Bitcoin Forum
November 15, 2018, 03:44:06 PM
 News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 Home Help Search Login Register More
 Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 Author Topic: Large Bitcoin Collider (Collision Finders Pool)  (Read 164397 times)
arulbero
Legendary

Offline

Activity: 1081
Merit: 1176

 January 31, 2017, 04:18:17 PMMerited by Makkara (4)

....
2. Outside the Box

IMO, for any substantial optimizations, it is required to think outside the box. The box here being the libsecp256k1 library. This library provides us with an API - a set of functions - which is functionally complete, but may sometimes be obstructive for certain tasks. If you look at the use case from above, it would certainly be nice if we had a function that could efficiently sum up affine points into jacobian.

That's why I started to hack my own libsecp256k1, extending it with functionality for the LBC use case (public key generation).

I made a very simple python script, 2 files --> https://www.dropbox.com/s/xr2ypa5zplry/ecc_for_collider.zip?dl=0

ecc_for_collider.py  (a very small library)
gen_couple_points.py (a test program, it computes kG+mG, kG-mG, given kG and mG)

The script works

*********************************************************************
ecc_for_collider.py

--> input kG=(x1,y1) , mG=(x2,y2)

--> output kG + mG = (x3,y3,z3)    (0<m<2049)

--> 4M + 2S
Code:
h=(x2-x1)  % p
r=(y2-y1)  % p

a=r**2 % p    # 1S
b=h**2 % p    # 1S
c=b*h  % p    # 1M   c=h**3
d=x1*b % p    # 1M   d=x1*h**2
e=y1*c % p    # 1M   e=y1*h**3

x3 = (a-c-2*d)    % p   # 0M   r**2 - h**3 - 2*x1*h**2
y3 = (r*(d-x3)-e) % p   # 1M   r*(x1*h**2 - x3) - y1*h**3
z3 = h                  # 0M   x2-x1
This is the classic "mixed" jacobian-affine addition (with Z1 and Z2 = 1)   ("A"+"A" --> J)
I use only affine coordinates (for the operands), because I know already all coordinates of any points kG, G, 2G, mG, 2048G, this is the first advantage of this method.

function symmetric(x1,y1,x2,y2,x3,z3inv,z3inv2)
This function exploits the symmetry of kG+mG / kG-mG respect of kG

--> input: kG, mG, kG+mG (all in affine coordinates!), (z3)^-1 and (z3)^-2 of kG+mG

--> output: kG-mG (in affine coordinates)

-->  4M (including jacobian to affine)

Code:
def symmetric(x1,y1,x2,y2,x3,z3inv,z3inv2):

x4 = (x3+4*(y1*y2)*z3inv2)       % p   #2M
y4 = (z3inv*(x4-x1)*(y1+y2) -y1) % p   #2M

return x4,y4

If kG = (x1,y1), mG = (x2,y2) ,  kG+mG = (x3,y3) then you have:

kG-mG = (x4,y4) = (  x3+4*y1*y2)/(x2-x1)^2  ,  (x4-x1)*(y1+y2)/(x2-x1)  -y1 )
*******************************************************************

First compute kG (in affine coordinates, I changed my mind) (remember: my k stands for your k+2048)

You could compute then:

1) first k+1, k+2, k+3, ..., k+2048  ("A"+"A"->"J")    4M + 2S for each point with the function add_a_a_j
2) then jacobian to affine change  6M + 1S for 2048 points (you have already this function, don't look at mine for that)
3) then you compute k-1, k-2, k-3, ...., k-4, k-2048 ( at 1) you have to memorize the inverse of k+1,k+2,k+3,... to do that): 4M using the function symmetric.

Total: 14M + 3S for 2 points,  7M + 1,5S for each point (including jacobian to affine)

I didn't took care of the generation of the first point, k*G (more precisely: (k+2048)G)

With my proposal you have to perform 2 inverse for batch, 1 to get (k+2048)G in affine coordinates, 1 to the points from k+2049 to k+4096. You save then 3M x 2048 points (at least)

-----------------------------------------------------------------------------------------------------------------------------
EDIT:  maybe an another improvement is possible: if we use the symmetric function for generate all points?

If we have kG and kG+mG (and mG) --> we get kG-mG and viceversa  (with symmetric function)

if we have kG and kG-mG (and mG)  --> we get kG+mG .

Now, if we have kG+mG and kG (and mG), we can get kG+2mG!

Infact kG and kG+2mG are symmetric respect to the point kG+mG    kG=(kG+mG)-mG, kG+2mG=(kG+mG)+mG

The only problem is: we don't have yet kG+mG in affine coordinates, I have to do some computations... maybe tomorrow
1542296646
Hero Member

Offline

Posts: 1542296646

Ignore
 1542296646

1542296646
 Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542296646
Hero Member

Offline

Posts: 1542296646

Ignore
 1542296646

1542296646
 Report to moderator
becoin
Legendary

Offline

Activity: 2128
Merit: 1009

 January 31, 2017, 05:00:38 PM

Hurry up! You must find something before bitcoin breaks \$10000!
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 January 31, 2017, 05:20:13 PM

I made a very simple python script, 2 files --> https://www.dropbox.com/s/j84xr2ypa5zplry/ecc_for_collider.zip?dl=0

ecc_for_collider.py  (a very small library)
gen_couple_points.py (a test program, it computes kG+mG, kG-mG, given kG and mG)

The script works

For a very special definition of "works".

I spent some quality time with it and best I came up with was:

Code:
\$ python gen_couple_points.py
kG
0xbfcdf2
0xd74beb0250afe97f2d1ab66a02e689447b87a2df62383f4717b9452607a9b4ff
*******
mG
0x1d1
0x87be732373bd4b738627fb63bd4d50bfd6f2bb81f804b52829549fe93fe1ac2e
0xf6a9186ff147b9b5ffc844b2ec0e255a1ae5537d75624288ce8421f87e94e1a4
*******
kG+mG
V: 115792089237316195423570985008687907853269984665640564039457584007908834671663
U: 100968868457032376717032254508194871768455479323471896895268685981853755980682
V: 100968868457032376717032254508194871768455479323471896895268685981853755980682
U: 0.0
Traceback (most recent call last):
File "gen_couple_points.py", line 34, in <module>
kmx, kmy = jac_to_aff(jkmx, jkmy, jkmz)  # 3M for the inverse + (1S + 3M) to normalize x and y -> 6M + 1S
File "/data/soft/lin/LBC/generator/HRD/arulbero-ECC/ecc_for_collider.py", line 84, in jac_to_aff
invjaz=inv(jaz,p)
File "/data/soft/lin/LBC/generator/HRD/arulbero-ECC/ecc_for_collider.py", line 33, in inv
q = v/u
ZeroDivisionError: float division by zero

I have Python 3.6.0 on my system, so I gave the prints braces, removed the TABs from the files and included a print in the while:

Code:
def inv(a,p):
u, v = a%p, p
x1, x2 = 1, 0
while u != 1 :
print("V:",v)
print("U:", u)
q = v/u
r = v-q*u
x = x2-q*x1
v = u
u = r
x2 = x1
x1 = x
return x1%p

to see what's going on with u. I will debug a little bit more, so if you have any hints what to do, please tell. Else JFYI.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
arulbero
Legendary

Offline

Activity: 1081
Merit: 1176

 January 31, 2017, 05:26:46 PM

This is my output:

Code:
antonio@ubuntu:~/src/python\$ ./gen_couple_points.py
kG
0xbfcdf2
0xd74beb0250afe97f2d1ab66a02e689447b87a2df62383f4717b9452607a9b4ffL
*******
mG
0x1d1
0x87be732373bd4b738627fb63bd4d50bfd6f2bb81f804b52829549fe93fe1ac2eL
0xf6a9186ff147b9b5ffc844b2ec0e255a1ae5537d75624288ce8421f87e94e1a4L
*******
kG+mG
0xbfcfc3
0x3a744f5375e3207a53345975fc610cea7fb47dd738307e26d86e5d6bb775197dL
*******
kG-mG
0xbfcc21
0x893c80077fa3d8fcdc1fd6db146a389fec56e312bba27c3f7b3380c636a85e60L
0x6e8da51c1c82ffdbc0073bfcc00463cc50ec9dbf237efbb275503cf64886b5afL
*******

Try  v//u instead of v/u, we have different versions of python.
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 January 31, 2017, 05:39:18 PM

Try  v//u instead of v/u, we have different versions of python.

Yep - // did the job. The output is the same. I try to cast this into C and integrate it in the code so far.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
TooDumbForBitcoin
Legendary

Offline

Activity: 1554
Merit: 1001

best digital asset exchange

 January 31, 2017, 05:50:23 PM

Hurry up! You must find something before bitcoin breaks \$10000!

I think what this poster is trying to say is:

"you should not be doing this so transparently.  It would be better if you did this privately and clandestinely so that no one knew about this kind of activity"

"the fact that collisions are computationally possible makes it a moral or ethical choice whether to investigate them or refrain from investigating them.  My moral or ethical choices are different from yours, and superior to yours, and I am superior to you"

"a search of my post history will reveal what interesting or impactful bitcoin projects I have worked on.  Please perform this search to evaluate what functional value I bring to the bitcoin technical space"

 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄best digital asset exchange. focuses on the needs of novice traders. ▄▄█▄             ▄█████████▄           ▐██▀  ███ ▀▀██           ▐█    ███   ▐█           ▐█   ▄███▄  ▐█           ▐█████████████        ▄▄██████▀███▀██████▄▄        █▀▀ █    ███   ▐▌ ▀██        █▌  █    ███   ▐▌  ▐█        █▄▄▄█████████████▄▄██     ██████████████████████████▄     █▀ ▐▌  █    ███   ▐▌  █  ▐█     █  ▐▌  █    ███   ▐▌  ▐  ▐█     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█     ██████▄█▄   ███  ▄▐█▄██████     ▀▀███████████████████████▀▀          ▀▀█████████████▀▀               ▀▀▀█▀▀ ▄             ▓▓    ▓▓      ▓ ▓▓                   ▐▓  ▓▌        ▓   ▓▓    ▓▓     ▓▓▓▓▓▓▓▄▄                 ▄▄▐▓▄ ▓▌▓  ▄  ▐▓▓▓▓ ▓▓▓   ▓▓▓▓▄▓▓▓▓▓▓▓▓▓▓▓        ▓▌               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▄▄               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▌             ▄▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▀▀            ▀▀▀▀▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓             ▓▓▓▓▓▓▓▓▀▀▀                                         ▀▀▀▓▓▓▓▓▓           ▄▓▓▀▀                                                        ▀▀▀▓▄▄       ▄ ▀                                                                    ▀▀▄.........CRYPTO SOUK ▄▄█▄             ▄█████████▄           ▐██▀  ███ ▀▀██           ▐█    ███   ▐█           ▐█   ▄███▄  ▐█           ▐█████████████        ▄▄██████▀███▀██████▄▄        █▀▀ █    ███   ▐▌ ▀██        █▌  █    ███   ▐▌  ▐█        █▄▄▄█████████████▄▄██     ██████████████████████████▄     █▀ ▐▌  █    ███   ▐▌  █  ▐█     █  ▐▌  █    ███   ▐▌  ▐  ▐█     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█     ██████▄█▄   ███  ▄▐█▄██████     ▀▀███████████████████████▀▀          ▀▀█████████████▀▀               ▀▀▀█▀▀
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 February 01, 2017, 08:59:18 AM

1. Shall we leave it as is and everyone believes the pool has found the private key?
2. Shall we do the usual transfer to custody and publish the private key?
3. Shall we leave it there and just publish the private key?

Personally I vote for 2. In the hope the rightful owner notices this and comes back to us - hopefully with a different private key.
1. won't give us a chance to get any alternate key. 3. could and I'd personally compensate the rightful owner in case the funds were transferred by someone else (which 100% they would - so might as well go with 2.)

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
shifty252
Full Member

Offline

Activity: 170
Merit: 101

 February 01, 2017, 09:19:14 AM

1. Shall we leave it as is and everyone believes the pool has found the private key?
2. Shall we do the usual transfer to custody and publish the private key?
3. Shall we leave it there and just publish the private key?

Personally I vote for 2. In the hope the rightful owner notices this and comes back to us - hopefully with a different private key.
1. won't give us a chance to get any alternate key. 3. could and I'd personally compensate the rightful owner in case the funds were transferred by someone else (which 100% they would - so might as well go with 2.)

Rico

Voting for 2 also.
yo-blin
Legendary

Offline

Activity: 2380
Merit: 1011

 February 01, 2017, 09:45:26 AM

1. Shall we leave it as is and everyone believes the pool has found the private key?
2. Shall we do the usual transfer to custody and publish the private key?
3. Shall we leave it there and just publish the private key?

Voting for 2

Sign for rent, COБИPAЮ MERIT!

NVC: 4YoBLincaRdAEG4v8tbZ4T26ZnKbT9SBsu
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 February 01, 2017, 06:58:41 PM

So:

1)

164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N funds are on their way to custody at 1CTota4HeLLEgg5x5jv5xxp3Rw2SqTdKiW
see - https://blockchain.info/tx/2f00dc3f462f406ec8e96f402dbc0c342f36b69425c28e6ab0472fe0b62119a6

2)

There is a new BLF file (170201) on the FTP server, upon restart, your LBC clients should patch your blf files.

3)

Pool at 70+ Mkeys/s  (edit: 64Mkeys/s = 500 000 pages on directory.io per second, we are now at 74 Mkeys/s)

4)

Oh yes - and the private key to 164kvbiwxEq3wfeUWLSdxBuQeAyMhyFe4N is 0xe09c93a2ec81

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
johnsmithx
Hero Member

Offline

Activity: 587
Merit: 507

I don't buy nor sell anything here and never will.

 February 01, 2017, 10:01:45 PM

Hi,

1. The "About" section claims that the reason "why" is because somebody said it wasn't possible. That certainly makes sense but once the first "collision" was found the point was proven and there is nothing to prove anymore so why keep going?

2. If a "collision" is found the amount (if any) is "misplaced" (i.e. stolen) into so-called custodial address. The reason for that is because when the discovery is announced somebody else could quickly find the same and steal it. And the reason why the discovery is announced in the first place is.. to prove the point that has already been proven? Again, why this whole thing still keeps going? To prove the point was a valid and perfectly understandable reason. What valid reason is there now?

3. The webpages are full of "rightful owner" this, "rightful ownership" that, but how is this rightful owner supposed to find out about what really happened, i.e. that they in fact weren't robbed, they were just "robbed"? Assuming that every owner of bitcoins in the whole world will somehow magically become aware of some random thread at some random Internet forum and from now on will be anxiously reading it every day for the rest of their lives is just insane. From their point of view their bitcoins were stolen, end of story.
Now this is somewhat an uncharted territory but the same way as manufacturing, sale etc. of some weapons is illegal, and also developing and distributing of software to circumvent copy protection schemes (cracks) is in some jurisdictions illegal, it's not unreasonable to imagine that this software might be deemed illegal in some jurisdictions as well and everybody participating (abetting) might face criminal prosecution. So yet again, since the original goal was already reached is it really worth it to keep going and risk all the possible repercussions?

4. So far only empty or almost empty addresses have been found but what will happen when some reasonable amount (hundreds or thousands BTC) is found? Will the "announcing" and "misplacing" happen again? If somebody has such an amount in one address they are either stupid or they have many similarly loaded addresses. If the latter is the case then aren't you afraid what may happen to you and your dear ones if you piss off the wrong people? I don't see it entirely unrealistic if some angry criminals tracked you down and murdered you and your whole family, and they will most certainly not care one single bit about your "proving the point", "custodial address" etc. bullshit. Internet is not as anonymous as you might think. Is it really worth it to keep doing something that doesn't have any upside, only many downsides?
Maybe you don't value your own life but do you really have the right to put other innocent human beings in grave danger? Maybe you don't have any family, maybe you don't have any friends, but those murderers won't really investigate your personal life, they will just murder you and whoever will be near you at the moment. To make an example of you, to discourage others. Sure the probability of this happening is very low but so is the probability of being shot by a stray bullet, dying in a car/train/airplane fatal accident etc. etc., and yet all those things happen to people on daily basis.

5. When you get a hit do you also test derived addresses, i.e. assuming what you just found might be the top of a HD tree? Since the hit frequency seems to be quite low the slowdown would be negligible.

My list of 44(+1) reviewed Bitcoin forks | You don't have to download the pre-fork blockchain again for each fork! | Beware of fraudulent AWS accounts sellers and dangerous edu AWS codes! + My personal list of legit sellers and scammers | Never publicly reveal your btc addresses, ownership or any other details and stay very far away from anybody who asks you to! | The general rule of safe buying is: if the seller is a newbie, with no reputation, with no topic nor trust feedback, offering no vouches and/or selling from a locked or self-moderated topic and unwilling to go first or use escrow => AVOID. Always check the trust feedback first and make sure that you have enabled "Show untrusted feedback by default" in "Profile / Forum Profile Information".
TooDumbForBitcoin
Legendary

Offline

Activity: 1554
Merit: 1001

best digital asset exchange

 February 01, 2017, 10:57:35 PM

Hi,

Should they stop, or just assert they stopped and continue in private?

How do you propose this "stopping" be demonstrated, or enforced?  My understanding is there are now several people who have the functional software. (Am I wrong?  Can only thread OP actually test-for-success the work submitted by pool participants?)

Also, while at least three people have expressed dismay at this public exercise, and urged, implicitly or otherwise, it's cessation - does anyone have the responsibility for seeking out persons (if any) engaged in an identical non-public effort?

 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄best digital asset exchange. focuses on the needs of novice traders. ▄▄█▄             ▄█████████▄           ▐██▀  ███ ▀▀██           ▐█    ███   ▐█           ▐█   ▄███▄  ▐█           ▐█████████████        ▄▄██████▀███▀██████▄▄        █▀▀ █    ███   ▐▌ ▀██        █▌  █    ███   ▐▌  ▐█        █▄▄▄█████████████▄▄██     ██████████████████████████▄     █▀ ▐▌  █    ███   ▐▌  █  ▐█     █  ▐▌  █    ███   ▐▌  ▐  ▐█     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█     ██████▄█▄   ███  ▄▐█▄██████     ▀▀███████████████████████▀▀          ▀▀█████████████▀▀               ▀▀▀█▀▀ ▄             ▓▓    ▓▓      ▓ ▓▓                   ▐▓  ▓▌        ▓   ▓▓    ▓▓     ▓▓▓▓▓▓▓▄▄                 ▄▄▐▓▄ ▓▌▓  ▄  ▐▓▓▓▓ ▓▓▓   ▓▓▓▓▄▓▓▓▓▓▓▓▓▓▓▓        ▓▌               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▄▄               ▓▓▓▓▓▓▓▓▓▌▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▌             ▄▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▀▀            ▀▀▀▀▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓             ▓▓▓▓▓▓▓▓▀▀▀                                         ▀▀▀▓▓▓▓▓▓           ▄▓▓▀▀                                                        ▀▀▀▓▄▄       ▄ ▀                                                                    ▀▀▄.........CRYPTO SOUK ▄▄█▄             ▄█████████▄           ▐██▀  ███ ▀▀██           ▐█    ███   ▐█           ▐█   ▄███▄  ▐█           ▐█████████████        ▄▄██████▀███▀██████▄▄        █▀▀ █    ███   ▐▌ ▀██        █▌  █    ███   ▐▌  ▐█        █▄▄▄█████████████▄▄██     ██████████████████████████▄     █▀ ▐▌  █    ███   ▐▌  █  ▐█     █  ▐▌  █    ███   ▐▌  ▐  ▐█     █████▄▄█▄▄▄▄███▄▄▄██▄▄█████     █   ▌  █▀▀▀▀███▀▀▀▐▌  ▐  ▐█     █▄ ▐▌  █    ███   ▐▌  ▐  ▐█     ██████▄█▄   ███  ▄▐█▄██████     ▀▀███████████████████████▀▀          ▀▀█████████████▀▀               ▀▀▀█▀▀
becoin
Legendary

Offline

Activity: 2128
Merit: 1009

 February 01, 2017, 11:26:03 PM

Hi,

1. The "About" section claims that the reason "why" is because somebody said it wasn't possible. That certainly makes sense but once the first "collision" was found the point was proven and there is nothing to prove anymore so why keep going?

The point is it's not a collision that is found. The privkey is guessed because 1) it was generated with some crappy RNG, 2) very weak brain wallet pass was used, or 3) address simply belongs to same people that "found" it. In short, the cryptoguru doesn't know what does collision mean.
privatenode
Newbie

Offline

Activity: 23
Merit: 0

 February 02, 2017, 03:10:27 AM

Rico, i made this website, there's a thread about directory with balance need CORS here, and the author lost his source code. so i made this from directory original code.

https://bitcointalk.org/index.php?topic=1774983
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 February 02, 2017, 07:06:23 AM

1. The "About" section claims that the reason "why" is because somebody said it wasn't possible. That certainly makes sense but once the first "collision" was found the point was proven and there is nothing to prove anymore so why keep going?

A collision is found as soon as you have two different private keys that evaluate to the same Address.
We found two addresses with funds, the keys are weird (either broken RNG or real collisions of a "regular private key") but up to now no one came with an alternate key - so we cannot be sure it's a collision.

Quote
2. If a "collision" is found the amount (if any) is "misplaced" (i.e. stolen) into so-called custodial address. The reason for that is because when the discovery is announced somebody else could quickly find the same and steal it. And the reason why the discovery is announced in the first place is.. to prove the point that has already been proven? Again, why this whole thing still keeps going? To prove the point was a valid and perfectly understandable reason. What valid reason is there now?

If we simply announce the private key and the funds stay where they are - they are gone and no one knows who drained them (simply the person who was quickest). By the process of transferring them to a custodial address and announcing we can "protect them". Now I believe that let alone the announcing of having found something and stating the custodial addresses should make it dead clear that this is not some stealing. If anybody wanted to steal - why make it public? I really get tired of having to explain this.

Quote
3. The webpages are full of "rightful owner" this, "rightful ownership" that, but how is this rightful owner supposed to find out about what really happened, i.e. that they in fact weren't robbed, they were just "robbed"?

Quote
Assuming that every owner of bitcoins in the whole world will somehow magically become aware of some random thread at some random Internet forum and from now on will be anxiously reading it every day for the rest of their lives is just insane.

As for checking a "random thread" somewhere: I believe when LBC finds some more addresses, it will not be a "random thread" somewhere, but a quite well known thread. Also the development is not finished yet. I may set up a RSS feed for https://lbc.cryptoguru.org/trophies.

Quote
4. So far only empty or almost empty addresses have been found but what will happen when some reasonable amount (hundreds or thousands BTC) is found? Will the "announcing" and "misplacing" happen again?

As far as I am concerned - yes.

Quote
If somebody has such an amount in one address they are either stupid or they have many similarly loaded addresses. If the latter is the case then aren't you afraid what may happen to you and your dear ones if you piss off the wrong people? I don't see it entirely unrealistic if some angry criminals tracked you down and murdered you and your whole family, and they will most certainly not care one single bit about your "proving the point", "custodial address" etc. bullshit.

Ok - I think we can stop it here, because your choice of words proves you are not here to have questions, you have some opinion already. You also watch movies too much.

But just for the fun of it, to entertain your "army of hitmen coming after me and my friends": If anything like that was to happen. And it's a big IF because the pool would have to find something, actually my client would have to, so I would do the custodial transfer, they would have to find out who I am (which is the easiest part), they would have to be totally dumb (but criminals often are) to not simply get their funds back by providing their alternate private key....

I certainly hope they would not be as dumb as to killing me immediately, but torture me 1st for the private key of the custodial address.
Because else - you know - they would need LBC to find that.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 February 02, 2017, 07:13:41 AM

The pool just cracked it's all time high (98 Mkeys/s) and rising...

becoin ... oh becoin

The point is it's not a collision that is found. The privkey is guessed because 1) it was generated with some crappy RNG, 2) very weak brain wallet pass was used, or 3) address simply belongs to same people that "found" it. In short, the cryptoguru doesn't know what does collision mean.

Quoted for future reference.

Everybody (including me) knows that a collision is found when two different private keys to the same address are found. You are most welcome to set up a project to find a collision as you think it should be done. Teach us more becoin - how would you do it?

...

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
SlarkBoy
Member

Offline

Activity: 100
Merit: 10

 February 02, 2017, 07:54:32 AM

wow HeavenlyCreatures use gpu maybe
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 February 02, 2017, 08:16:15 AM

wow HeavenlyCreatures use gpu maybe

Unlikely - looks more like 200 140 CPUs, but the pool key generation rate is rising hard.
We just broke the magical 128 Mkeys/s - which is equivalent of searching 1 million pages on directory.io per second!

The pool performance shown is a 48h median, current (fluctuating) speed is above 200 Mkeys/s, with that rate, we will hit #49 of the puzzle transaction in less than a week.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary

Offline

Activity: 1064
Merit: 1022

฿ → ∞

 February 02, 2017, 09:09:55 AM

Thanks for your insight -  it's a benefaction for me to see someone who understands.

How do you propose this "stopping" be demonstrated, or enforced?  My understanding is there are now several people who have the functional software. (Am I wrong?  Can only thread OP actually test-for-success the work submitted by pool participants?)

All of the checking is being done with the clients and they are out there. So if today/tomorrow the LBC pool ceased to exist, all the clients could continue to work with manual address spaces.

Code:
./LBC -c cpus -p from-to

They could agree on distributing the search space among them via email, carrier pigeon or smoke signals. Probably sooner or later someone came up with some neat IT solution that replaced the smoke signals, put some stats on some webpage...

Quote
Also, while at least three people have expressed dismay at this public exercise, and urged, implicitly or otherwise, it's cessation - does anyone have the responsibility for seeking out persons (if any) engaged in an identical non-public effort?

becoin said he'd spend the rest of his life on this holy crusade. Yes, that's what he said.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
yo-blin
Legendary

Offline

Activity: 2380
Merit: 1011

 February 02, 2017, 01:23:49 PM

Why client wrote
Quote
Server doesn't like us. Answer: wrong secret

Sign for rent, COБИPAЮ MERIT!

NVC: 4YoBLincaRdAEG4v8tbZ4T26ZnKbT9SBsu
 Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57