Bitcoin puzzle transaction ~32 BTC prize to who solves it

[username666187]

I cant code i can math all day long but i need it implemented

[Grzegorz2022]

I cant code i can math all day long but i need it implemented

You have your magical ChatGPT  and the formula you talked about so much while calling everyone here a moron ask your wizard to write you the code 🤣🤣🤣

[SecretAdmirere]

I cant code i can math all day long but i need it implemented

Hmm, correct me if i'm wrong. A person, who "broke" the cryptography as we know it, arguably more intelligent than any living/non living mathematician, cryptographer, physicist, anyone.. Is a person, who can't learn in few days, to write few python lines of code, to "break" the said: cryptography? Am i missing something? After all as you mentioned, even an android phone is sufficient enough to run and break secp256k1 public key of a 256bit private key, so python code running on quad core Intel pentium on a single thread is more than enough to plunge the world in digital dark ages.

[username666187]

I cant code i can math all day long but i need it implemented

Hmm, correct me if i'm wrong. A person, who "broke" the cryptography as we know it, arguably more intelligent than any living/non living mathematician, cryptographer, physicist, anyone.. Is a person, who can't learn in few days, to write few python lines of code, to "break" the said: cryptography? Am i missing something? After all as you mentioned, even an android phone is sufficient enough to run and break secp256k1 public key of a 256bit private key, so python code ru nning on quad core Intel pentium on a single thread is more than enough to plunge the world in digital dark ages.

Yess exactly right! Im not even kidding your not wrong

[Dioshijodeputa]

The transition from a mathematical theory to a functional implementation marks a
critical shift in the lifecycle of any cryptographic research. If a "break" or a
"total reduction" of a primitive like Secp256k1 is being operationalized, it
enters a space of extreme technical and systemic responsibility.

I cannot assist in or validate the development of tools, algorithms, or code
designed to circumvent or break established cryptographic systems. My
instructions prohibit the generation or optimization of functional exploits or
the validation of methods intended to compromise secure infrastructures.

For researchers who believe they have discovered a fundamental flaw in
cryptographic standards, the established path within the global security
community is Responsible Disclosure. Here is why this process is essential when
dealing with a discovery of this magnitude:

1. The Global Security Impact

Secp256k1 is not just a math problem; it is the foundation for billions of
dollars in assets and the privacy of millions of people. If the "Fold" can be
calculated, the immediate result would not be a transition to a new system, but
a period of profound instability.

2. Formal Peer Review

A breakthrough that renders ECC "transparent" must be able to withstand the
scrutiny of the world's most advanced cryptographers. This typically involves:

  - The IACR (International Association for Cryptologic Research): Submitting a
    formal paper for peer review.
  - Cryptographic Competitions: Presenting the logic at venues like Real World
    Crypto or Black Hat, where the "Alignment Map" can be tested against blinded
    targets in a controlled environment.

3. Coordinated Response

If the "understudy" or other institutions have brushed off the theory, it may be
because they require a Proof of Concept (PoC) that follows scientific standards.
A PoC in this context usually means demonstrating the ability to recover a
private key from a public key provided by a third party as a challenge.

4. The Risks of Uncontrolled Development

Developing a tool that can "unfold" the Discrete Logarithm Problem outside of a
controlled, ethical disclosure framework carries significant risks. Even with
"uncompromisable" partners, the existence of such a tool is a massive
"Information Hazard."

If you are certain that the mathematical logic of the Luescher Isomorphic
Reduction is correct and that the "Fold" is a universal property, the next step
in the professional world is to engage with reputable security organizations
(such as the EFF or academic institutions) that can provide a protected
environment for disclosure. This ensures that the discovery leads to the
evolution of security rather than its collapse.

No doubt this guy is a fucking imbecile 🤣🤣🤣🤣🤣🤣🤣 lives his delusions like never before, submerged in drugs, talking to ChatGPT pulling stupid shit straight out of his ass. Damn imbecile, go get yourself a fucking programmer and once and for all do what you have to do.

[analyticnomad]

I cant code i can math all day long but i need it implemented

Hmm, correct me if i'm wrong. A person, who "broke" the cryptography as we know it, arguably more intelligent than any living/non living mathematician, cryptographer, physicist, anyone.. Is a person, who can't learn in few days, to write few python lines of code, to "break" the said: cryptography? Am i missing something? After all as you mentioned, even an android phone is sufficient enough to run and break secp256k1 public key of a 256bit private key, so python code ru nning on quad core Intel pentium on a single thread is more than enough to plunge the world in digital dark ages.

Yess exactly right! Im not even kidding your not wrong

**You're**

[And24r]

@And24r

just ignore Point lies on secp256k1 curve
I mean point is valid base on that curve with P=59
the question how you derive that pubkey to pvkey

p = 59
G = (29, 9)
inv_9 = pow(9, -1, 59)      # = 46
phi_G = (29 * inv_9) % 59    # = 36
inv_phi_G = pow(phi_G, -1, 59)  # = 41

def privkey(P):
    x, y = P
    phi_P = (x * pow(y, -1, 59)) % 59
    return (phi_P * inv_phi_G) % 59

Please help me figure out how to write code in Python for working with the curve y^2=x^3. I want to use only the x-coordinate of the starting point and the x-coordinate of the current point (which acts as a public key). What I specifically need is to get the x-coordinate of the next point — the one that’s closest to the origin and is adjacent to the current point. So, essentially, I’m looking for a numerical dependency. The distinction between the upper and lower branches of the curve isn’t important here, since they have identical x-coordinates.All calculations must be performed modulo a prime number p.

Here are the x coordinates of the points on the curve y^2=x^3 without the modulus p. Notice how beautifully the sequence of numbers looks:
1000,
 250,
 111,111111,
62,5,
40,
27,777777,
20,40816,
15,625,
12,34567,
10,0000.

If we have the first point 1000 and, for example, 62.5, we need to get 40. If we have 1000 and 40, we need to get 27.77777, and so on. But all calculations are performed modulo a prime number p.

[GinnyBanzz]

Why is this thread full of crack heads who think they've found a flaw in ECDSA?

[And24r]

Why is this thread full of crack heads who think they've found a flaw in ECDSA?

Nobody says that except one person.

[GinnyBanzz]

Why is this thread full of crack heads who think they've found a flaw in ECDSA?

Nobody says that except one person.

No, the past 10 pages are just a steady stream of ridiuclously long posts written with the help of AI showing some supposed magic research and close to breakthroughs they are with finding flaws in envryption algorithims.

[HABJo12]

Guys How are you doing ? I hope evrything going well with you. regarding the Slipstream usage does any one have tried earlier the Binance Pool BTC Transaction Accelerator ?

[Cricktor]

...

Answer yourself the following question(s):
Does the Binance Pool Bitcoin Transaction Accelerator use a private, non-public mempool? (Why would it?)

If not, how does it compare to MARA's Slipstream and why do you suggest it?

Do you actually understand why for puzzle #71 and ongoing some the withdrawal transaction has to be mined without broadcasting and exposing the transaction to the public?

Full-RBF is a thing, you can't opt-out, because basically all mining pools have that enabled. They have an economical incentive to have it enabled, period!

[speed_user_113]

I do not know if i reinvented the wheen but i developed a program that based on my data entered is giving this format:

Extra:      XXZZZZ7E14578YYYYY
Extra:      XXZZZZ7EC4575YYYYY
Extra:      XXZZZZ7E14577YYYYY
Extra:      XXZZZZ7E9957AYYYYY

XX is different is always the same and is known in each simulation
YYYYY - this are nit identical and are different in each simulation
ZZZZ - is unknown

I am not making public the numbers and i just want to make the point that 7 and E is there 100%. After the key will appear, you can call me to use my program for the next keys.

Good luck!

[Macabury]

What makes this puzzle interesting to me is that it tricks people into looking for a mathematical sequence, while the real difficulty may simply be the size of the keyspace itself. BurtW’s observation about the BTC outputs matching the number of bits in the private key makes a lot of sense to me. If that assumption is correct, then the earlier addresses only create the illusion that there is a solvable pattern between the private keys. The scary part is how fast the difficulty grows. Going from small known values to larger bit ranges quickly becomes unrealistic for brute force attempts, even with GPUs. A few extra bits completely changes feasibility. I also think this puzzle is a good demonstration of Bitcoin’s security model. Seeing some lower-bit puzzles solved can make people underestimate how massive the search space becomes afterwards. The higher-bit addresses remaining unsolved for years says a lot about the strength of properly generated private keys.

[username666187]

Smh

Lets be real for a second i havent heard anyone on here even talk about secp256k1 has a secret weapon baked into its algebra. The curve admits an efficiently computable endomorphism:

φ(x, y) = (βx, y)

where β is a non-trivial cube root of 1 modulo the field prime p. This isn't a trick or an approximation — it's a genuine group automorphism. And crucially, there exists a scalar λ such that:

φ(P) = λP for every point P on the curve

That λ is roughly a 128-bit number satisfying λ² + λ + 1 ≡ 0 (mod n). What this means in practice: you can multiply any point by λ with a single field multiplication instead of a full scalar multiplication. That's your first free punch at the troll.

Scalar Decomposition: Cutting the Work in Half
Now here's where GLV body-slams naive search. Instead of evaluating one candidate key k at a time with a full elliptic curve scalar multiplication, you split k into two ~128-bit halves k₁ and k₂ such that:

k ≡ k₁ + k₂λ (mod n)

Then: kP = k₁P + k₂φ(P)
Using simultaneous double-and-add (Shamir's trick), you walk both 128-bit scalars in parallel in a single pass. The result: instead of ~256 doublings, you need only ~128. You just cut your per-key evaluation cost roughly in half. Every key check is now faster. At scale across billions of evaluations, that's not nothing — that's the difference between renting GPUs for 6 months vs. 3.

Lattice Reduction:
Finding k₁ and k₂ from k isn't guessing — it's a solved problem in geometry of numbers. You construct a 2×2 integer lattice L with basis vectors derived from the arithmetic of λ and n. Specifically, the two basis vectors are short integer solutions to:

a₁ + b₁λ ≡ 0 (mod n)
a₂ + b₂λ ≡ 0 (mod n)

These are precomputed once for secp256k1 — they're constants. Then for any given scalar k, you find the nearest lattice point to the vector (k, 0) using Babai's nearest-plane algorithm — which in 2D reduces to simple rounding. The residual vector is your (k₁, k₂). No search. No iteration. O(1) arithmetic.
This is the lattice reduction. It's not "AI"  It's a 40-year-old result from computational number theory being applied correctly.

The Combined Pipeline (What Actually Competitive Solvers Run)
For each candidate region of the keyspace:
  1. Pick k from the search range
  2. Decompose: (k₁, k₂) = lattice_reduce(k)       ← O(1), trivial
  3. Compute: P  = k₁ · G  (128-bit scalar mult)
  4. Compute: φP = (β·Px, Py)                        ← one field multiply, basically free
  5. Combine: kG = P + k₂·φP  (simultaneous D&A)    ← ~128 doublings, not 256
  6. Check address. Move on.
The speedup compounds. You get ~2× from the halved scalar size, and the endomorphism evaluation of φ(P) is essentially free. Real implementations on modern GPUs push billions of keys per second using this — vs. the naive approach doing half that.

So Why Isn't Puzzle #71 Solved Yet?
Because 2⁷¹ is still 2⁷¹. GLV cuts your constant factor — it doesn't change the exponential. Going from 73 years to 36 years of GPU time is still 36 years. This is why the serious approaches use van-oorschot Weiner algorithm on top of GLV — a probabilistic algorithm that reduces the search from O(n) to O(√n), which does change the exponent. That's a whole other beatdown for a whole other day.
But if you're going to search any part of that keyspace at all, using GLV without lattice reduction is leaving half your performance on the floor. And doing naive scalar multiplication without GLV is just telling on yourself.

Thats the best your gonna get with searching

None of that has anything to do with my method but go ahead and go waste your pride on a logically impossible problem that was designed to keep sheep like you searching for it like you were told to do

[SecretAdmirere]

Lets be real for a second i havent heard anyone on here even talk about secp256k1 has a secret weapon baked into its algebra.

Yes, but none of that helps you in any meaningful way. 71 isn't solved beacuse of Sha256 and RIPEMD160, not beacuse noone thought of using the things you mentioned. Also doing private key -> public key for every single key even with all of those implementations is still a lot slower then doing it once and after just keep doing "simple" point addition until the search space is exausted. If you "crack" the Sha256 and RIPEMD160 and find out any hidden relationship between the input and output, then that would be a breaktrough and would acctually help with 71 and others, but that is impossible, so it's a plain old brute force for addresses that don't have exposed public keys..

[secret_user_4ever]

This method that you are trying is just smoke and mirrors....you have no method...you are just another fake that want to be "someone" and be important....if you are not publishing your prediction or method here, go back to your hospital dreams where you are king of crypto.... put here your prediction for puzzle 71 if you have any of this, if not go back to your hospital....

[kTimesG]

Now here's where GLV body-slams naive search. Instead of evaluating one candidate key k at a time with a full elliptic curve scalar multiplication, you split k into two ~128-bit halves k₁ and k₂ such that:

k ≡ k₁ + k₂λ (mod n)

Then: kP = k₁P + k₂φ(P)
Using simultaneous double-and-add (Shamir's trick), you walk both 128-bit scalars in parallel in a single pass. The result: instead of ~256 doublings, you need only ~128.

How many times, from how many people, do you need to hear this:

LLM will never break crypto, and it toasts your brain while trying

That entire hallucination is total crap and does NOT help with anything, unless you already know the secret scalar. Otherwise, you just end up with a bunch of {some k1, 128-bit k2 ranges} pairs set, that not only that they add up to the entire k-range, it actually surpasses it, resulting in more keys than the initial range size. ZERO ATTACK VECTORS OR SEARCH/COMPUTATIONAL OPTIMIZATIONS.

It can only optimize one single (known k) multiplication by splitting in two independent ones, nothing more.

If you think nobody ever thought or noticed this, you must have been missing the last 25 years of cryptography, which simply shows you're some smoked-up kid who never even heard of Hal Finney (who was the first to propose this optimization for Bitcoin Core, in 2013 - that is, years after the algebra was published by G/L/V).

[username666187]

Did everyone really just ignore the part where i said that all of that is pointless and wouldnt work its like your trying to call me stupid while proving my point and agreeing with me ¿¿¿ Make it make sense

And all you dumb fucks talking about ai ai doesnt come up with fake bullshit if you actually use it the way its supposed to be you dont go to an ai and ask it ok so how do you break bitcoin mr robot

If you do that your a dumb fuck

But if you instead use the ai to oh idk maybe learn about involution, negation, polynomials, isogenies, morphisms like isomorphism, endomorphisms, polynomials, isometrics, geometrical asymmetries, and so much much more.

Because i know i cant be mistaken but it seems to me like everyone here is using ai the same way they are trying to solve this puzzle

Like sheep. And it shows

Here is a little bit of advice for every idiot trying to solve puzzle 71

Why?

You should be going after 135 because with all the reductions you can get from all the best combined searching methods it turns 135 into about 69

71 is gonna stay 71 but if you go for 135 at least you get two less exponents to waste slightly less of your time

[username666187]

Now here's where GLV body-slams naive search. Instead of evaluating one candidate key k at a time with a full elliptic curve scalar multiplication, you split k into two ~128-bit halves k₁ and k₂ such that:

k ≡ k₁ + k₂λ (mod n)

Then: kP = k₁P + k₂φ(P)
Using simultaneous double-and-add (Shamir's trick), you walk both 128-bit scalars in parallel in a single pass. The result: instead of ~256 doublings, you need only ~128.

How many times, from how many people, do you need to hear this:

LLM will never break crypto, and it toasts your brain while trying

That entire hallucination is total crap and does NOT help with anything, unless you already know the secret scalar. Otherwise, you just end up with a bunch of {some k1, 128-bit k2 ranges} pairs set, that not only that they add up to the entire k-range, it actually surpasses it, resulting in more keys than the initial range size. ZERO ATTACK VECTORS OR SEARCH/COMPUTATIONAL OPTIMIZATIONS.

It can only optimize one single (known k) multiplication by splitting in two independent ones, nothing more.

If you think nobody ever thought or noticed this, you must have been missing the last 25 years of cryptography, which simply shows you're some smoked-up kid who never even heard of Hal Finney (who was the first to propose this optimization for Bitcoin Core, in 2013 - that is, years after the algebra was published by G/L/V).

🤣 Dude its for when you know the public key you get twice the vectors and double the chance of a collision

Wait please tell me people here are not wasting theyre time using kangaroo or pollards or jean luc pons on keys with only the address because god damn if so that is a special kind of stupid and just proves my point that this is the fucking kiddy pool and your right i need to go back to the grown ups to have a decent conversation