[ARCHIVE] Bitcoin challenge discusion

[Bajula]

After a night of searching the answer to the question bothering me (and not finding the answer), I can get the answer here ... The issue concerns the address 105 which has outgoing transactions and to which I know the pub (in HEX). How should I convert it to a string consisting ONLY OF NUMBERS .... From these patterns my head is already breaking and the level of knowledge in this direction has not changed. He understands that this is the index value 'x' or 'y', that for these addresses we have only 'y' because it's compressed, etc., but where do the DEC values ​​come from in various Python scripts? Guest gives to try to find a value in the range of 2 ^ 20, giving me the index value 'y' consisting of 155 digits ...
I tried to transform it in a different way and I have no chance to approach this number ... it does not even occur to me what can be converted 33-character hex string being a compressed publickey to give it 155 digits being ... well, ... what other than the index? :-)
I apologize in advance for a vague description, but as I mentioned at the beginning ... the whole night does its job. Greetings!

https://iancoleman.io/bitcoin-key-compression/

or

Code:

import bitcoin as b
pubkey = b.decode_pubkey("03bcf7ce887ffca5e62c9cabbdb7ffa71dc183c52c04ff4ee5ee82e0c55c39d77b")
print("X:", hex(pubkey[0]), "Y:", hex(pubkey[1]))

Hehe It never even crossed my mind to import bitcoin - much better!

[1715429147]

1715429147

[1715429147]

1715429147

[1715429147]

1715429147

[zielar]

Thank you very much! I do not yet understand, however, where these values consisting of more than 150 SAME numbers come from. Converting hex to dec gives me a string of 77 characters. I could transform the logic to combine the DEC result from the first and the second and it will come out just right :-) but it probably does not work, because these strings usually also appear twice.

[pooya87]

The x coordinate and y coordinate are both binary numbers in the range 2²⁵⁶.

the max is also a little bit less than 2²⁵⁶ but unlike private keys the max is defined by P (the prime) not N (the curve order)

For the curve used for Bitcoin public keys it turns out that for every x coordinate there are two possible y coordinates.

that doesn't depend on which curve is used, as long as it is an elliptic curve it will be symmetrical about the x-axis so for each x there are 2 y values. which is due to the formula being y²=...

A compressed public key give you the x coordinate and the sign of the y coordinate so in order to convert it to a full public key you have to calculate the correct y coordinate from the x coordinate.

that is not exactly the "sign", the first byte being 2 or 3 indicates if y is even or odd respectively.
we don't actually use any signs in elliptic curve calculations since we are using modular arithmetic. for example if prime is 7 then we have
4 ≡ 11 ≡ 18 ≡ -3 ≡ -10 (mod 7)
by a "contract" we only use the smallest positive number meaning "4"

[BurtW]

The x coordinate and y coordinate are both binary numbers in the range 2²⁵⁶.

the max is also a little bit less than 2²⁵⁶ but unlike private keys the max is defined by P (the prime) not N (the curve order)

For the curve used for Bitcoin public keys it turns out that for every x coordinate there are two possible y coordinates.

that doesn't depend on which curve is used, as long as it is an elliptic curve it will be symmetrical about the x-axis so for each x there are 2 y values. which is due to the formula being y²=...

A compressed public key give you the x coordinate and the sign of the y coordinate so in order to convert it to a full public key you have to calculate the correct y coordinate from the x coordinate.

that is not exactly the "sign", the first byte being 2 or 3 indicates if y is even or odd respectively.
we don't actually use any signs in elliptic curve calculations since we are using modular arithmetic. for example if prime is 7 then we have
4 ≡ 11 ≡ 18 ≡ -3 ≡ -10 (mod 7)
by a "contract" we only use the smallest positive number meaning "4"

Thanks, I was trying to be a little less technical for zeilar since he is a total noob - I did not want to overwhelm him.

You points are all well taken.  Very good information for the more technical savvy in the audience.

Thank you very much! I do not yet understand, however, where these values consisting of more than 150 SAME numbers come from. Converting hex to dec gives me a string of 77 characters. I could transform the logic to combine the DEC result from the first and the second and it will come out just right :-) but it probably does not work, because these strings usually also appear twice.

I have absolutely no idea how to decipher your post so I cannot help you.  Good luck!

[ChefImGartenPavillion]

The x coordinate and y coordinate are both binary numbers in the range 2²⁵⁶.

the max is also a little bit less than 2²⁵⁶ but unlike private keys the max is defined by P (the prime) not N (the curve order)

For the curve used for Bitcoin public keys it turns out that for every x coordinate there are two possible y coordinates.

that doesn't depend on which curve is used, as long as it is an elliptic curve it will be symmetrical about the x-axis so for each x there are 2 y values. which is due to the formula being y²=...

A compressed public key give you the x coordinate and the sign of the y coordinate so in order to convert it to a full public key you have to calculate the correct y coordinate from the x coordinate.

that is not exactly the "sign", the first byte being 2 or 3 indicates if y is even or odd respectively.
we don't actually use any signs in elliptic curve calculations since we are using modular arithmetic. for example if prime is 7 then we have
4 ≡ 11 ≡ 18 ≡ -3 ≡ -10 (mod 7)
by a "contract" we only use the smallest positive number meaning "4"

Thanks, I was trying to be a little less technical for zeilar since he is a total noob - I did not want to overwhelm him.

You points are all well taken.  Very good information for the more technical savvy in the audience.

I'm trying to follow you guys, however, its quite difficult since I don't have any background knowledge. Its definitely quite interesting. Is there any good literature you could recommend to start with?

[itod]

The x coordinate and y coordinate are both binary numbers in the range 2²⁵⁶.

the max is also a little bit less than 2²⁵⁶ but unlike private keys the max is defined by P (the prime) not N (the curve order)

For the curve used for Bitcoin public keys it turns out that for every x coordinate there are two possible y coordinates.

that doesn't depend on which curve is used, as long as it is an elliptic curve it will be symmetrical about the x-axis so for each x there are 2 y values. which is due to the formula being y²=...

A compressed public key give you the x coordinate and the sign of the y coordinate so in order to convert it to a full public key you have to calculate the correct y coordinate from the x coordinate.

that is not exactly the "sign", the first byte being 2 or 3 indicates if y is even or odd respectively.
we don't actually use any signs in elliptic curve calculations since we are using modular arithmetic. for example if prime is 7 then we have
4 ≡ 11 ≡ 18 ≡ -3 ≡ -10 (mod 7)
by a "contract" we only use the smallest positive number meaning "4"

Thanks, I was trying to be a little less technical for zeilar since he is a total noob - I did not want to overwhelm him.

You points are all well taken.  Very good information for the more technical savvy in the audience.

I'm trying to follow you guys, however, its quite difficult since I don't have any background knowledge. Its definitely quite interesting. Is there any good literature you could recommend to start with?

There are ton of books on Elliptic curves, but they are not Bitcoin related. Best tutorial is famous 4-part series: Elliptic Curve Cryptography: a gentle introduction.

[supika]

When pollard kangaroo gpu script will be available for the crowd?

[zielar]

Code:

p = 11470374874925275658116663507232161402086650258453896274534991676898999262641581519101074740642369848233294239851519212341844337347119899874391456329785623
q = 335062023296420808191071248367701059461
j = 34233586850807404623475048381328686211071196701374230492615844865929237417097514638999377942356150481334217896204702
g = 117483621780776948851322623152941329604983290852776470044816799968190986256316556722568523187517506040883960831402919848784195399671137064998190231834559
y = 10709965516783081490573356698184657992418098658871683731914897364288781862793359484228879297315128529085240057591857301471581217507082588896460650496983734
z = 224029434095732291724690823

a = 0
b = (q-1)/z

def f(y):
    return pow(2, (y % k))

print 'a',a
print 'b',b
global k 
k = 20
print 'k is set to %d' % k

this is the beginning of an example of implementing kangaros polard ...
Wanting to understand and test it on the empty wallet with 2 ^ 65 to which we know the public key (x, y) how to get the target which is the private key ... in this example all values are in DEC ... I did not want to wake up before testing, but since I'm starting to make an idiot of myself by asking questions so little clear that when I read, I do not understand them myself - I've given above what I mean :-)

[Katamarani]

Code:

p = 11470374874925275658116663507232161402086650258453896274534991676898999262641581519101074740642369848233294239851519212341844337347119899874391456329785623
q = 335062023296420808191071248367701059461
j = 34233586850807404623475048381328686211071196701374230492615844865929237417097514638999377942356150481334217896204702
g = 117483621780776948851322623152941329604983290852776470044816799968190986256316556722568523187517506040883960831402919848784195399671137064998190231834559
y = 10709965516783081490573356698184657992418098658871683731914897364288781862793359484228879297315128529085240057591857301471581217507082588896460650496983734
z = 224029434095732291724690823

a = 0
b = (q-1)/z

def f(y):
    return pow(2, (y % k))

print 'a',a
print 'b',b
global k 
k = 20
print 'k is set to %d' % k

this is the beginning of an example of implementing kangaros polard ...
Wanting to understand and test it on the empty wallet with 2 ^ 65 to which we know the public key (x, y) how to get the target which is the private key ... in this example all values are in DEC ... I did not want to wake up before testing, but since I'm starting to make an idiot of myself by asking questions so little clear that when I read, I do not understand them myself - I've given above what I mean :-)

https://gist.github.com/natmchugh/7dbd7e4f7c55d915db1e

Drotika is the best but not free

drotika can't even solve the easy tests from the users here. you and drotika are the same person?

[zielar]

Code:

p = 11470374874925275658116663507232161402086650258453896274534991676898999262641581519101074740642369848233294239851519212341844337347119899874391456329785623
q = 335062023296420808191071248367701059461
j = 34233586850807404623475048381328686211071196701374230492615844865929237417097514638999377942356150481334217896204702
g = 117483621780776948851322623152941329604983290852776470044816799968190986256316556722568523187517506040883960831402919848784195399671137064998190231834559
y = 10709965516783081490573356698184657992418098658871683731914897364288781862793359484228879297315128529085240057591857301471581217507082588896460650496983734
z = 224029434095732291724690823

a = 0
b = (q-1)/z

def f(y):
    return pow(2, (y % k))

print 'a',a
print 'b',b
global k 
k = 20
print 'k is set to %d' % k

this is the beginning of an example of implementing kangaros polard ...
Wanting to understand and test it on the empty wallet with 2 ^ 65 to which we know the public key (x, y) how to get the target which is the private key ... in this example all values are in DEC ... I did not want to wake up before testing, but since I'm starting to make an idiot of myself by asking questions so little clear that when I read, I do not understand them myself - I've given above what I mean :-)

Can you write a sample here to find the one you want?
What values will we change?
Change it for what?
p ? q? J? g? ...

Dear children. Learn to read, or go outside, because monitors and smartphones freak out in your head and do damage to fiber optics. However, before you decide on the first good choice in your life - ask your parents to read the content of my post and tell me if they are interested in selling something or presenting the code in order to present the sale offer? Because from what I know myself and I can read and write - it is about asking for help in interpreting the code which I found at the link indicated by someone here.
The whole page of garbage from idiots, what do not you want to read!*
--
* - apart from thinking beings from this forum, who also placed here between these children
--
This thread is not a stallion, so if possible, I will be grateful if private interests were conducted - PRIVATE. Well, unless you sell to EVERYTHING, and the other one will pay for EVERYTHING, we look forward to it and we will keep our fingers crossed. I will not hide that my intuition tells me that this trade is a monologue of one and the same person

[Katamarani]

I also sell Pollard Kangaroo.
Test me please with 85 bit key.

What is the fee?

Test Address  85 bit
Public Key : 0322d1b4a9af22c3529d7e0822673386165ea71cd6d339ccd019afa5cecdf1f015
Compress Address: 1N4Nma9JLgtZ9Ju7R8Dida1JNSU9U8h1LJ

How much will it take?

Can you please check in python 2 and write:
import math
math.log(<PRIVATEKEY>, 2)

and check that it is 84.xxx?


edit: Your public key does not seem to be 85 bit.

The forum moderators here are not very competent so I will leave.
Zielar, if you want to team up and share 50%/50% please leave your contact details public somwhere here. Thank you.

[Katamarani]

I also sell Pollard Kangaroo.
Test me please with 85 bit key.

What is the fee?

Test Address  85 bit
Public Key : 0322d1b4a9af22c3529d7e0822673386165ea71cd6d339ccd019afa5cecdf1f015
Compress Address: 1N4Nma9JLgtZ9Ju7R8Dida1JNSU9U8h1LJ

How much will it take?

Can you please check in python 2 and write:
import math
math.log(<PRIVATEKEY>, 2)

and check that it is 84.xxx?


edit: Your public key does not seem to be 85 bit.

The forum moderators here are not very competent so I will leave.
Zielar, if you want to team up and share 50%/50% please leave your contact details public somwhere here. Thank you.

Address : 1N4Nma9JLgtZ9Ju7R8Dida1JNSU9U8h1LJ
Public Key : 0322d1b4a9af22c3529d7e0822673386165ea71cd6d339ccd019afa5cecdf1f015
Hex : 1d00fabe494734927bcb87
Decimal : 35063474166411505082026887
Private Key : KwDiBf89QgGbjEhKnhXJuH7LrciVrZmdZmWBWvnWDoE5Du2J4Ajf

85 bit?

Yes sorry my program sucks big time. Sorry for bothering.

[SlarkBoy]

Drotika: you can give me proof and solve the puzzel what i made for you with this tool what you sell.
i generate a 74 bit address tell me the priv key and i will buy instantly.
here is the compressed pub key.

02860383bb423be58e05694974bd9f509f6cf9d003c16360c1062cc417acd4270c

compressed address
1NfQBC3hcwugx4fFjkp6ugNC8ZmYGddMz

Hex:3ac312d01efaf8ce28f
Dec:17343482919897743024783
PrivKey:KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3wWPBhvjzRvU6EE3KaREb

https://imgur.com/a/I4u2TX2

pikachunakapika: 3Day pls 75Bit

Man, I really don't understand you. What is your goal in selling this script if it really works!?
WHY DONT YOU OPEN ALL KEYS from 61 -> whatever you can, if it takes you less time then others?
0.025 BTC price for script? Mate, if you open even #61 address you will cover ~24 buyers. ))
Why do you spend your time for prooving that your script does work? For the same time you could open #74 address and get the bounty!!!
Where is the logic???

If you sell your script to several people they will open all possible addresses (until the time required will be within an adequate range) in a days and then your scipt will just remain in a history of cracking.....

it can only find private keys that were deliberately chosen to be breakable. It cannot be used to recover your private key that was created by a bitcoin wallet.
This program has only academic value.
In the latter case, I don't want to spoil the challenge.
you are right I will not sell!

hey reply my private message.

[Hurtson]

Anyone try this program?

https://satoshidisk.com/pay/C74Tfg

Not free but the cost seems pretty reasonable to me (0.01500030 BTC)

can i try on windows 10 on cpu?

[supika]

Anyone try this program?

https://satoshidisk.com/pay/C74Tfg

Not free but the cost seems pretty reasonable to me (0.01500030 BTC)

can i try on windows 10 on cpu?

SCAM

[almightyruler]

I am interested to buy with other people, i can pay 0.005 BTC, any other 2 people interested to pay 0.005 BTC to get the Pollards kangaroo tool?
I can buy it myself if i get 0.005 BTC from 2 people.

That's not how buying software works.

[zielar]

Closing the subject of buying this carcass from droitka - I WOULD NOT RECOMMEND consideration of buying, because it is SURE one big cheat! Logical evidence for this:
1. Attempts to announce wherever possible (Wikipedia, GitHub ...) with public content (which confirms the fact that this person has neither a concept nor anything to offer)
2. It is offered on the principle of "dam ass for a bowl of soup", and for the offer to divide the profit for free code presentation - he is silent ... how do you think, why? because it is a cheat!
In accordance with the advice from an earlier post: I place a public offer consisting in explaining and presenting the principle of operation of the Pollard Kangaros method (eg on the example of address #65).
The cooperation will be based on the fact that in exchange for the clues to obtain keys to other addresses (105,110 etc.)
I offer the method with the use of which I have more than 100 pieces of GPU Tesla and the distribution of prizes obtained using this method 50/50.
I am open to all types of written contracts.

What does my offer result from and why do I suggest half?

The bill is simple:

• You have the right knowledge and the code that allows you to reach these spaces - 50%
• I have equipment on which your code will reach there soonest - 50%

Honestly true? :-)

The obligation applies to EVERY space 105, which has outgoing transactions (i.e. simply - using this method).
If anyone is interested - I give contact to me: zielar (at) poczta (dot) fm

If someone does not have a ready code, and has knowledge on the subject of "what is what" in the code I presented earlier - I will also be able to repay you in a decent manner if I stick this code myself thanks to this knowledge :-)

And I will summarize my decision on this offer briefly and clearly:
"it's better to get half a reward than not get it all!"

[racminer]

Closing the subject of buying this carcass from droitka - I WOULD NOT RECOMMEND consideration of buying, because it is SURE one big cheat! Logical evidence for this:
1. Attempts to announce wherever possible (Wikipedia, GitHub ...) with public content (which confirms the fact that this person has neither a concept nor anything to offer)
2. It is offered on the principle of "dam ass for a bowl of soup", and for the offer to divide the profit for free code presentation - he is silent ... how do you think, why? because it is a cheat!
In accordance with the advice from an earlier post: I place a public offer consisting in explaining and presenting the principle of operation of the Pollard Kangaros method (eg on the example of address #65).
The cooperation will be based on the fact that in exchange for the clues to obtain keys to other addresses (105,110 etc.)
I offer the method with the use of which I have more than 100 pieces of GPU Tesla and the distribution of prizes obtained using this method 50/50.
I am open to all types of written contracts.

What does my offer result from and why do I suggest half?

The bill is simple:

• You have the right knowledge and the code that allows you to reach these spaces - 50%
• I have equipment on which your code will reach there soonest - 50%

Honestly true? :-)

The obligation applies to EVERY space 105, which has outgoing transactions (i.e. simply - using this method).
If anyone is interested - I give contact to me: zielar (at) poczta (dot) fm

If someone does not have a ready code, and has knowledge on the subject of "what is what" in the code I presented earlier - I will also be able to repay you in a decent manner if I stick this code myself thanks to this knowledge :-)

And I will summarize my decision on this offer briefly and clearly:
"it's better to get half a reward than not get it all!"

This program has only academic value //
I will not sell the source code! sory

maybe I'll make it public at the end of the pazzul challenge.


100 pieces of GPU Tesla  it does not make sense
1 Cuda 10 gpu is enough for the program

Best regards
David Sunfellow

drotika = David Sunfellow   

[zielar]

Another fake. It's some child who is having fun and looking for gullible people. In previous statements, there was never a footer with greetings and a signature.
Greetings,
Santa Claus

[BurtW]

The x coordinate and y coordinate are both binary numbers in the range 2²⁵⁶.

the max is also a little bit less than 2²⁵⁶ but unlike private keys the max is defined by P (the prime) not N (the curve order)

After reading over the description of Pollard's kangaroo algorithm I think I understand it enough to be able to explain it to my 13 year old daughter so she can write the code as a fun educational exercise.  She is always looking for a good subject for her next science fair project and I think this would make a good one.

I have some questions about the PRF that someone might be able to answer.  

The only requirements listed in the article above are:

1) The PRF must map the finite cyclic group to "a set S of integers"
2) The PRF must be able to be changed in order to select a different S in order to create subsequent "kangaroos"

Since the length of the pseudorandom sequence is not specified I assumed 256 bits, is that reasonable?

So, it seems to me that f(X) = SHA256(X || nonce) where X is the binary representation of the the point X, || represents the concatenation operation, and the nonce is selected from a TRNG or is simply incremented would do the trick.

However this seems to be overkill and we want to do this as fast as possible.

Another option that comes to mind is to just define f(X) = (X + nonce) where X is the binary representation of the compressed form of X and the nonce is selected from a TRNG or is simply incremented.

What PRF is generally used?

Now that I think about this I think the science fair project could be something along the lines of measuring the conversion speed of various PRFs and PRF modification algorithms.  The data set would be all the cracked addresses in this thread, the independent variable would be various PRFs and different ways of modifying them to produce the next "kangaroo", and the dependent variable would be the total time it takes to re-crack all the known cracked addresses listed in this thread.