Bitcoin Forum
July 03, 2024, 06:30:30 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Marketplace > Services > Pretty Addy Giveaway - part 2
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20]  All
« previous topic next topic »
  Print  
Author Topic: Pretty Addy Giveaway - part 2  (Read 49019 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic. (4 posts by 1+ user deleted.)
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18588


View Profile
July 24, 2022, 08:23:40 AM
Last edit: July 24, 2022, 11:41:36 AM by o_e_l_e_o
Merited by DarkStar_ (10)
 #381
Quote from: DarkStar_ on July 23, 2022, 08:24:05 PM
I do see a GitHub issue where someone asked if symmetry and endomorphism optimizations could be turned off when doing split-key generation for a third party, so I wonder if that could be related.
Yeah, I think it might be. I tested my theory above by using the private key 0000....0001 on bitaddress, and then using the associated public key on VanitySearch. Out of 10 keys I generated, only 2 of them correctly combined on bitaddress (although obviously all combined correctly on VanitySearch). So obviously it is not related to modulo n, since it would be impossible to have 8 different keys which are all greater than n when added to the private key 0000....0001.

Edit: Poked around the code and found the culprit: https://github.com/JeanLucPons/VanitySearch/blob/c8d48ce5f03f5357c0e87cbdb3e1e93cd50af88b/main.cpp#L314

So when combining partial keys, VanitySearch simply checks all 6 combinations of symmetry and endomorphism and then returns whichever key matches the address in the text file. bitaddress.org obviously doesn't do this and just does a straight addition.

Here is how you would use bitaddress to find the right key:

Vk will be the partial private key generated by VanitySearch, while Bk will be the partial private key generated by the user on bitaddress. L1 and L2 will refer to the values below, as specified here: https://github.com/JeanLucPons/VanitySearch/blob/c8d48ce5f03f5357c0e87cbdb3e1e93cd50af88b/main.cpp#L255

Code:
L1 = 5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72
L2 = ac9c52b33fa3cf1f5ad9e3fd77ed9ba4a880b9fc8ec739c2e0cfc810b51283ce

The six combinations that VanitySearch checks are as follows:

Code:
Vk + Bk
Vk + (Bk*L1)
Vk + (Bk*L2)
Vk - Bk
Vk - (Bk*L1)
Vk - (Bk*L2)

You can actually work all this out using a combination of bitaddress's add and multiply functions, as well as knowing how to negate a private key modulo n (which is just n minus your privkey), but it doesn't seem like there would be any easy way to explain this to a user who doesn't really understand what they are doing without huge potential for error. The only other option would be to disable symmetry and endomorphism when searching for a key in VanitySearch.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20]  All
  Print  
Bitcoin Forum > Economy > Marketplace > Services > Pretty Addy Giveaway - part 2
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!