Bitcoin puzzle transaction ~32 BTC prize to who solves it

[nomachine]

It's time for new things.

I'm here for it!
Is this where I get my cape and superhero mask for the new adventure?

[1714497147]

1714497147

[mcdouglasx]

The only promising code I have seen in a long time is the one mc posted,  searching for either 02, or 03 public keys, if it was 02, ignore and discard, if it was 03, generate rmd160 to compare. That's the half of key space.

If we want to try our luck, we can add to this a function that only searches for even or odd numbers in the Pk + search for "02" or "03" and we would be dividing the area into 4.
but it's lucky that you find the right combination

[nomachine]

The only promising code I have seen in a long time is the one mc posted,  searching for either 02, or 03 public keys, if it was 02, ignore and discard, if it was 03, generate rmd160 to compare. That's the half of key space.

search for "02" or "03" and we would be dividing the area into 4.
but it's lucky that you find the right combination

I have that option in this script.  

You can change as you like:
public_key_hex = ('02' and '03' if compressed else '04') + format(public_key[0], '064x')  '02' and '03' together
public_key_hex = ('02' or '03' if compressed else '04') + format(public_key[0], '064x')  '02' or '03' /  '03' or '02'
public_key_hex = ('02' if compressed else '04') + format(public_key[0], '064x')  only '02'
public_key_hex = ('03' if compressed else '04') + format(public_key[0], '064x')  only '03'

No secp256k1 as ice, no ecdsa here.... Even encode base58 is custom with mpz.

And it's not slower than iceland - it's the same...

Code:

import hashlib, sys, os, time, random, gmpy2
from functools import lru_cache

# Constants as mpz
Gx = gmpy2.mpz('0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798', 16)
Gy = gmpy2.mpz('0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8', 16)
p = gmpy2.mpz('0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F', 16)
n = gmpy2.mpz('0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141', 16)

@lru_cache(maxsize=None)
def private_key_to_public_key(private_key):
    Q = point_multiply(Gx, Gy, private_key, p)
    return Q

def point_multiply(x, y, k, p):
    result = (gmpy2.mpz(0), gmpy2.mpz(0))
    addend = (x, y)
   
    while k > 0:
        if k & 1:
            result = point_add(result, addend, p)
        addend = point_double(addend, p)
        k >>= 1

    return result

def point_double(point, p):
    x, y = point
    lmbda = (3 * x * x * gmpy2.powmod(2 * y, -1, p)) % p
    x3 = (lmbda * lmbda - 2 * x) % p
    y3 = (lmbda * (x - x3) - y) % p
    return x3, y3

def point_add(point1, point2, p):
    x1, y1 = point1
    x2, y2 = point2

    if point1 == (gmpy2.mpz(0), gmpy2.mpz(0)):
        return point2
    if point2 == (gmpy2.mpz(0), gmpy2.mpz(0)):
        return point1

    if point1 != point2:
        lmbda = ((y2 - y1) * gmpy2.powmod(x2 - x1, -1, p)) % p
    else:
        lmbda = ((3 * x1 * x1) * gmpy2.powmod(2 * y1, -1, p)) % p

    x3 = (lmbda * lmbda - x1 - x2) % p
    y3 = (lmbda * (x1 - x3) - y1) % p
    return x3, y3

def encode_base58(byte_str):
    __b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
    __b58base = len(__b58chars)
    long_value = gmpy2.mpz(int.from_bytes(byte_str, byteorder='big'))
    result = ''
    while long_value >= __b58base:
        div, mod = gmpy2.f_divmod(long_value, __b58base)
        result = __b58chars[int(mod)] + result
        long_value = div
    result = __b58chars[int(long_value)] + result

    # Add leading '1's for zero bytes
    nPad = 0
    for byte in byte_str:
        if byte == 0:
            nPad += 1
        else:
            break

    return __b58chars[0] * nPad + result

def public_key_to_hex(public_key, compressed=True):
    x_hex = format(public_key[0], '064x')[2:]  # Remove '0x' prefix
    if compressed:
        return ('02' if public_key[1] % 2 == 0 else '03') + x_hex

def public_key_to_address(public_key, compressed=True):
    public_key_hex = ('02' and '03' if compressed else '04') + format(public_key[0], '064x')
    sha256_hash = hashlib.sha256(bytes.fromhex(public_key_hex)).digest()
    ripemd160_hash = hashlib.new('ripemd160', sha256_hash).digest()
    versioned_hash = (b'\x00' if compressed else b'\x04') + ripemd160_hash
    checksum = hashlib.sha256(hashlib.sha256(versioned_hash).digest()).digest()[:4]
    address_bytes = versioned_hash + checksum
    return encode_base58(address_bytes)

# Configuration for the puzzle
puzzle = 30
add = '1LHtnpd8nU5VHEMkG2TMYYNUjjLc992bps'
lower_range_limit = 2 ** (puzzle - 1);upper_range_limit = (2 ** puzzle) - 1
if os.name=='nt':os.system('cls')
else:os.system('clear')
t = time.ctime();sys.stdout.write(f"\033[?25l");sys.stdout.write(f"\033[01;33m[+] STARTED: {t}\n")
sys.stdout.write(f"[+] Puzzle: {puzzle}\n")
sys.stdout.write(f"[+] Lower range limit: {lower_range_limit}\n")
sys.stdout.write(f"[+] Upper range limit: {upper_range_limit}\n")

while True:
    constant_prefix = b'yx\xcb\x08\xb70'
    prefix_length = len(constant_prefix);length = 8
    ending_length = length - prefix_length;ending_bytes = os.urandom(ending_length)
    random_bytes = constant_prefix + ending_bytes
    random.seed(random_bytes)
    key = random.randint(lower_range_limit, upper_range_limit)
    public_key = private_key_to_public_key(key)
    bitcoin_address = public_key_to_address(public_key, compressed=True)
    public_key = public_key_to_hex(public_key)
    message = "[+] {}".format(key);messages = [];messages.append(message);output = ''.join(messages) + "\r";sys.stdout.write(output);sys.stdout.flush()
    if bitcoin_address == add:
        t = time.ctime()
        sys.stdout.write("\n")
        sys.stdout.write(f"\033[01;32m[+] SOLVED:  {t}\n[+] Private Key (dec): {key}\n[+] Random Seed: {random_bytes}\033[0m\n")
        with open('KEYFOUNDKEYFOUND.txt', 'a') as file:
            file.write(f"Private Key (dec): {key}\nBitcoin Address (Compressed): {bitcoin_address}\nPublic Key: {public_key}\nRandom Seed: {random_bytes}\n\n")
        break

• STARTED: Sat Nov 25 16:05:19 2023
• Puzzle: 30
• Lower range limit: 536870912
• Upper range limit: 1073741823
• 1033162084
• SOLVED:  Sat Nov 25 16:05:21 2023
• Private Key (dec): 1033162084

[mcdouglasx]

+30 Million publickeys in a 4mb file, is that okay? for a database, or is there something better.

[nomachine]

@nomachine, do we need to change seed for #66? I found 30 on mobile in 30 seconds, lol now we can compare a phone with a pc.

Of course you should. Each puzzle has a separate seed that needs to be discovered. It's best to start with:
constant_prefix = b''

but you can start with
constant_prefix = b'\xc9\xd9\x1d\xbc'   to try luck (seed for 65 starts like that)

the script itself generates the additional number of bytes to the required length

increasingly I think the length is bits/8  or
length = (puzzle//8)

I have the most hits that way

[nomachine]

Thanks, are you willing to work with mc together? I will give you a few ideas and methods, you two collaborate and make something that could actually solve a key, I have several promising methods, but they require many tweaking and might even be complicated, I'm doing it manually which takes time, I think you two are up to this task and I totally trust that you will do the right thing.

When you figured it out, encrypt a message containing the method with satoshi's first public key aka genesis public key and publish it here. Nobody else can be trusted other than him.😉  

I don't even know what to do with the excess of my own ideas.

[Denis_Hitov]

+30 Million publickeys in a 4mb file, is that okay? for a database, or is there something better.

Hello.
How did you manage to get such a small file size with such a large volume of public keys?

[albert0bsd]

+30 Million publickeys in a 4mb file, is that okay? for a database, or is there something better.

No its not possible, that is only a 1.39 bits per key, i doubt that exists some Datastructure that support such compresion for search or for store.

[mcdouglasx]

+30 Million publickeys in a 4mb file, is that okay? for a database, or is there something better.

No its not possible, that is only a 1.39 bits per key, i doubt that exists some Datastructure that support such compresion for search or for store.

That's because you don't know how, if you want to bet on it, you transfer the money to an admin and I publish it, if you check it and it's true admin sends me the money, if it's false admin returns the money to you and you ridicule me.
nothing is impossible, there is only ignorance

[albert0bsd]

there is only ignorance

It is not, Just name the Data structure that do that? Just the name, you don need to reveal anything  else. If that is a bloom filter what is the false positive rate?
If it is a loseless compression system just name it.

If you can't name it, then I will name it BULLSHIT


Do you mean Megabytes (MB) or Mega bits (mb) ?


>>> (8* 4 * 2**20) / (30 * 10**6)
1.1184810666666667

If you  divide the number of bits in 4 MB (8* 4 * 2**20) between 30 million (30 * 10**6) you get 1.11 bits per item, if that is not suspicious i don't jnow what it is.

A full publickey need at least 257 bits to be stored without lose of data.

[mcdouglasx]

Yeah we would like to know that as well, is it compressed binary or? Whatever it is don't share it any more, you could pm if you wanted, there are some undeserving stalkers around these woods, we know who they are. Holding the competition in suspense has earth breaking impacts on them, no more freebies.🤨

It really doesn't benefit me at all to have this, I have 4gb ddr3 ram, although I can use a giant database I couldn't estimate the speed necessary to reach the objective, that's why I have more faith in the mathematical method I talked about previously.
I have not shared it because I have never had 10k in my life and if I cannot benefit, much less a lot of rich people who can take advantage of my work without even saying thank you.

[mcdouglasx]

there is only ignorance

It is not, Just name the Data structure that do that? Just the name, you don need to reveal anything  else.

Are you asking me to name my method?
It is not a bloom filter or anything you can find online.

Why don't you bet if you are so sure of your words?

edit:
I will call it MCD algorithm,

[albert0bsd]

Are you asking me to name my method?
It is not a bloom filter or anything you can find online.

Then it is a bullshit. Added to my ignore list.. have a good day

[mcdouglasx]

Are you asking me to name my method?
It is not a bloom filter or anything you can find online.

Then it is a bullshit. Added to my ignore list.. have a good day

Okay, I'll put it on my list of "things I don't care about."

there is only ignorance

It is not, Just name the Data structure that do that? Just the name, you don need to reveal anything  else. If that is a bloom filter what is the false positive rate?
If it is a loseless compression system just name it.

If you can't name it, then I will name it BULLSHIT


Do you mean Megabytes (MB) or Mega bits (mb) ?


>>> (8* 4 * 2**20) / (30 * 10**6)
1.1184810666666667

If you  divide the number of bits in 4 MB (8* 4 * 2**20) between 30 million (30 * 10**6) you get 1.11 bits per item, if that is not suspicious i don't jnow what it is.

A full publickey need at least 257 bits to be stored without lose of data.

Why don't you put the money in an admin you like so you can see the magic.
You have nothing to lose.

[mcdouglasx]

after playing a little with albert0bsd, it is published.
https://bitcointalk.org/index.php?topic=5475626.msg63227343#msg63227343

[ymgve2]

after playing a little with albert0bsd, it is published.
https://bitcointalk.org/index.php?topic=5475626.msg63227343#msg63227343

The 32 million keys in your solution must be sequential, which means it can't do 32 million arbitrary keys, which is what others thought you meant.

[albert0bsd]

The 32 million keys in your solution must be sequential, which means it can't do 32 million arbitrary keys, which is what others thought you meant.

Interesting, yes I thought that it was arbitrary database solution for any random set of public keys, if the "database" need to be sequential you only need to store the starting point (33 bytes) and recalculate all the keys again each time that you need to use them, that is not useful, it is redundant.

Letme guess that he only store one bit per publickey 1 if the key start with 02 and 0 if the key start with 03 something like that.. now that make sense with the calulations it was near only 1 bit per key.

[mcdouglasx]

after playing a little with albert0bsd, it is published.
https://bitcointalk.org/index.php?topic=5475626.msg63227343#msg63227343

The 32 million keys in your solution must be sequential, which means it can't do 32 million arbitrary keys, which is what others thought you meant.

Why would you need arbitrary keys? Do you need to go through the entire range?
target= 1000000000
range=1:200000000

Add and subtract random or arbitrary quantities from the target and you get a list of targets.

To these targets you apply a binary sequence of the size you want and you obtain a database distributed in multiple sections of the range.

You can also make jumps in the sequence, every 3 keys or however much you want.

[mcdouglasx]

Letme guess that he only store one bit per publickey 1 if the key start with 02 and 0 if the key start with 03 something like that.. now that make sense with the calulations it was near only 1 bit per key.

assumption or incognito mode

you only need to store the starting point (33 bytes) and recalculate all the keys again each time that you need to use them, that is not useful, it is redundant.

that is not how it works.

[WanderingPhilospher]

The only promising code I have seen in a long time is the one mc posted,  searching for either 02, or 03 public keys, if it was 02, ignore and discard, if it was 03, generate rmd160 to compare. That's the half of key space.

Promising eh?
But what if it starts with "02"? It's all speculation that it begins with either "03".
So if one gambles whether or not a pub starts with 02 or 03 and eliminates an estimated 50% of the keys; they may gamble wrong and search for infinity finding nada.

You can eliminate as much of the keyspace as you want with a stride; but again, if you don't "guess" the stride correctly, it's all for not.

That code is nothing new, just a different way to gamble.
Also, the biggest part of time, is ate up transforming the priv to pub key. Maybe focus on what stride(s) can give you pubs that start with ""03". That would be a "promising" code.