not be an exception then.

This is what we officially know. It hasn't to be true.

Quantum computer is kinda like weapon. It's smarter not to tell how far you are with that technology.

It will not be announced in media like: " Attention ! We have a quantum computer powerful enough to crack your cryptography. Please move everything into post quantum cryptography and stay safe. Thank you."

Nobody would tell you if such possibility would exist.

BTW... I bet in that case it will be not used to simply steal bitcoins. I guess it can be used to DESTROY bitcoin by slowly destroy trust into bitcoin by cracking some addresses in a way you cant be sure if it was a quantum computer or something else.

So , no ... you will not have enough time to move everything into post quantum cryptography cause you simply don't know the REAL progress in that area. Additionally it's much easier to move banking and other FULLY CENTRALIZED systems into PQ cryptography than moving something decentralized like bitcoin.

[NotATether]

So , no ... you will not have enough time to move everything into post quantum cryptography cause you simply don't know the REAL progress in that area. Additionally it's much easier to move banking and other FULLY CENTRALIZED systems into PQ cryptography than moving something decentralized like bitcoin.

You will, because the people who make quantum computers will eventually want to make (guaranteed) money out of it, so they will sell them to normal people and normal businesses, who will then take a shot at trying to break cryptography for a few crypto addresses. And because normal people are terrible at keeping secrets, it will be easy for reporters to latch on.

[AlanJohnson]

So , no ... you will not have enough time to move everything into post quantum cryptography cause you simply don't know the REAL progress in that area. Additionally it's much easier to move banking and other FULLY CENTRALIZED systems into PQ cryptography than moving something decentralized like bitcoin.

You will, because the people who make quantum computers will eventually want to make (guaranteed) money out of it, so they will sell them to normal people and normal businesses, who will then take a shot at trying to break cryptography for a few crypto addresses. And because normal people are terrible at keeping secrets, it will be easy for reporters to latch on.

They can steal some bitcoins first  and then make profit of selling quantum computers. Double money 

[Evillo]

The biggest quantum computer ever exists is merely 3k qubits .. find me a quantum computer with at least 500k qubits and then we could talk about Bitcoin vulnerability 👍 and it's not a matter of time until it gets broken because that time is more than enough for all algorithms in the world to migrate to quantum-safe tech. Bitcoin will not be an exception then.

This is what we officially know. It hasn't to be true.

Quantum computer is kinda like weapon. It's smarter not to tell how far you are with that technology.

It will not be announced in media like: " Attention ! We have a quantum computer powerful enough to crack your cryptography. Please move everything into post quantum cryptography and stay safe. Thank you."

Nobody would tell you if such possibility would exist.

BTW... I bet in that case it will be not used to simply steal bitcoins. I guess it can be used to DESTROY bitcoin by slowly destroy trust into bitcoin by cracking some addresses in a way you cant be sure if it was a quantum computer or something else.

So , no ... you will not have enough time to move everything into post quantum cryptography cause you simply don't know the REAL progress in that area. Additionally it's much easier to move banking and other FULLY CENTRALIZED systems into PQ cryptography than moving something decentralized like bitcoin.

Your response clearly shows a lack of Qubit-related knowledge. Quantum computers are not magical beings. They consist of qubits which are different from classical bits. However, you CAN estimate how much bits in a bitcoin pvt key would be cracked by counting how many qubits you have .. you need 1 million Qubits to crack a full sha256 private key. So again, neither time nor resources are enough to make one such computer with that gigantic amount of qubits. Hence, from 3k qubits to 1mil qubits, there will be a huge time difference to close the gap between those two numbers. You basically can start worrying at 500k qubits. As for resources, checkout how much a small portable quantum computer costs and you might get a feel of how much resources you need to even start creating a quantum device with such amount of qubits.

[AlanJohnson]

Your response clearly shows a lack of Qubit-related knowledge. Quantum computers are not magical beings. They consist of qubits which are different from classical bits. However, you CAN estimate how much bits in a bitcoin pvt key would be cracked by counting how many qubits you have .. you need 1 million Qubits to crack a full sha256 private key. So again, neither time nor resources are enough to make one such computer with that gigantic amount of qubits. Hence, from 3k qubits to 1mil qubits, there will be a huge time difference to close the gap between those two numbers. You basically can start worrying at 500k qubits. As for resources, checkout how much a small portable quantum computer costs and you might get a feel of how much resources you need to even start creating a quantum device with such amount of qubits.

Keep your patronizing tone for yourself.

Reserach is currently underway on a way to scale quantum computers through connecting them. So everything points rather into direction of connecting many smaller quantum machines into one than building giant quantum computer.

I can only agree that we don't know when it will occur - but im sure at some point IT WILL OCCUR.

BTW I never said  such machines will be available for average person soon. I meant more about government agencies or military where cost isn't such a big problem (the same way you can't buy and any private corporation dosen't have nuclear weapon despite it clearly exists).

I can also agree that we are still far away from a machine that could crack private keys from public keys getting them from unconfirmed txs (there is a small time limit to make it) - but there is a ton of loaded addresses with available public key which you can try to crack for as long as you need (exactly the same way you crack bitcoin puzzles now).

[Evillo]

Your response clearly shows a lack of Qubit-related knowledge. Quantum computers are not magical beings. They consist of qubits which are different from classical bits. However, you CAN estimate how much bits in a bitcoin pvt key would be cracked by counting how many qubits you have .. you need 1 million Qubits to crack a full sha256 private key. So again, neither time nor resources are enough to make one such computer with that gigantic amount of qubits. Hence, from 3k qubits to 1mil qubits, there will be a huge time difference to close the gap between those two numbers. You basically can start worrying at 500k qubits. As for resources, checkout how much a small portable quantum computer costs and you might get a feel of how much resources you need to even start creating a quantum device with such amount of qubits.

Keep your patronizing tone for yourself.

Reserach is currently underway on a way to scale quantum computers through connecting them. So everything points rather into direction of connecting many smaller quantum machines into one than building giant quantum computer.

I can only agree that we don't know when it will occur - but im sure at some point IT WILL OCCUR.

BTW I never said  such machines will be available for average person soon. I meant more about government agencies or military where cost isn't such a big problem (the same way you can't buy and any private corporation dosen't have nuclear weapon despite it clearly exists).

I can also agree that we are still far away from a machine that could crack private keys from public keys getting them from unconfirmed txs (there is a small time limit to make it) - but there is a ton of loaded addresses with available public key which you can try to crack for as long as you need (exactly the same way you crack bitcoin puzzles now).

No patronizing intended at all. Just stating a fact. Some research about qubits will reveal how extremely unlikely for it to act as a threat to current strong hashing algorithms (except for the media, which is using naiive headlines to gain attention through generating doubt). And i know for sure that you're not talking about individuals, because an individual cannot even afford a portable quantum computer let alone a 1mil qubit one. And I'm not seeing the advantage of concatenating several quantums into one coz if you can't create more noisy or stable qubits, then you're just creating a chain of server-like computers. Also don't let those revealed pub keys deceive you into thinking it's getting any easier to crack. Knowing a pub key of puzzle 120 is nothing like knowing a pub key of a well randomized pvt key for an address. Which is the case with all those rich addresses you see now. Never expect to find an address with 2 million bucks worth of bitcoin that uses a public key for a private key of more than 3 leading zeros. Good luck trying to calculate that using a pub key on a quantum device or any device for that matter. Sure, quantum is insanely faster than classic PCs, but most people don't know the fact that numbers will still beat the difference in performance between the two. If govs know that all it takes to break sha256 is spending a few billions, then this would have happened already. Lucky for Satoshi and us, it should cost way WAY more than that.

Now let's talk numbers to put things in perspective:

- a typical quantum device is 158 million times faster than the strongest computer on earth
- say you have a supercomputer that goes through 1000 TRILLION private keys per sec.
- you would need 3671743063080802746815416825491118336290905145409708398 years to crack every bitcoin address.
- with quantum device you would need less than that... Only  23238880146081030043135549528424799596777880667 years lol.
- say you did something to quantum tech and moved it up so fast .. like insanely fast that it gave you a critical advantage and shortened this period down and you're 1000 TRILLION times faster, then, and only then, you'll be able to do the cracking job in just under 23238880146081030043135549528425 years
- Say that when using a pub key calc. Instead of private key cracking, you are now saving time and you're 1 BILLION TRILLION times faster, awesome! Now you can easily calculate the keys in only 23 Million years.

Fun fact: If one day you find out that any bitcoin burn addresses got emptied, you can be 100% sure someone found a way to break sha256 😃 Because you know, obviously no one is supposed to know the private key for a burn address.. even Satoshi.

[AlanJohnson]

Lucky for Satoshi and us, it should cost way WAY more than that.

Now let's talk numbers to put things in perspective:

- a typical quantum device is 158 million times faster than the strongest computer on earth
- say you have a supercomputer that goes through 1000 TRILLION private keys per sec.
- you would need 3671743063080802746815416825491118336290905145409708398 years to crack every bitcoin address.
- with quantum device you would need less than that... Only  23238880146081030043135549528424799596777880667 years lol.
- say you did something to quantum tech and moved it up so fast .. like insanely fast that it gave you a critical advantage and shortened this period down and you're 1000 TRILLION times faster, then, and only then, you'll be able to do the cracking job in just under 23238880146081030043135549528425 years
- Say that when using a pub key calc. Instead of private key cracking, you are now saving time and you're 1 BILLION TRILLION times faster, awesome! Now you can easily calculate the keys in only 23 Million years.

Fun fact: If one day you find out that any bitcoin burn addresses got emptied, you can be 100% sure someone found a way to break sha256 😃 Because you know, obviously no one is supposed to know the private key for a burn address.. even Satoshi.

I'm afraid you're confusing two separate things. It is one thing to break sha256 (which is probably quantum resistant) and another thing is to derive private key from the public key when ECDSA was used.

There is a Shor algorithm which, in theory, running on a suitable quantum computer will allow you to obtain
private keys from public keys (of course not from addresses). And that privatekeys don't need to be with leading many zeros - we are talking about keys generetaed using the whole availabe range.

This is the fundamental problem that people don't understand. The vulnerability is in ECDSA, not the SHA256 hash function.