Bitcoin Forum
November 15, 2018, 03:44:06 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 »
  Print  
Author Topic: Large Bitcoin Collider (Collision Finders Pool)  (Read 164397 times)
arulbero
Legendary
*
Offline Offline

Activity: 1081
Merit: 1176


View Profile
January 31, 2017, 04:18:17 PM
Merited by Makkara (4)
 #401

....
2. Outside the Box

IMO, for any substantial optimizations, it is required to think outside the box. The box here being the libsecp256k1 library. This library provides us with an API - a set of functions - which is functionally complete, but may sometimes be obstructive for certain tasks. If you look at the use case from above, it would certainly be nice if we had a function that could efficiently sum up affine points into jacobian.

That's why I started to hack my own libsecp256k1, extending it with functionality for the LBC use case (public key generation).

I made a very simple python script, 2 files --> https://www.dropbox.com/s/xr2ypa5zplry/ecc_for_collider.zip?dl=0

ecc_for_collider.py  (a very small library)
gen_couple_points.py (a test program, it computes kG+mG, kG-mG, given kG and mG)

The script works  Smiley

*********************************************************************
ecc_for_collider.py

function add_a_a_j(x1, y1, x2, y2)  

--> input kG=(x1,y1) , mG=(x2,y2)

--> output kG + mG = (x3,y3,z3)    (0<m<2049)

--> 4M + 2S
Code:
       h=(x2-x1)  % p
r=(y2-y1)  % p

a=r**2 % p    # 1S
        b=h**2 % p    # 1S
c=b*h  % p    # 1M   c=h**3
        d=x1*b % p    # 1M   d=x1*h**2
e=y1*c % p    # 1M   e=y1*h**3

x3 = (a-c-2*d)    % p   # 0M   r**2 - h**3 - 2*x1*h**2
        y3 = (r*(d-x3)-e) % p   # 1M   r*(x1*h**2 - x3) - y1*h**3
z3 = h                  # 0M   x2-x1
This is the classic "mixed" jacobian-affine addition (with Z1 and Z2 = 1)   ("A"+"A" --> J)
I use only affine coordinates (for the operands), because I know already all coordinates of any points kG, G, 2G, mG, 2048G, this is the first advantage of this method.

function symmetric(x1,y1,x2,y2,x3,z3inv,z3inv2)
This function exploits the symmetry of kG+mG / kG-mG respect of kG
 
--> input: kG, mG, kG+mG (all in affine coordinates!), (z3)^-1 and (z3)^-2 of kG+mG  

--> output: kG-mG (in affine coordinates)

-->  4M (including jacobian to affine)

Code:
def symmetric(x1,y1,x2,y2,x3,z3inv,z3inv2):

x4 = (x3+4*(y1*y2)*z3inv2)       % p   #2M
y4 = (z3inv*(x4-x1)*(y1+y2) -y1) % p   #2M
  
        return x4,y4


If kG = (x1,y1), mG = (x2,y2) ,  kG+mG = (x3,y3) then you have:

kG-mG = (x4,y4) = (  x3+4*y1*y2)/(x2-x1)^2  ,  (x4-x1)*(y1+y2)/(x2-x1)  -y1 )
*******************************************************************

First compute kG (in affine coordinates, I changed my mind) (remember: my k stands for your k+2048)

You could compute then:

1) first k+1, k+2, k+3, ..., k+2048  ("A"+"A"->"J")    4M + 2S for each point with the function add_a_a_j
2) then jacobian to affine change  6M + 1S for 2048 points (you have already this function, don't look at mine for that)
3) then you compute k-1, k-2, k-3, ...., k-4, k-2048 ( at 1) you have to memorize the inverse of k+1,k+2,k+3,... to do that): 4M using the function symmetric.

Total: 14M + 3S for 2 points,  7M + 1,5S for each point (including jacobian to affine)

I didn't took care of the generation of the first point, k*G (more precisely: (k+2048)G)

With my proposal you have to perform 2 inverse for batch, 1 to get (k+2048)G in affine coordinates, 1 to the points from k+2049 to k+4096. You save then 3M x 2048 points (at least)

-----------------------------------------------------------------------------------------------------------------------------
EDIT:  maybe an another improvement is possible: if we use the symmetric function for generate all points?

If we have kG and kG+mG (and mG) --> we get kG-mG and viceversa  (with symmetric function)

if we have kG and kG-mG (and mG)  --> we get kG+mG .

Now, if we have kG+mG and kG (and mG), we can get kG+2mG!   Shocked

Infact kG and kG+2mG are symmetric respect to the point kG+mG    kG=(kG+mG)-mG, kG+2mG=(kG+mG)+mG


The only problem is: we don't have yet kG+mG in affine coordinates, I have to do some computations... maybe tomorrow  
1542296646
Hero Member
*
Offline Offline

Posts: 1542296646

View Profile Personal Message (Offline)

Ignore
1542296646
Reply with quote  #2

1542296646
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542296646
Hero Member
*
Offline Offline

Posts: 1542296646

View Profile Personal Message (Offline)

Ignore
1542296646
Reply with quote  #2

1542296646
Report to moderator
becoin
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009



View Profile
January 31, 2017, 05:00:38 PM
 #402

Hurry up! You must find something before bitcoin breaks $10000!
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
January 31, 2017, 05:20:13 PM
 #403

I made a very simple python script, 2 files --> https://www.dropbox.com/s/j84xr2ypa5zplry/ecc_for_collider.zip?dl=0

ecc_for_collider.py  (a very small library)
gen_couple_points.py (a test program, it computes kG+mG, kG-mG, given kG and mG)

The script works  Smiley

For a very special definition of "works".  Wink

I spent some quality time with it and best I came up with was:

Code:
$ python gen_couple_points.py
kG
0xbfcdf2
0xa884186c5d47633c9b58ae542b8b6797230c8e67808ade960793d4bc0e546cd3
0xd74beb0250afe97f2d1ab66a02e689447b87a2df62383f4717b9452607a9b4ff
*******
mG
0x1d1
0x87be732373bd4b738627fb63bd4d50bfd6f2bb81f804b52829549fe93fe1ac2e
0xf6a9186ff147b9b5ffc844b2ec0e255a1ae5537d75624288ce8421f87e94e1a4
*******
kG+mG
V: 115792089237316195423570985008687907853269984665640564039457584007908834671663
U: 100968868457032376717032254508194871768455479323471896895268685981853755980682
V: 100968868457032376717032254508194871768455479323471896895268685981853755980682
U: 0.0
Traceback (most recent call last):
  File "gen_couple_points.py", line 34, in <module>
    kmx, kmy = jac_to_aff(jkmx, jkmy, jkmz)  # 3M for the inverse + (1S + 3M) to normalize x and y -> 6M + 1S         
  File "/data/soft/lin/LBC/generator/HRD/arulbero-ECC/ecc_for_collider.py", line 84, in jac_to_aff
    invjaz=inv(jaz,p)       
  File "/data/soft/lin/LBC/generator/HRD/arulbero-ECC/ecc_for_collider.py", line 33, in inv
    q = v/u
ZeroDivisionError: float division by zero

I have Python 3.6.0 on my system, so I gave the prints braces, removed the TABs from the files and included a print in the while:

Code:
def inv(a,p):   
        u, v = a%p, p
        x1, x2 = 1, 0
        while u != 1 :
                print("V:",v)
                print("U:", u)
                q = v/u
                r = v-q*u
                x = x2-q*x1
                v = u
                u = r
                x2 = x1
                x1 = x
        return x1%p

to see what's going on with u. I will debug a little bit more, so if you have any hints what to do, please tell. Else JFYI.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
arulbero
Legendary
*
Offline Offline

Activity: 1081
Merit: 1176


View Profile
January 31, 2017, 05:26:46 PM
 #404

This is my output:

Code:
antonio@ubuntu:~/src/python$ ./gen_couple_points.py
kG
0xbfcdf2
0xa884186c5d47633c9b58ae542b8b6797230c8e67808ade960793d4bc0e546cd3L
0xd74beb0250afe97f2d1ab66a02e689447b87a2df62383f4717b9452607a9b4ffL
*******
mG
0x1d1
0x87be732373bd4b738627fb63bd4d50bfd6f2bb81f804b52829549fe93fe1ac2eL
0xf6a9186ff147b9b5ffc844b2ec0e255a1ae5537d75624288ce8421f87e94e1a4L
*******
kG+mG
0xbfcfc3
0xc6292537e08b2fcad6e378b1673c446f279bed612ba928ad63d05cf6bbb8165L
0x3a744f5375e3207a53345975fc610cea7fb47dd738307e26d86e5d6bb775197dL
*******
kG-mG
0xbfcc21
0x893c80077fa3d8fcdc1fd6db146a389fec56e312bba27c3f7b3380c636a85e60L
0x6e8da51c1c82ffdbc0073bfcc00463cc50ec9dbf237efbb275503cf64886b5afL
*******

Try  v//u instead of v/u, we have different versions of python.
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
January 31, 2017, 05:39:18 PM
 #405

Try  v//u instead of v/u, we have different versions of python.

Yep - // did the job. The output is the same. I try to cast this into C and integrate it in the code so far.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
TooDumbForBitcoin
Legendary
*
Offline Offline

Activity: 1554
Merit: 1001


best digital asset exchange


View Profile
January 31, 2017, 05:50:23 PM
 #406

Hurry up! You must find something before bitcoin breaks $10000!

I think what this poster is trying to say is:

"you should not be doing this so transparently.  It would be better if you did this privately and clandestinely so that no one knew about this kind of activity"

"the fact that collisions are computationally possible makes it a moral or ethical choice whether to investigate them or refrain from investigating them.  My moral or ethical choices are different from yours, and superior to yours, and I am superior to you"

"a search of my post history will reveal what interesting or impactful bitcoin projects I have worked on.  Please perform this search to evaluate what functional value I bring to the bitcoin technical space"


                ▄▄█▄
             ▄█████████▄
           ▐██▀  ███ ▀▀██
           ▐█    ███   ▐█
           ▐█   ▄███▄  ▐█
           ▐█████████████
        ▄▄██████▀███▀██████▄▄
        █▀▀ █    ███   ▐▌ ▀██
        █▌  █    ███   ▐▌  ▐█
        █▄▄▄█████████████▄▄██
     ██████████████████████████▄
     █▀ ▐▌  █    ███   ▐▌  █  ▐█
     █  ▐▌  █    ███   ▐▌  ▐  ▐█
     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████
     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█
     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█
     ██████▄█▄   ███  ▄▐█▄██████
     ▀▀███████████████████████▀▀
          ▀▀█████████████▀▀
               ▀▀▀█▀▀
                       ▄             ▓▓    ▓▓      ▓ ▓▓
                   ▐▓  ▓▌        ▓   ▓▓    ▓▓     ▓▓▓▓▓▓▓▄▄
                 ▄▄▐▓▄ ▓▌▓  ▄  ▐▓▓▓▓ ▓▓▓   ▓▓▓▓▄▓▓▓▓▓▓▓▓▓▓▓        ▓▌
               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▄▄
               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▌
             ▄▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▀▀            ▀▀▀▀▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
             ▓▓▓▓▓▓▓▓▀▀▀                                         ▀▀▀▓▓▓▓▓▓
           ▄▓▓▀▀                                                        ▀▀▀▓▄▄
       ▄ ▀                                                                    ▀▀▄

.........CRYPTO SOUK
                ▄▄█▄
             ▄█████████▄
           ▐██▀  ███ ▀▀██
           ▐█    ███   ▐█
           ▐█   ▄███▄  ▐█
           ▐█████████████
        ▄▄██████▀███▀██████▄▄
        █▀▀ █    ███   ▐▌ ▀██
        █▌  █    ███   ▐▌  ▐█
        █▄▄▄█████████████▄▄██
     ██████████████████████████▄
     █▀ ▐▌  █    ███   ▐▌  █  ▐█
     █  ▐▌  █    ███   ▐▌  ▐  ▐█
     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████
     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█
     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█
     ██████▄█▄   ███  ▄▐█▄██████
     ▀▀███████████████████████▀▀
          ▀▀█████████████▀▀
               ▀▀▀█▀▀
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
February 01, 2017, 08:59:18 AM
 #407

What to do with https://blockchain.info/address/164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N?

1. Shall we leave it as is and everyone believes the pool has found the private key?
2. Shall we do the usual transfer to custody and publish the private key?
3. Shall we leave it there and just publish the private key?

Personally I vote for 2. In the hope the rightful owner notices this and comes back to us - hopefully with a different private key.
1. won't give us a chance to get any alternate key. 3. could and I'd personally compensate the rightful owner in case the funds were transferred by someone else (which 100% they would - so might as well go with 2.)



Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
shifty252
Full Member
***
Offline Offline

Activity: 170
Merit: 101


View Profile
February 01, 2017, 09:19:14 AM
 #408

What to do with https://blockchain.info/address/164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N?

1. Shall we leave it as is and everyone believes the pool has found the private key?
2. Shall we do the usual transfer to custody and publish the private key?
3. Shall we leave it there and just publish the private key?

Personally I vote for 2. In the hope the rightful owner notices this and comes back to us - hopefully with a different private key.
1. won't give us a chance to get any alternate key. 3. could and I'd personally compensate the rightful owner in case the funds were transferred by someone else (which 100% they would - so might as well go with 2.)



Rico


Voting for 2 also.
yo-blin
Legendary
*
Offline Offline

Activity: 2380
Merit: 1011



View Profile
February 01, 2017, 09:45:26 AM
 #409

What to do with https://blockchain.info/address/164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N?

1. Shall we leave it as is and everyone believes the pool has found the private key?
2. Shall we do the usual transfer to custody and publish the private key?
3. Shall we leave it there and just publish the private key?

Voting for 2

Sign for rent, COБИPAЮ MERIT! Smiley

NVC: 4YoBLincaRdAEG4v8tbZ4T26ZnKbT9SBsu
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
February 01, 2017, 06:58:41 PM
 #410

So:

1)

164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N funds are on their way to custody at 1CTota4HeLLEgg5x5jv5xxp3Rw2SqTdKiW
see - https://blockchain.info/tx/2f00dc3f462f406ec8e96f402dbc0c342f36b69425c28e6ab0472fe0b62119a6

2)

There is a new BLF file (170201) on the FTP server, upon restart, your LBC clients should patch your blf files.

3)

Pool at 70+ Mkeys/s  (edit: 64Mkeys/s = 500 000 pages on directory.io per second, we are now at 74 Mkeys/s)

4)

Oh yes - and the private key to 164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N is 0xe09c93a2ec81


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
johnsmithx
Hero Member
*****
Offline Offline

Activity: 587
Merit: 507

I don't buy nor sell anything here and never will.


View Profile
February 01, 2017, 10:01:45 PM
 #411

Hi,

I read a bit about this project at lbc.cryptoguru.org and (addressing anybody and everybody who is doing this) I have a few questions:

1. The "About" section claims that the reason "why" is because somebody said it wasn't possible. That certainly makes sense but once the first "collision" was found the point was proven and there is nothing to prove anymore so why keep going?

2. If a "collision" is found the amount (if any) is "misplaced" (i.e. stolen) into so-called custodial address. The reason for that is because when the discovery is announced somebody else could quickly find the same and steal it. And the reason why the discovery is announced in the first place is.. to prove the point that has already been proven? Again, why this whole thing still keeps going? To prove the point was a valid and perfectly understandable reason. What valid reason is there now?

3. The webpages are full of "rightful owner" this, "rightful ownership" that, but how is this rightful owner supposed to find out about what really happened, i.e. that they in fact weren't robbed, they were just "robbed"? Assuming that every owner of bitcoins in the whole world will somehow magically become aware of some random thread at some random Internet forum and from now on will be anxiously reading it every day for the rest of their lives is just insane. From their point of view their bitcoins were stolen, end of story.
Now this is somewhat an uncharted territory but the same way as manufacturing, sale etc. of some weapons is illegal, and also developing and distributing of software to circumvent copy protection schemes (cracks) is in some jurisdictions illegal, it's not unreasonable to imagine that this software might be deemed illegal in some jurisdictions as well and everybody participating (abetting) might face criminal prosecution. So yet again, since the original goal was already reached is it really worth it to keep going and risk all the possible repercussions?

4. So far only empty or almost empty addresses have been found but what will happen when some reasonable amount (hundreds or thousands BTC) is found? Will the "announcing" and "misplacing" happen again? If somebody has such an amount in one address they are either stupid or they have many similarly loaded addresses. If the latter is the case then aren't you afraid what may happen to you and your dear ones if you piss off the wrong people? I don't see it entirely unrealistic if some angry criminals tracked you down and murdered you and your whole family, and they will most certainly not care one single bit about your "proving the point", "custodial address" etc. bullshit. Internet is not as anonymous as you might think. Is it really worth it to keep doing something that doesn't have any upside, only many downsides?
Maybe you don't value your own life but do you really have the right to put other innocent human beings in grave danger? Maybe you don't have any family, maybe you don't have any friends, but those murderers won't really investigate your personal life, they will just murder you and whoever will be near you at the moment. To make an example of you, to discourage others. Sure the probability of this happening is very low but so is the probability of being shot by a stray bullet, dying in a car/train/airplane fatal accident etc. etc., and yet all those things happen to people on daily basis.

5. When you get a hit do you also test derived addresses, i.e. assuming what you just found might be the top of a HD tree? Since the hit frequency seems to be quite low the slowdown would be negligible.

My list of 44(+1) reviewed Bitcoin forks | You don't have to download the pre-fork blockchain again for each fork! | Beware of fraudulent AWS accounts sellers and dangerous edu AWS codes! + My personal list of legit sellers and scammers | Never publicly reveal your btc addresses, ownership or any other details and stay very far away from anybody who asks you to! | The general rule of safe buying is: if the seller is a newbie, with no reputation, with no topic nor trust feedback, offering no vouches and/or selling from a locked or self-moderated topic and unwilling to go first or use escrow => AVOID. Always check the trust feedback first and make sure that you have enabled "Show untrusted feedback by default" in "Profile / Forum Profile Information".
TooDumbForBitcoin
Legendary
*
Offline Offline

Activity: 1554
Merit: 1001


best digital asset exchange


View Profile
February 01, 2017, 10:57:35 PM
 #412

Hi,

I read a bit about this project at lbc.cryptoguru.org and (addressing anybody and everybody who is doing this) I have a few questions:




Should they stop, or just assert they stopped and continue in private?  

How do you propose this "stopping" be demonstrated, or enforced?  My understanding is there are now several people who have the functional software. (Am I wrong?  Can only thread OP actually test-for-success the work submitted by pool participants?)

Also, while at least three people have expressed dismay at this public exercise, and urged, implicitly or otherwise, it's cessation - does anyone have the responsibility for seeking out persons (if any) engaged in an identical non-public effort?  

                ▄▄█▄
             ▄█████████▄
           ▐██▀  ███ ▀▀██
           ▐█    ███   ▐█
           ▐█   ▄███▄  ▐█
           ▐█████████████
        ▄▄██████▀███▀██████▄▄
        █▀▀ █    ███   ▐▌ ▀██
        █▌  █    ███   ▐▌  ▐█
        █▄▄▄█████████████▄▄██
     ██████████████████████████▄
     █▀ ▐▌  █    ███   ▐▌  █  ▐█
     █  ▐▌  █    ███   ▐▌  ▐  ▐█
     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████
     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█
     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█
     ██████▄█▄   ███  ▄▐█▄██████
     ▀▀███████████████████████▀▀
          ▀▀█████████████▀▀
               ▀▀▀█▀▀
                       ▄             ▓▓    ▓▓      ▓ ▓▓
                   ▐▓  ▓▌        ▓   ▓▓    ▓▓     ▓▓▓▓▓▓▓▄▄
                 ▄▄▐▓▄ ▓▌▓  ▄  ▐▓▓▓▓ ▓▓▓   ▓▓▓▓▄▓▓▓▓▓▓▓▓▓▓▓        ▓▌
               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▄▄
               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▌
             ▄▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▀▀            ▀▀▀▀▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
             ▓▓▓▓▓▓▓▓▀▀▀                                         ▀▀▀▓▓▓▓▓▓
           ▄▓▓▀▀                                                        ▀▀▀▓▄▄
       ▄ ▀                                                                    ▀▀▄

.........CRYPTO SOUK
                ▄▄█▄
             ▄█████████▄
           ▐██▀  ███ ▀▀██
           ▐█    ███   ▐█
           ▐█   ▄███▄  ▐█
           ▐█████████████
        ▄▄██████▀███▀██████▄▄
        █▀▀ █    ███   ▐▌ ▀██
        █▌  █    ███   ▐▌  ▐█
        █▄▄▄█████████████▄▄██
     ██████████████████████████▄
     █▀ ▐▌  █    ███   ▐▌  █  ▐█
     █  ▐▌  █    ███   ▐▌  ▐  ▐█
     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████
     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█
     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█
     ██████▄█▄   ███  ▄▐█▄██████
     ▀▀███████████████████████▀▀
          ▀▀█████████████▀▀
               ▀▀▀█▀▀
becoin
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009



View Profile
February 01, 2017, 11:26:03 PM
 #413

Hi,

I read a bit about this project at lbc.cryptoguru.org and (addressing anybody and everybody who is doing this) I have a few questions:

1. The "About" section claims that the reason "why" is because somebody said it wasn't possible. That certainly makes sense but once the first "collision" was found the point was proven and there is nothing to prove anymore so why keep going?


The point is it's not a collision that is found. The privkey is guessed because 1) it was generated with some crappy RNG, 2) very weak brain wallet pass was used, or 3) address simply belongs to same people that "found" it. In short, the cryptoguru doesn't know what does collision mean.
privatenode
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile WWW
February 02, 2017, 03:10:27 AM
 #414

Rico, i made this website, there's a thread about directory with balance need CORS here, and the author lost his source code. so i made this from directory original code.

https://bitcointalk.org/index.php?topic=1774983
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
February 02, 2017, 07:06:23 AM
 #415

1. The "About" section claims that the reason "why" is because somebody said it wasn't possible. That certainly makes sense but once the first "collision" was found the point was proven and there is nothing to prove anymore so why keep going?

A collision is found as soon as you have two different private keys that evaluate to the same Address.
We found two addresses with funds, the keys are weird (either broken RNG or real collisions of a "regular private key") but up to now no one came with an alternate key - so we cannot be sure it's a collision.

Quote
2. If a "collision" is found the amount (if any) is "misplaced" (i.e. stolen) into so-called custodial address. The reason for that is because when the discovery is announced somebody else could quickly find the same and steal it. And the reason why the discovery is announced in the first place is.. to prove the point that has already been proven? Again, why this whole thing still keeps going? To prove the point was a valid and perfectly understandable reason. What valid reason is there now?

If we simply announce the private key and the funds stay where they are - they are gone and no one knows who drained them (simply the person who was quickest). By the process of transferring them to a custodial address and announcing we can "protect them". Now I believe that let alone the announcing of having found something and stating the custodial addresses should make it dead clear that this is not some stealing. If anybody wanted to steal - why make it public? I really get tired of having to explain this.


Quote
3. The webpages are full of "rightful owner" this, "rightful ownership" that, but how is this rightful owner supposed to find out about what really happened, i.e. that they in fact weren't robbed, they were just "robbed"?

How about you look at: https://blockchain.info/address/1PVwqUXrD5phy6gWrqJUrhpsPiBkTnftGg

Quote
Assuming that every owner of bitcoins in the whole world will somehow magically become aware of some random thread at some random Internet forum and from now on will be anxiously reading it every day for the rest of their lives is just insane.

Have you read https://blockchain.info/address/1PVwqUXrD5phy6gWrqJUrhpsPiBkTnftGg already?

As for checking a "random thread" somewhere: I believe when LBC finds some more addresses, it will not be a "random thread" somewhere, but a quite well known thread. Also the development is not finished yet. I may set up a RSS feed for https://lbc.cryptoguru.org/trophies.

Quote
4. So far only empty or almost empty addresses have been found but what will happen when some reasonable amount (hundreds or thousands BTC) is found? Will the "announcing" and "misplacing" happen again?

As far as I am concerned - yes.

Quote
If somebody has such an amount in one address they are either stupid or they have many similarly loaded addresses. If the latter is the case then aren't you afraid what may happen to you and your dear ones if you piss off the wrong people? I don't see it entirely unrealistic if some angry criminals tracked you down and murdered you and your whole family, and they will most certainly not care one single bit about your "proving the point", "custodial address" etc. bullshit.

Ok - I think we can stop it here, because your choice of words proves you are not here to have questions, you have some opinion already. You also watch movies too much.

But just for the fun of it, to entertain your "army of hitmen coming after me and my friends": If anything like that was to happen. And it's a big IF because the pool would have to find something, actually my client would have to, so I would do the custodial transfer, they would have to find out who I am (which is the easiest part), they would have to be totally dumb (but criminals often are) to not simply get their funds back by providing their alternate private key....

I certainly hope they would not be as dumb as to killing me immediately, but torture me 1st for the private key of the custodial address.  Wink
Because else - you know - they would need LBC to find that.  Cheesy


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
February 02, 2017, 07:13:41 AM
 #416

The pool just cracked it's all time high (98 Mkeys/s) and rising...


becoin ... oh becoin

The point is it's not a collision that is found. The privkey is guessed because 1) it was generated with some crappy RNG, 2) very weak brain wallet pass was used, or 3) address simply belongs to same people that "found" it. In short, the cryptoguru doesn't know what does collision mean.

Quoted for future reference.

Everybody (including me) knows that a collision is found when two different private keys to the same address are found. You are most welcome to set up a project to find a collision as you think it should be done. Teach us more becoin - how would you do it?

...


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
SlarkBoy
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
February 02, 2017, 07:54:32 AM
 #417

wow HeavenlyCreatures use gpu maybe  Cheesy
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
February 02, 2017, 08:16:15 AM
 #418

wow HeavenlyCreatures use gpu maybe  Cheesy

Unlikely - looks more like 200 140 CPUs, but the pool key generation rate is rising hard.
We just broke the magical 128 Mkeys/s - which is equivalent of searching 1 million pages on directory.io per second!

The pool performance shown is a 48h median, current (fluctuating) speed is above 200 Mkeys/s, with that rate, we will hit #49 of the puzzle transaction in less than a week.


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary
*
Offline Offline

Activity: 1064
Merit: 1022


฿ → ∞


View Profile WWW
February 02, 2017, 09:09:55 AM
 #419

Thanks for your insight -  it's a benefaction for me to see someone who understands.

How do you propose this "stopping" be demonstrated, or enforced?  My understanding is there are now several people who have the functional software. (Am I wrong?  Can only thread OP actually test-for-success the work submitted by pool participants?)

All of the checking is being done with the clients and they are out there. So if today/tomorrow the LBC pool ceased to exist, all the clients could continue to work with manual address spaces.

Code:
./LBC -c cpus -p from-to

They could agree on distributing the search space among them via email, carrier pigeon or smoke signals. Probably sooner or later someone came up with some neat IT solution that replaced the smoke signals, put some stats on some webpage...


Quote
Also, while at least three people have expressed dismay at this public exercise, and urged, implicitly or otherwise, it's cessation - does anyone have the responsibility for seeking out persons (if any) engaged in an identical non-public effort?  

becoin said he'd spend the rest of his life on this holy crusade. Yes, that's what he said.


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
yo-blin
Legendary
*
Offline Offline

Activity: 2380
Merit: 1011



View Profile
February 02, 2017, 01:23:49 PM
 #420

Why client wrote
Quote
Server doesn't like us. Answer: wrong secret

Sign for rent, COБИPAЮ MERIT! Smiley

NVC: 4YoBLincaRdAEG4v8tbZ4T26ZnKbT9SBsu
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!