This message was too old and has been purged

[BurtW]

Calling it a theoretical attack is a stretch.  I would prefer to say he has just "proven" the truism:  If I reduce the private key space enough then, of course, I can find the private keys.

[1715606003]

1715606003

[1715606003]

1715606003

[1715606003]

1715606003

[Blaater]

To put this into perspective:

[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine going to a particular spot in some country with a magnifying glass and identifying a particular sand grain

[3] - now move out from that sandgrain and identify the 5 sand grains **touching** the one you spotted with your magnifying glass. These are the "weak address" sandgrains

[4] - now imagine an astronaut orbiting the planet who lands at some random location and picks themselves a random sandgrain at their landing spot

Now you can see that the chance of collision with one of the 'weak addresses' is almost the same as the chance of collision with the primary address = no weakness at all.

Forget about it. The issue is of theoretical interest only.

But the real question is, if you make a special software that would make a big 'rainbow table', how long would it take before you get 0.1% of 'rendez-vous' points mapped? Would that be impossible or just take a good amount of time but still possible.

[Evil-Knievel]

This message was too old and has been purged

[prezbo]

Maybe some more correct explanation.


[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine someone picks a private key which we assume to be our sandgrain and hides is somewhere on any beach on this planet. Lets further assume this sandgrain is painted blue.

[3] - Searching for this particular sand grain is computationally infeasible. But let us say you have placed a colored tennis ball (each with a different color) on each of the world's beaches.

[4] - now imagine you send out 100.000 people to all the beaches of the world simultaneously. If one of these people finds a blue tennis ball somewhere, you can recover the private key.

It's slightly better, but still computationally infeasible.

[FiatKiller]

EK, eagerly awaiting you to hack one of the addresses for 50 BTC. ;-)

I don't understand this stuff enough yet to have an opinion whether it's likely, but
fascinated to see what plays out.

[BurtW]

EK, eagerly awaiting you to hack one of the addresses for 50 BTC. ;-)

Don't hold your breath.

[BurtW]

Maybe some more correct explanation.

[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine someone picks a private key which we assume to be our sandgrain and hides is somewhere on any beach on this planet. Lets further assume this sandgrain is painted blue.

[3] - Searching for this particular sand grain is computationally infeasible. But let us say you have placed a colored tennis ball (each with a different color) on each of the world's beaches.

[4] - now imagine you send out 100.000 people to all the beaches of the world simultaneously. If one of these people finds a blue tennis ball somewhere, you can recover the private key.

How did the private key (blue grain of sand) magically get placed near enough to the blue tennis ball (known point) to be able to be found in a reasonable amount of time?

[Rampion]

So this random addy I grabbed off of blockchain.info currently has BTC15.14013694 in it. Since it has sent BTC before, it's public key is now shown, and thus hackable?

Can you prove it by finding the private key yourself, and moving BTC0.00123456 out and back into the address? I want to see a show.

Interesting. Let's see what Evil can pull out from this.

[gadman2]

This thread will go no where unless he proves himself with gmaxwells bounty.

[Ritual]

Hmmm....from the explanations offered in this thread, would I be correct in thinking:

The generator code allowed for 20million keys each side of a set (i.e. known) rendezvous point. So for each, this is 40 million keys.

Evil appears to have started with 768 points, and is mining thousands more on his other thread.

So let's say that we end up in a month with a million rendezvous points total. This would give us a total number of crackable keys = 40 million * 1 million.

So 40000000000000. That's a big number. Very big. But...

The namespace is 2^160 keys (I think - please correct me if that's wrong), and the number above is insignificant to the point of meaninglessness in that context.

Please correct me if I'm wrong. I'm trying to pick up this stuff as I go along

Rit.

[onzoom]

First the boring but true bit

There is no risk whatsoever in revealing your Public Key.

There is no need to change your Wallet Address

You do not choose your private key. The private key is not weak.
.


Now the fun bit

Maybe some more correct explanation.


[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine someone picks a private key which we assume to be our sandgrain and hides is somewhere on any beach on this planet. Lets further assume this sandgrain is painted blue.

[3] - Searching for this particular sand grain is computationally infeasible. But let us say you have placed a colored tennis ball (each with a different color) on each of the world's beaches.

[4] - now imagine you send out 100.000 people to all the beaches of the world simultaneously. If one of these people finds a blue tennis ball somewhere, you can recover the private key.

[1]  most of the sand is under the sea or in a desert
[2]  someone carefully paints a grain of sand blue before hiding it underneath  some of this sand
[3]  now rather than trekking through oceans and deserts I do a world tour of beaches carelessly littering a load of balls
[4]  I send 100,000 people to all the beaches in the world to find my favourite blue ball (which is pretty cruel since i know where I placed the blue ball) Reunited with my favourite blue tennis ball I celebrate by typing dumpprivkey into the console of my bitcoin wallet and recover my private key



On reflection the most relevant comment on this thread is summarised by the last four words of point [3]

[piotr_n]

I find this thread very interesting.

From myself (since I suck in math these days), I can only add one thing here, though more of a philosophical matter:
There is no way anyone would ever break this curve, without first assuming that the curve can be broken.
At the other hand, assuming that this curve cannot and will never be broken, is the most irresponsible thing a bitcoin holder can do.

Of course currently EK can only crack a tiny (statistically almost non-existent) part of all the possible keys out there.
But he is obviously doing some more research.
From what I see, the guy is literally gathering a statistical data, hoping that maybe there is something about this curve that would make the balls more likely to end up in a certain places on the earth.
It might be a dead end, but you cannot blame him for trying. I personally appreciate it.

[itod]

From what I see, the guy is literally gathering a statistical data, hoping that maybe there is something about this curve that would make the balls more likely to end up in a certain places on the earth.
It might be a dead end, but you cannot blame him for trying. I personally appreciate it.

From http://stargate.bitwarrant.com/science/

Live Key Counter: 51012 keys submitted so far.
What Do I Actually See Here?
We are generating random Bitcoin addresses, that match (in the least significant 32 bits) a few of our rendezvous points on the elliptic curve (read more). Bitcoin addresses themselves are just points on this very elliptic curve. Now if the distribution of BTC addresses is completely random, we should experience a totally balanced distribution of hit rendezvous points (The bar-chart on the right hand side shows these rendezvous points and their distribution).

Time will tell, how random BTC addresses actually are. If the right "point cloud" evolves to a straight blue line, our BTC adresses should be safe. Hence if it doesn't, this will open new topics to be discussed.

Dozens off us with many machines are helping him gather this data, we'll see the results in the paper.

[piotr_n]

Dozens off us with many machines are helping him gather this data, we'll see the results in the paper.

Exactly. It is a highly valuable project, because even if it fails, it still proves something.

Unlike the "there is nothing suspicious about secp256k1 params" or "your tool cannot crack my key" approach - which is totally useless and may be even dangerous, since it strengthens confidence in the technology that uses assumptions, which no sane mathematician would bet his life on.

Besides, if you don't try to break the things that others consider unbreakable, even though there is no proof of them being actually unbreakable - then what kind of fun your life is?

[BurtW]

That looks like great/fun/useful? research into the properties of the RNG used to generate the data.  Might be interesting.  Have no problem with that part of it.  What I have a problem with is his marketing and sales:

[WTS] OpenCL Based, Optimized BTC Private-Key Cracker with Sources [WITH VIDEO]

[FiatKiller]

Can I ask a fine point about reusing address?

When you send your coins to a new address to be safe, can it be in the same wallet or does it have to be a new wallet?

I know say it does not matter, but what the heck. Might as well CYA as much as possible. lol

thanks

[piotr_n]

That looks like great/fun/useful? research into the properties of the RNG used to generate the data.

As I said, I suck at math, but my understanding of this project is that it is a statistical analysis of how the value of the least significant 32 bits of... something (but which has definitely nothing to with RNG), can be projected into the most efficient set of a specific randezvouz points, to be (eventually) used for bruteforcing secp256k1 keys.


EDIT:

Have no problem with that part of it.  What I have a problem with is his marketing and sales:
Quote
[WTS] OpenCL Based, Optimized BTC Private-Key Cracker with Sources [WITH VIDEO]

Well, it's not like anyone bought this tool, is it? It looks like a good ad, though.

One day when I pointed out that nobody cares about my working bitcoin client in Go while everyone was very excited about another one only announced to be made - one guy came to tell me that my software only matters as much, as my marketing is worth.. and there is something about it

[prezbo]

Of course currently EK can only crack a tiny (statistically almost non-existent) part of all the possible keys out there.
But he is obviously doing some more research.
From what I see, the guy is literally gathering a statistical data, hoping that maybe there is something about this curve that would make the balls more likely to end up in a certain places on the earth.
It might be a dead end, but you cannot blame him for trying. I personally appreciate it.

It is a dead end, because he's using old techniques, that were already proven how efficient they are.

[itod]

That looks like great/fun/useful? research into the properties of the RNG used to generate the data.

As I said, I suck at math, but my understanding of this project is that it is a statistical analysis of how the value of the least significant 32 bits of... something (but which has definitely nothing to with RNG), can be projected into the most efficient set of a specific randezvouz point, to be (eventually) used for bruteforcing secp256k1 keys.

Exactly, RNG has nothing to do with it, which is often overlooked because people are used to faulty RNG being the usual suspect. RNG quality on machines generating the triplets is unimportant, because all generated private keys are sieved against an array of predefined values, and if matched is later used in the analysis.

Edit: X EC coordinate (first half of the public key) is calculated, and if last 1/4 of that X-coord matches any value in the array produced triplet is submitted.

Dozens off us with many machines are helping him gather this data, we'll see the results in the paper.

Exactly. It is a highly valuable project, because even if it fails, it still proves something.

Unlike the "there is nothing suspicious about secp256k1 params" or "your tool cannot crack my key" approach - which is totally useless and may be even dangerous, since it strengthens confidence in the technology that uses assumptions, which no sane mathematician would bet his life on.

+1

[gmaxwell]

From what I see, the guy is literally gathering a statistical data, hoping that maybe there is something about this curve that would make the balls more likely to end up in a certain places on the earth.

But, of course, there isn't. The group is complete, all $ORDER points are reachable by multiplying the generator from 1..$ORDER-1. Some points _can't_ be more likely than others as a property of the curve with a uniform input, or otherwise some points would be unreachable (obvious by the pigeonhole principle) and the order would be less.

Dozens off us with many machines are helping him gather this data, we'll see the results in the paper.

Exactly. It is a highly valuable project, because even if it fails, it still proves something.

All it does is reaffirms is that the world is full of fuzzy headed reactionary thinkers, unscrupulous parties, and pump-and-dumpers looking to cash in on hysteria.

Itod, you realize that the software you're running is indistinguishable from a cracker of EC keys, right?  I mean— no real reason to believe that anyone will find anything, but...