Bitcoin puzzle transaction ~32 BTC prize to who solves it

[Akito S. M. Hosana]

the Millisecond Puzzle 30 solver

So, you can solve any puzzle in less than a second if you have the correct random seed?  

[nomachine]

the Millisecond Puzzle 30 solver

So, you can solve any puzzle in less than a second if you have the correct random seed?  

That's right — and even more than that: with one and the same seed, multiple puzzles 

[Akito S. M. Hosana]

the Millisecond Puzzle 30 solver

So, you can solve any puzzle in less than a second if you have the correct random seed?  

That's right — and even more than that: with one and the same seed, multiple puzzles 

How can that be?

[nomachine]

the Millisecond Puzzle 30 solver

So, you can solve any puzzle in less than a second if you have the correct random seed?  

That's right — and even more than that: with one and the same seed, multiple puzzles 

How can that be?

Because all puzzles are created with one or similar random, seed - known to the creator.
errors = ZERO

[viceversas]

I'm not going to prove anything to anyone, but here is the Millisecond Puzzle 30 solver

Code:

import random
import os
import time
import secp256k1 as ice

puzzle = 30
target = "d39c4704664e1deb76c9331e637564c257d68a08"
lower_range_limit = 2 ** (puzzle - 1)
upper_range_limit = (2 ** puzzle) - 1

start_time = time.time()

for x in range(10000000):
    #Random seed Config
    #constant_prefix = b''  #back to no constant
    constant_prefix = b'yx\xcb\x08\xb70l'
    prefix_length = len(constant_prefix)
    length = 8
    ending_length = length - prefix_length
    ending_bytes = os.urandom(ending_length)
    random_bytes = constant_prefix + ending_bytes
    random.seed(random_bytes)
    dec = random.randint(lower_range_limit, upper_range_limit)
    h160 = ice.privatekey_to_h160(0, True, dec).hex()
    if h160 == target:
        HEX = "%064x" % dec
        caddr = ice.privatekey_to_address(0, True, dec)
        wifc = ice.btc_pvk_to_wif(HEX)
        print("Bitcoin address Compressed: " + caddr)
        print("Private Key (decimal): " + str(dec))
        print("Private key (wif) Compressed : " + wifc)
        print(f"Random seed: {random_bytes}")
        break

end_time = time.time()
execution_time_ms = (end_time - start_time) * 1000

print("Execution Time (ms):", execution_time_ms)

Bitcoin address Compressed: 1LHtnpd8nU5VHEMkG2TMYYNUjjLc992bps
Private Key (decimal): 1033162084
Private key (wif) Compressed : KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M8diLSC5MyERoW
Random seed: b'yx\xcb\x08\xb70l\xf1'
Execution Time (ms): 2.977609634399414


There are no rules for how any puzzle should be solved — the rule is that there are no rules

even less in mine lol

Code:

Bitcoin address Compressed: 1LHtnpd8nU5VHEMkG2TMYYNUjjLc992bps
Private Key (decimal): 1033162084
Private key (wif) Compressed : KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M8diLSC5MyERoW
Random seed: b'yx\xcb\x08\xb70l\xf1'
Execution Time (ms): 1.6162395477294922

[Akito S. M. Hosana]

the Millisecond Puzzle 30 solver

So, you can solve any puzzle in less than a second if you have the correct random seed?  

That's right — and even more than that: with one and the same seed, multiple puzzles 

How can that be?

Because all puzzles are created with one or similar random, seed - known to the creator.
errors = ZERO

What does similar mean? Same random seed + "something"? Some algorithm?

[nomachine]

What does similar mean? Same random seed + "something"? Some algorithm?

I don't know exactly what it is. It could be something very simple, and I might be overcomplicating things with complex byte variants — for example, it could just be the Satoshipuzzle plus the puzzle number, or something like that. Anything. That's why this is a brute-force puzzle

[Bram24732]

My C-bit prefilter is a winner, my friend.
Convinced? ⇒ bc1qvmw6hxf7fhatxstf7vg53cd3n2a4jfa8at9wa6  

I'm not. Maybe Bram is, who knows?

You still do the same amount of hashing, so there's zero saving. We don't need to derive an address. The H160 is always enough. And it's always also necessary.

You still might not find a key also.

Nice try though.

That comment misses the real win: we’re not paying the full cost of address derivation + Base58 on every candidate, only on the tiny fraction that passes the c-bit filter.

1. Linear scan does, for each x:  
   - point multiplication (x·G)  
   - SHA-256 → RIPEMD-160 → double-SHA-256 checksum → Base58 encoding  
   - that’s dozens of heavy operations per key.

2. Prefilter does, for each x:  
   - point multiplication (same)  
   - only SHA-256 → RIPEMD-160 (the H160)  
   - extracts c bits, compares to target filter  
   - that’s one cheap H160 per key.  
   - then, in ~1/2^c of cases, it does the full address derivation+Base58.

So you dramatically cut out the expensive checksum+Base58 for ~95 % or more of the keys. That is a genuine saving!

Moreover, you don’t even need to Base58-encode on the final match, you can compare the 20 byte H160 directly to your target hash160. But that only further speeds up the tiny fraction that passes the filter, it doesn’t eliminate the savings of the filter itself.

But of course we can always improve, we never need to generate the Base58 string for the final comparison, and it’s sufficient to compare hash160(pubkey(x)) directly to your HASH160_TARGET. Besides, nobody asked me for a fully fledged GPU accelerated script or anything like that. This just shows that linear is not the best.  

Genuinely curious. Did you just prompt my bounty to chatGPT or something ?
Congrats on saving time on something absolutely not necessary for the bruteforce the linear method does not need all the extra sha256s, b58 etc…

Um, no, I can't afford chatgpt and I only have a old desktop computer with 4 cpu  ^^

ChatGPT is free to use on lower tiers which is more than enough to generate code.

But if you could give me your linear in that case, share it and I'll show you, based on your code, that linear is crap in a box

You can simply update your own script doing something like this (Did not test it, but you should be able to understand the change required) :

Code:

# Decode address target to hex
ADDRESS_TARGET = b58decode(ADDRESS_TARGET)

# Compare with hex version of target instead of B58
def linear_scan(start: int, end: int, target: str):
    ops = 0
    for x in range(start, end+1):
        ops += 1
        if hash160_pubkey(x) == target:
            return x, ops
    return None, ops

[kTimesG]

This thread's average intellectual level will soon go below zero in this style. Pretty much at parity with whatever some AI hallucinates after properly being trained to agree with whatever non-sense it's fed with in advance. Or ever thinking that the shit code it produces is ever on par with someone's lifetime expertise who eats code for breakfast, lunch and dinner, if not in his dreams.

[Bram24732]

I'm going to end up believing that you're just lucky 

Your method only returns the number of operations from the thread which finds the key. It discards all the tries of the 3 other threads which do not find it.
ChatGPTor not, if you want that bounty you need to up your game

[fantom06]

I'm going to end up believing that you're just lucky  

Your method only returns the number of operations from the thread which finds the key. It discards all the tries of the 3 other threads which do not find it.
ChatGPTor not, if you want that bounty you need to up your game

I'm also preparing a scrypt, it will appear here soon.

[drpxxx]

Um, no, I can't afford chatgpt and I only have a old desktop computer with 4 cpu  ^^

ChatGPT is free to use on lower tiers which is more than enough to generate code.

But if you could give me your linear in that case, share it and I'll show you, based on your code, that linear is crap in a box

You can simply update your own script doing something like this (Did not test it, but you should be able to understand the change required) :

Code:

# Decode address target to hex
ADDRESS_TARGET = b58decode(ADDRESS_TARGET)

# Compare with hex version of target instead of B58
def linear_scan(start: int, end: int, target: str):
    ops = 0
    for x in range(start, end+1):
        ops += 1
        if hash160_pubkey(x) == target:
            return x, ops
    return None, ops

Here just for you my friend improved version if you have the pubkey c-bit find it more quickly

Code:

#!/usr/bin/env python3
# coding: utf-8
"""
proof.py

Hash160 linear scan vs double c-bit on puzzle 21.
Uses only hash160 comparisons and no Base58 encoding. Added a progress bars tqdm.
"""

import hashlib, math
from ecdsa import SECP256k1, util
from multiprocessing import Pool, cpu_count
from tqdm import tqdm

# --- Configuration ---
ADDRESS_TARGET        = "114oFNXucftsHiUMY8uctg6N487riuyXs4h"
HASH160_TARGET        = "29a78213caa9eea824acf08022ab9dfc83414f56"
RANGE_HEX             = "100000:1fffff"
FILTER_BITS           = 2     # c ≥ 1 ⇒ >5% reduction
SHA_PREFILTER_BITS    = 8     # double bits
THRESHOLD             = 5.0   # percent
# -------------------------------

G     = SECP256k1.generator
ORDER = SECP256k1.order
B58   = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"


def b58decode(s: str) -> bytes:
    num = 0
    for ch in s:
        num = num * 58 + B58.index(ch)
    full = num.to_bytes((num.bit_length() + 7) // 8, 'big')
    # leading-zero pad
    pad = len(s) - len(s.lstrip('1'))
    full = b'\x00'*pad + full
    payload, chk = full[:-4], full[-4:]
    if hashlib.sha256(hashlib.sha256(payload).digest()).digest()[:4] != chk:
        raise ValueError("Invalid Base58 checksum")
    return payload

def hash160_pubkey(x: int) -> bytes:
    P = x * G
    prefix = b'\x02' if (P.y() & 1)==0 else b'\x03'
    pub = prefix + util.number_to_string(P.x(), ORDER)
    return hashlib.new('ripemd160', hashlib.sha256(pub).digest()).digest()

def get_target_h160() -> bytes:
    if HASH160_TARGET:
        return bytes.fromhex(HASH160_TARGET)
    payload = b58decode(ADDRESS_TARGET)
    return payload[1:]


def linear_scan(start: int, end: int, target_h: bytes):
    ops = 0
    for x in tqdm(range(start, end+1), desc="Linear scan", unit="key"):
        ops += 1
        if hash160_pubkey(x) == target_h:
            return x, ops
    return None, ops


def prefilter_chunk(args):
    idx, start, end, c, d, t1, t2, target_h = args
    # si d>0 et t2 défini, on fait le SHA256-prefilter
    for i, x in enumerate(range(start, end+1), start=1):
        # 1er filtre: SHA256(pub)
        P = x * G
        prefix = b'\x02' if (P.y() & 1)==0 else b'\x03'
        pub = prefix + util.number_to_string(P.x(), ORDER)
        sha = hashlib.sha256(pub).digest()
        if d and t2 is not None:
            if (int.from_bytes(sha, 'big') >> (256 - d)) != t2:
                continue

        # 2e filtre + comparaison finale: RIPEMD-160
        rip = hashlib.new('ripemd160', sha).digest()
        if (int.from_bytes(rip, 'big') >> (160 - c)) != t1:
            continue
        if rip == target_h:
            return idx, i, x
    return idx, None, None


def parallel_prefilter(start: int, end: int, c: int, d: int,
                       target_h: bytes, t2: int, workers: int):
    N     = end - start + 1
    chunk = math.ceil(N / workers)
    t1    = int.from_bytes(target_h, 'big') >> (160 - c)

    args = []
    for i in range(workers):
        s = start + i*chunk
        e = min(start + (i+1)*chunk - 1, end)
        args.append((i, s, e, c, d, t1, t2, target_h))

    with Pool(workers) as p:
        # imap_unordered + barre de progression sur les chunks
        for idx, ops, x in tqdm(p.imap_unordered(prefilter_chunk, args),
                                 total=len(args),
                                 desc="Prefilter chunks",
                                 unit="chunk"):
            if ops:
                return x, ops
    return None, 0


def main():
    import argparse
    parser = argparse.ArgumentParser()
    parser.add_argument("--workers", type=int, default=0,
                        help="nombre de processus (défaut = CPU count)")
    parser.add_argument("--pubkey", type=str, default=None,
                        help="hex compressed pubkey cible (pour SHA256-prefilter)")
    args = parser.parse_args()

    workers = args.workers or cpu_count()
    s_hex, e_hex = RANGE_HEX.split(':')
    start, end   = int(s_hex, 16), int(e_hex, 16)
    N            = end - start + 1

    print(f"Target address: {ADDRESS_TARGET}")
    print(f"Range: 0x{s_hex} .. 0x{e_hex} (N = {N})")
    print(f"Filter bits: {FILTER_BITS}, SHA256 bits: {SHA_PREFILTER_BITS}, "
          f"Processes: {workers}\n")

    target_h = get_target_h160()

    # Calculate the SHA256-prefilter threshold if pubkey is provided
    t2 = None
    if args.pubkey:
        pub_bytes = bytes.fromhex(args.pubkey)
        sha_target = hashlib.sha256(pub_bytes).digest()
        t2 = int.from_bytes(sha_target, 'big') >> (256 - SHA_PREFILTER_BITS)

    # Linear scan
    print("→ Linear hash160 scan…")
    x_lin, ops_lin = linear_scan(start, end, target_h)
    print(f"  ✅ Found x = 0x{x_lin:x} in {ops_lin} H160 ops\n")

    # Prefilter scan
    print("→ Parallel double-prefilter scan…")
    x_pre, ops_pre = parallel_prefilter(start, end,
                                        FILTER_BITS,
                                        SHA_PREFILTER_BITS,
                                        target_h,
                                        t2,
                                        workers)
    print(f"  ✅ Found x = 0x{x_pre:x} in {ops_pre} heavy ops\n")

    # Statistics
    pct_lin = 100.0
    pct_pre = ops_pre / ops_lin * 100.0 if ops_lin else 0.0
    reduction = pct_lin - pct_pre

    print(f"Percent checks: hash160 = {pct_lin:.2f}%, prefilter = {pct_pre:.2f}%")
    print(f"Reduction = {reduction:.2f}%")
    print(("✅" if reduction>THRESHOLD else "⚠️") +
          f" Reduction {'exceeds' if reduction>THRESHOLD else 'below'} {THRESHOLD}%")
    winner = "Prefilter" if ops_pre < ops_lin else "Hash160"
    print("🏆 Winner: " + winner + " scan")


if __name__ == "__main__":
    main()

root:~# python3 proof.py --pubkey 031a746c78f72754e0be046186df8a20cdce5c79b2eda76013c647af08d306e49e
Target address: 114oFNXucftsHiUMY8uctg6N487riuyXs4h
Range: 0x100000 .. 0x1fffff (N = 1048576)
Filter bits: 2, SHA256 bits: 8, Processes: 4

→ Linear hash160 scan…
Linear scan:  73%|███████████████████████████████████████████████████████████████████████████████████████████████████████████▋                                        | 763188/1048576 [01:06<00:24, 11441.10key/s]
  ✅ Found x = 0x1ba534 in 763189 H160 ops

→ Parallel double-prefilter scan…
Prefilter chunks:   0%|                                                                                                                                                                   | 0/4 [00:38<?, ?chunk/s]
  ✅ Found x = 0x1ba534 in 238901 heavy ops

Percent checks: hash160 = 100.00%, prefilter = 31.30%
Reduction = 68.70%
✅ Reduction exceeds 5.0%
🏆 Winner: Prefilter scan

My old computer doesn’t have the balls to scan the remaining keys, so I hope I’ve at least opened your eyes, you seem smarter than Ktimes ^^ Think of me if you use it! Your welcome my friend.  

And come take a tour to my github https://github.com/lfgcampos

In your parallel_prefilter function, you still return immediately when the first chunk finds a solution
This means you lose the operations done by the other threads.

[Bram24732]

In your parallel_prefilter function, you still return immediately when the first chunk finds a solution
This means you lose the operations done by the other threads.

I'm not sure he does now, there's a shared variable incrementing. But the kicker is there :

# Compute t2 for SHA256 prefilter if pubkey provided

Too bad we dont have public key in puzzle 69.
You're literally giving part of the solution of the search to your method
That was fun, but your code is obviously AI generated, and I'm not an LLM code fixer. So you're officially disqualified from the bounty.

That being said, with 99.5% improvement, I'm sur McD and WP will be thrilled to merge this method with the prefix one for even more gains. If they don't I might have to ask them to prove why it's not good

[Bram24732]

That being said, with 99.5% improvement, I'm sur McD and WP will be thrilled to merge this method with the prefix one for even more gains. If they don't I might have to ask them to prove why it's not good

I will not attempt anything for this 'bounty' since anything that is presented to you, you will deny. In other words, you would never pay a reward that makes you feel like you were wrong...your ego won't let you.

Oh it's not about the bounty, a valuable member of this community is proposing a solution which goes 99.5% faster.
I'm sure you will not discard such an opportunity
Oh and I will 100% pay the bounty I don't really care about being wrong if it makes me richer

[Bram24732]

saying things like 'anyone who believes in this or that is missing neurons or is a retard'.

I dont remember saying that, if that's what you imply.

Additionally, for your reward, you should create a new thread in the technical area where such behavior is prohibited.

Yea that's a good idea

[drpxxx]

I think I’ve approached all of this the wrong way.

I’m offering a 0.1 BTC bounty for the formal proof of any traversal method that provides a statistical edge over a linear scan for puzzle 69. By statistical edge I mean that this new traversal method running on a statistically significant number of executions requires significantly fewer checks (let’s put the threshold at 5%) to find the key.

Conditions :
- Has to be written using math semantics. Not “where does John lives” metaphors.
- Has to be empirically validated using a python / nodeJS script.
- First one posting it to this thread will be recipient of the bounty.

I think If we assume that the key is uniformly distributed within this range, then every key within the range has an equal probability of being the correct private key. Since the key has a uniform distribution, uniform distribution provides no bias in how the key is distributed, all traversal methods will, on average, require the same number of checks. This means that no method will significantly reduce the number of checks required to find the key.
The key is uniformly distributed, meaning every number within the range has an equal probability of being the correct key. In a linear search, we check keys one by one, starting from the beginning of the range and moving towards the end. The expected number of trials in a linear search for a uniformly distributed key is the average of the number of trials required to find the key. Since the key can be anywhere in the range, the expected number of trials is given by N/2, where N is the number of possible keys in the range.
Because any traversal method still needs to explore a random and uniformly distributed key space, and the expected number of trials is N/2 for any such strategy.
Well using middle search or jumping around may increase your luck but the probability of finding the key is still the same.

[Akito S. M. Hosana]

What does similar mean? Same random seed + "something"? Some algorithm?

I don't know exactly what it is. It could be something very simple, and I might be overcomplicating things with complex byte variants — for example, it could just be the Satoshipuzzle plus the puzzle number, or something like that. Anything. That's why this is a brute-force puzzle

How could this be reconstructed, if it is even possible? How would you create a puzzle if you were the creator?   

[Bram24732]

That being said, with 99.5% improvement, I'm sur McD and WP will be thrilled to merge this method with the prefix one for even more gains. If they don't I might have to ask them to prove why it's not good

I will not attempt anything for this 'bounty' since anything that is presented to you, you will deny. In other words, you would never pay a reward that makes you feel like you were wrong...your ego won't let you.

By the way the bounty is also for you if you post the prefix theory on the cryptography subreddit and the mathematicians / cryptographers there agree it has a better average success rate.

[Denevron]

What's the point of showing a solution that can be faster than 99.5%? For the sake of a 0.1 BTC reward? If you can use this method yourself and get more 

[nomachine]

What does similar mean? Same random seed + "something"? Some algorithm?

I don't know exactly what it is. It could be something very simple, and I might be overcomplicating things with complex byte variants — for example, it could just be the Satoshipuzzle plus the puzzle number, or something like that. Anything. That's why this is a brute-force puzzle

How could this be reconstructed, if it is even possible? How would you create a puzzle if you were the creator?   

Code:

import random
import hashlib
import base58

for puzzle in range(1, 160):
      lower = 2 ** (puzzle - 1)
      upper = (2 ** puzzle) - 1
      seed = "SatoshiNakamotoPuzzle" + str(puzzle)
      random.seed(seed)
      dec = random.randint(lower, upper)
      private_key_hex = "%064x" %  dec
      private_key_bytes = bytes.fromhex(private_key_hex)
      extended_key = b'\x80' + private_key_bytes
      extended_key += b'\x01'
      checksum = hashlib.sha256(hashlib.sha256(extended_key).digest()).digest()[:4]
      wif_bytes = extended_key + checksum
      wif_compressed = base58.b58encode(wif_bytes).decode()
      print(f"Puzzle = {puzzle} seed = {seed} wif = {wif_compressed}")

I don't need anything else. Not even a deterministic wallet.