Bitcoin puzzle transaction ~32 BTC prize to who solves it

[WanderingPhilospher]

That said, let's just say that there is something very obvious hidden in plain sight, when dealing with all modular arithmetics, be it the discrete logarithm, ECDLP or prime factorization problem. Let me just say this: a hash algorithm can always collide. But the real math, like actual good programming, doesn't work without guarantees. Take everything you have at your disposal, modular math is like "losing" information and pretending it can never be retrieved back, and calling it a "discrete problem". I do have some pen and paper results taken out from ideas you will never find in any study, ChatGPT, or school. Are there chances for any of them to break EC? Maybe, maybe not. But if it does, puzzle 66 may be the last of your problems.

Regardless of the math used, eventually you have to transform the math into something, a public key, a h160, whatever type collision/match you are looking for.

But let us say it's pure math, do the "math" for how long it takes a current CPU to do straight additions, just using numbers. And use a higher end CPU with say 5.0 mghz capability.

IMO, you have to eventually transform the pure math into what you are searching for, or have a precomputed list of something...so to me, it can never be, just math.

I can give you a public key in a small bit range, and just using math, you would never solve/know if a match was found. Understand?

[1714252693]

1714252693

[1714252693]

1714252693

[curiousNoone]

Ok so ill admit i cant code at all.

However I've unleashed my inner chatgpt language skills of seductive talking and come up with many apps for uwp/xbox.
From visual btc generators to hex range slider bars to sequential brute force the apps go on and its quite fun all be it a lot of hours debugging urgh.
Trying to convert kangaroo and keyhunt to uwp is way way past my present skills at the moment.

My main interest started from this thread and after reading every page of this thread like 90% of commenters we all thought we have found a way to solve a certain puzzle and most people do even i have a working solution but realization hit and i realised I'm not going to live thousands of years

However learning all about btc has been really fun and seeing stuff on my xbox is pretty cool considering i had zero skills in coding.
Although i have noticed running my code on the xbox series x runs at least 5 times quicker if not more than running the same code on my laptop. 

Take note this code is UWP so while it can run on xbox its not optimized for cpu or gpu usage of which both is available for use although partially for GPU so lots more tinkering to play with and many ideas in the works.

Yes i know i don't got a chance (well a 0.0000000000000000000001%) blah blah but im having fun with it and seeing code no one has PROBABLY not done on a series x yet but who knows.

All in all its all fun and games and if anyone has the skills in uwp feel free to chime in on the limitations or pros of using uwp.

[nomachine]

Although i have noticed running my code on the xbox series x runs at least 5 times quicker if not more than running the same code on my laptop. 

Bitcoin mining, which involves solving complex mathematical problems to validate transactions and add them to the blockchain, requires specialized hardware known as ASICs (Application-Specific Integrated Circuits) due to the intense computational requirements. Even with the increased processing power of an Xbox Series X compared to a laptop, it's nowhere near sufficient for Bitcoin mining, let alone brute forcing.

[ccinet]

It's not that I'm a pessimist but every time I think about the magnitude of the spaces we face I get chills 
For example, in puzzle 66 the number of possible positions is 36893488147419103231. To understand this it is necessary to resort to an analogy. If each of those numbers were a millimeter, that would be equivalent to 3901.95 light years!!!
Any attempt at sequential search is then ruled out outright. Only with methods like kangaroo or bsgs would there be a possibility if the public key was known.
By the way, I leave a py script to help find the public key from the public address.
https://github.com/Dedaloo/PublicKeyHunt

[Cryptoman2009]

It's not that I'm a pessimist but every time I think about the magnitude of the spaces we face I get chills 
For example, in puzzle 66 the number of possible positions is 36893488147419103231. To understand this it is necessary to resort to an analogy. If each of those numbers were a millimeter, that would be equivalent to 3901.95 light years!!!
Any attempt at sequential search is then ruled out outright. Only with methods like kangaroo or bsgs would there be a possibility if the public key was known.
By the way, I leave a py script to help find the public key from the public address.
https://github.com/Dedaloo/PublicKeyHunt

and 2^130 which requires a search between 2^129 and 2^130 equals 680,564,733,841,876,926,926,749,214,863,536 km.
therefore 71,986,683,526 light years (almost 72 billion).
I agree with the great luck with random and many subkeys....but many.

[WanderingPhilospher]

It's not that I'm a pessimist but every time I think about the magnitude of the spaces we face I get chills 
For example, in puzzle 66 the number of possible positions is 36893488147419103231. To understand this it is necessary to resort to an analogy. If each of those numbers were a millimeter, that would be equivalent to 3901.95 light years!!!
Any attempt at sequential search is then ruled out outright. Only with methods like kangaroo or bsgs would there be a possibility if the public key was known.
By the way, I leave a py script to help find the public key from the public address.
https://github.com/Dedaloo/PublicKeyHunt

and 2^130 which requires a search between 2^129 and 2^130 equals 680,564,733,841,876,926,926,749,214,863,536 km.
therefore 71,986,683,526 light years (almost 72 billion).
I agree with the great luck with random and many subkeys....but many.

If you tried brute forcing 130, then yes, however, since we know the public key, you would use Kangaroo or BSGS. With Kangaroo, you’d be looking at roughly the same amount of ops as 66.

[Cryptoman2009]

and 2^130 which requires a search between 2^129 and 2^130 equals 680,564,733,841,876,926,926,749,214,863,536 km.
therefore 71,986,683,526 light years (almost 72 billion).
I agree with the great luck with random and many subkeys....but many.
[/quote]

If you tried brute forcing 130, then yes, however, since we know the public key, you would use Kangaroo or BSGS. With Kangaroo, you’d be looking at roughly the same amount of ops as 66.
[/quote]

yeah, i mean with BSGS and a lot of subkeys

[satashi_nokamato]

Has anyone ever seen a tool that tries only a set of keys? Let me explain, imagine you have this key
0x397f5aa7b90de4
What if you want to set the public key of this one 0x5aa7b90de4 and then try all combinations for the first 4 missing characters? as I understand it,  no tool exist to scan selected parts of a range, or do they exist?

[Ovixx]

Has anyone ever seen a tool that tries only a set of keys? Let me explain, imagine you have this key
0x397f5aa7b90de4
What if you want to set the public key of this one 0x5aa7b90de4 and then try all combinations for the first 4 missing characters? as I understand it,  no tool exist to scan selected parts of a range, or do they exist?

WifSolverCuda
https://github.com/PawelGorny/WifSolverCuda
Read the instructions and see if it fits what you want.

You need to scan from
KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9SDFgRkaA5tUpAD
to
KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgh5KmfBjdfkR2qYYJ
with -stride 5fa8624c7fba400

Do what you want, but with private keys. For public keys I don't think there is any script.

[albert0bsd]

Has anyone ever seen a tool that tries only a set of keys? Let me explain, imagine you have this key
0x397f5aa7b90de4
What if you want to set the public key of this one 0x5aa7b90de4 and then try all combinations for the first 4 missing characters? as I understand it,  no tool exist to scan selected parts of a range, or do they exist?

If you are sure about the last digits of the Privatekey is easy to make some transformations on the public key with arithmetic and work with the result with BSGS.

[nomachine]

Has anyone ever seen a tool that tries only a set of keys?

Of course we saw it. If you are missing no more than 10 characters, maybe it will work.

Code:

import sys
import os
import time
import secrets
import random
import binascii
import base58
import secp256k1 as ice
import multiprocessing
from multiprocessing import cpu_count

def generate_private_key_WIF(start, miss):
    return start + "".join(
        secrets.choice(
            "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
        )
        for _ in range(miss)
    )

def check_private_key(start, miss, target_caddr):
    while not STOP_EVENT.is_set():  
        private_key_WIF_str = generate_private_key_WIF(start, miss)
        if start[0] == '5':
            private_key_WIF = private_key_WIF_str
            first_encode = base58.b58decode(private_key_WIF)
            private_key_full = binascii.hexlify(first_encode)
            private_key = private_key_full[2:-8]
        if start[0] in ['L', 'K']:
            private_key_WIF = private_key_WIF_str
            first_encode = base58.b58decode(private_key_WIF)
            private_key_full = binascii.hexlify(first_encode)
            private_key = private_key_full[2:-10]
        private_key_hex = private_key.decode("utf-8")
        dec = int(private_key_hex[0:64], 16)
        HEX = "%064x" % dec
        mul = ice.scalar_multiplication(dec)
        caddr = ice.pubkey_to_address(0, 1, mul)
        message = "\r[+] {} ".format(private_key_WIF_str)
        messages = []
        messages.append(message)
        output = "\033[01;33m" + ''.join(messages) + "\r"
        sys.stdout.write(output)
        sys.stdout.flush()
        if caddr == target_caddr:
            wifc = ice.btc_pvk_to_wif(HEX)
            t = time.ctime()
            sys.stdout.flush()
            print(f"\n\033[01;33m[+] BINGO!!! {t} \033[0m")  
            print(f"\033[32m[+] PUZZLE SOLVED: {wifc} \033[0m")
            with open('BINGO.txt', 'a') as file:
                t = time.ctime()
                file.write('\n\nMatch Found: ' + t)
                file.write('\nPrivatekey (dec): ' + str(dec))
                file.write('\nPrivatekey (hex): ' + hex(dec)[2:])
                file.write('\nPrivatekey (wif): ' + wifc)
                
            STOP_EVENT.set()  
            return  

if __name__ == '__main__':
    start = "KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qZM21gaY8W"
    miss = 52 - (len(start))
    # Define the target 
    target_caddr = "18ZMbwUFLMHoZBbfpCjUJQTCMCbktshgpe"
    if os.name == 'nt':
        os.system('cls')
    else:
        os.system('clear')
    t = time.ctime()
    sys.stdout.write(f"\033[01;33m[+] {t}\n")
    sys.stdout.write(f"\033[01;33m[+] Ending characters missing: {miss}\n")
    sys.stdout.write(f"\033[01;33m[+] Target address: {target_caddr}\n")
    sys.stdout.flush()

    # Create a global STOP_EVENT
    STOP_EVENT = multiprocessing.Event()

    # Create a pool of worker processes
    num_processes = multiprocessing.cpu_count()
    pool = multiprocessing.Pool(processes=num_processes)

    # Start the worker processes with different starting points
    for i in range(num_processes):
        pool.apply_async(check_private_key, args=(start, miss, target_caddr))

    # Close the pool and wait for all processes to complete
    pool.close()
    pool.join()

• Wed Feb 21 08:23:37 2024
• Ending characters missing: 10
• Target address: 18ZMbwUFLMHoZBbfpCjUJQTCMCbktshgpe
• KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qZM21gaY8WhMLMGKsr4w
• BINGO!!! Wed Feb 21 08:23:37 2024
• PUZZLE SOLVED: KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qZM21gaY8WN2CdwnTG57

But here, we need to solve Puzzle 66.
19 characters are missing from KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3q.

That is impossible to solve. It doesn't matter how you present the private key. The numbers are so big that it is impossible.
It doesn't matter which programming language it is.

[satashi_nokamato]

Has anyone ever seen a tool that tries only a set of keys? Let me explain, imagine you have this key
0x397f5aa7b90de4
What if you want to set the public key of this one 0x5aa7b90de4 and then try all combinations for the first 4 missing characters? as I understand it,  no tool exist to scan selected parts of a range, or do they exist?

If you are sure about the last digits of the Privatekey is easy to make some transformations on the public key with arithmetic and work with the result with BSGS.

In fact I can say that I am sure about first few digits but I want to quickly try different first digits,  if I understand it well,  no software tries first digits only without touching the rest of input range.

I already know about WIF solvers,  they are too slow,  what I don't know is the correct set of baby and giant steps based on the size of the key.

[albert0bsd]

In fact I can say that I am sure about first few digits but I want to quickly try different first digits,  if I understand it well,  no software tries first digits only without touching the rest of input range.

I already explained something similar here:

Re: Solving partial WIF with two missing parts

With some changes it can be applied to your case it's just matter to know what are you doing

[WanderingPhilospher]

Has anyone ever seen a tool that tries only a set of keys? Let me explain, imagine you have this key
0x397f5aa7b90de4
What if you want to set the public key of this one 0x5aa7b90de4 and then try all combinations for the first 4 missing characters? as I understand it,  no tool exist to scan selected parts of a range, or do they exist?

You would have to give a better example of how many leading characters, because what you have now would only take a few seconds/minute, to iterate all possible combos, even with a single thread python script. Even if you do not know the leading character, you are looking at 16^4 combos, 65,536 possible combos.

But initially, I was thinking the same thing as albert0bsd was, it is similar to BSGS, because BSGS basically cuts off the last x characters, depending on your baby step file (how many public keys it contains), but for your specific example, you would need a baby step file with 2^40 keys, or modify the keys known down, to use a smaller size file.

But as is, without mod, you would merely start with 0x1000 + 0x5aa7b90de4; and increment 0x1000 by +=1 until match is found. 0x1000, 0x1001, 0x1002, etc. Not a very difficult script to put together, using python.

Buuuuuuut,

In fact I can say that I am sure about first few digits but I want to quickly try different first digits

Even if you knew the first 5 characters (which there is no way that you do), that does not mean much in the scope of this challenge, for example #130, because that would leave you with 2^112 left to search. Which can be done now via subtraction/division with a file full of 2^18 keys. But let's be real, as far as this challenge goes, people may say they know the leading x amount of characters, which they obviously do not; but maybe you have a different purpose/reason for what you are wanting to do.

[mabdlmonem]

Has anyone ever seen a tool that tries only a set of keys? Let me explain, imagine you have this key
0x397f5aa7b90de4
What if you want to set the public key of this one 0x5aa7b90de4 and then try all combinations for the first 4 missing characters? as I understand it,  no tool exist to scan selected parts of a range, or do they exist?

You would have to give a better example of how many leading characters, because what you have now would only take a few seconds/minute, to iterate all possible combos, even with a single thread python script. Even if you do not know the leading character, you are looking at 16^4 combos, 65,536 possible combos.

But initially, I was thinking the same thing as albert0bsd was, it is similar to BSGS, because BSGS basically cuts off the last x characters, depending on your baby step file (how many public keys it contains), but for your specific example, you would need a baby step file with 2^40 keys, or modify the keys known down, to use a smaller size file.

But as is, without mod, you would merely start with 0x1000 + 0x5aa7b90de4; and increment 0x1000 by +=1 until match is found. 0x1000, 0x1001, 0x1002, etc. Not a very difficult script to put together, using python.

Buuuuuuut,

In fact I can say that I am sure about first few digits but I want to quickly try different first digits

Even if you knew the first 5 characters (which there is no way that you do), that does not mean much in the scope of this challenge, for example #130, because that would leave you with 2^112 left to search. Which can be done now via subtraction/division with a file full of 2^18 keys. But let's be real, as far as this challenge goes, people may say they know the leading x amount of characters, which they obviously do not; but maybe you have a different purpose/reason for what you are wanting to do.

Interesting,  could you please share a code for this method you mentioned?

[WanderingPhilospher]

Interesting,  could you please share a code for this method you mentioned?

Sure. I will keep this simple, for the example provided above. If the known/unknown characters were more or less, I would probably do the code a little different, optimize it for the known/unknown, but for the example provided I would do this:

Code:

import sys
from datetime import datetime
import secp256k1 as ice

startTimeRun = datetime.now()
arq1 = open("btctalkexample.txt", "a")
#Private Key given in example: 0x397F5AA7B90DE4; we don't know the first 4 characters, but we know the last 10 characters
KnownPart = int('5aa7b90de4', 16)
TargetPub = '029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f'
TargetPubXCoord = TargetPub[2:66]
num = 0x1000
hex_num = hex(num)[2:]

while num < 0x4000:
    combined = (num << 40) + KnownPart
    ResultingPub = ice.scalar_multiplication(combined).hex()[2:66]
    if ResultingPub == TargetPubXCoord:
        print(' Private Key Found:', hex(combined))
        arq1.write(hex(combined) + '\n')
        print(" Run Time         : " + str(datetime.now() - startTimeRun))
        sys.exit()
    num += 1

When I run it, it takes less than a second to find the private key:

Code:

 Private Key Found: 0x397f5aa7b90de4
 Run Time         : 0:00:00.088019

I ran a test in which the first 6 characters were "unknown", it took right at 20 seconds to find the private key:

Code:

 Private Key Found: 0x33397f5aa7b90de4
 Run Time         : 0:00:19.312457

[PrivatePerson]

FinderOuter has similar functionality.
https://github.com/Coding-Enthusiast/FinderOuter

Code:

Missing Base16

PrivateKey: 00000000000000000000000000000000000000000000000000******a7b90de4
PubKey: 029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f

The given key is missing 6 characters.
Total number of permutations to check: 16 777 216
Running in parallel.
Found the key: 00000000000000000000000000000000000000000000000000397f5aa7b90de4
Elapsed time: 00:00:37.3199093
k/s= 453 438

[WanderingPhilospher]

FinderOuter has similar functionality.
https://github.com/Coding-Enthusiast/FinderOuter

Code:

Missing Base16

PrivateKey: 00000000000000000000000000000000000000000000000000******a7b90de4
PubKey: 029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f

The given key is missing 6 characters.
Total number of permutations to check: 16 777 216
Running in parallel.
Found the key: 00000000000000000000000000000000000000000000000000397f5aa7b90de4
Elapsed time: 00:00:37.3199093
k/s= 453 438

Hmmmm, I wonder why it's so much slower than the python script. I haven't looked at the foundouter code in a while, so I'm not 100% the language or if it is using multi threading.

When I run the same example in the one you used finderouter for, here are my results:

Code:

 Known Characters aa7b90de4
 Public Key 029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f
 Private Key Found: 0x397f5aa7b90de4
 Run Time         : 0:00:01.804207

That's a huge difference in speed, like 36 to 1, or 36 times faster.

Lol, Nevermind, I ran with 5 missing characters, instead of 6. Here is result for single core python script, and missing the first 6 characters:

Code:

 Known Characters a7b90de4
 Public Key 029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f
 Private Key Found: 0x397f5aa7b90de4
 Run Time         : 0:00:29.066556

It appears the more known characters, at the end, help reduce search time. Example:

Code:

Private Key Found: 0x33397f5aa7b90de4
 Run Time         : 0:00:19.312457

which was missing the first 6 characters compared to:

Code:

 Known Characters a7b90de4
 Public Key 029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f
 Private Key Found: 0x397f5aa7b90de4
 Run Time         : 0:00:29.066556

Also, is finderouter targeting the known public key or the h160/address? Mine is using h160. I imagine if I changed it to target known public key, it would speed it up. I'll test this later.

Not sure if I have the code best optimized, but first run, just checking for matching public key is a little faster than searching for h160 (obviously) but I wanted to see the difference, just in case finderouter was searching for public key match versus h160 match.

Result:

Code:

Known Characters a7b90de4
 Public Key 029588f9aace0310751f37d130afa1b792e70b542b29d373f64a56a50bcd90ac3f
 Private Key Found: 0x397f5aa7b90de4
 Run Time         : 0:00:23.770135

[kTimesG]

Regardless of the math used, eventually you have to transform the math into something, a public key, a h160, whatever type collision/match you are looking for.

Everything you listed is some math implementation.

But let us say it's pure math, do the "math" for how long it takes a current CPU to do straight additions, just using numbers. And use a higher end CPU with say 5.0 mghz capability.

IMO, you have to eventually transform the pure math into what you are searching for, or have a precomputed list of something...so to me, it can never be, just math.

You're failing on the assumption that nobody, nowhere, will ever advance the math itself. Or contrarily on the assumption that somebody will prove one day that you do need "precomputed tables" - this hasn't happened yet as well. The concept of a logarithm was invented just a few centuries ago and immediately changed engineering as we know it. Until that point, math without logs was the peak of advancements in human knowledge. So I beg you pardon - it is foremost, before of anything else, the math, not the count of transistors jumbling around in logic gates in your CPU, GPU, ASIC, or whatever. Those are just tools, not the fundaments.

I can give you a public key in a small bit range, and just using math, you would never solve/know if a match was found. Understand?

Arrogance much? What does "never" mean? Or is time only relevant when you zoom and peek into a nanosecond, a day, a trillion year? Maybe a single unit of Planck time?
Here's a hint: I start from 1 up to your N modulus, and I have a 100% probability that at some point I will break your key, or that at the end I can tell you a simple truth - that your key isn't in the finite cycle. Understand?

[WanderingPhilospher]

Regardless of the math used, eventually you have to transform the math into something, a public key, a h160, whatever type collision/match you are looking for.

Everything you listed is some math implementation.

But let us say it's pure math, do the "math" for how long it takes a current CPU to do straight additions, just using numbers. And use a higher end CPU with say 5.0 mghz capability.

IMO, you have to eventually transform the pure math into what you are searching for, or have a precomputed list of something...so to me, it can never be, just math.

You're failing on the assumption that nobody, nowhere, will ever advance the math itself. Or contrarily on the assumption that somebody will prove one day that you do need "precomputed tables" - this hasn't happened yet as well. The concept of a logarithm was invented just a few centuries ago and immediately changed engineering as we know it. Until that point, math without logs was the peak of advancements in human knowledge. So I beg you pardon - it is foremost, before of anything else, the math, not the count of transistors jumbling around in logic gates in your CPU, GPU, ASIC, or whatever. Those are just tools, not the fundaments.

I can give you a public key in a small bit range, and just using math, you would never solve/know if a match was found. Understand?

Arrogance much? What does "never" mean? Or is time only relevant when you zoom and peek into a nanosecond, a day, a trillion year? Maybe a single unit of Planck time?
Here's a hint: I start from 1 up to your N modulus, and I have a 100% probability that at some point I will break your key, or that at the end I can tell you a simple truth - that your key isn't in the finite cycle. Understand?

Ahhhh, finally, a response.

Maybe you should define, "pure math" before I indulge in a response, after all, that was the basis of my response.  But to quickly answer your last comment, no arrogance, if you use pure math, as in 1+1, 1-1, 1/1, 1x1. or something thereof, just math, pure math, then no, you will never find a public key that I give you, it could be public key with a private key of 1, you would not find it with simply, pure math, because you have to transform it somehow, based on a curve's properties. Whether that be a public/wallet address, a public key, a hash160, something. You understand what I am saying?

Who cares if one can do pure math additions at 14613798463164873684768763487632847687468364243274687346242387468746846238746 key/s, it's cool and all, but without transforming it somehow, via whatever curve's properties, you simply just have a bunch of numbers.