Secp256k1 PRO project for the search for private key collisions

[Secp256k1PRO]

The Secp256k1 PRO project was created as a search for private key collisions using the Pollard's kangaroo algorithm.

In early December, at a thematic forum:

https://bitcointalk.org/index.php?topic=5166284.msg52318676#msg52318676
https://bitcointalk.org/index.php?topic=5173445.msg52473992#msg52473992

It was proposed to give users a new puzzle and a new opportunity to get BTC coins by searching for private keys from a large list of compressed public keys.

https://drive.google.com/uc?id=1UpHRrhSll_OCp4GIvvk-bj3sTJwx6MtO&export=download
https://drive.google.com/uc?id=1_S9o5tFs4Nr37FkAx3HkbuVXqS8HqIAX&export=download

The amount is: 144 million public keys.
The most effective private key search tool is the Pollard's kangaroo algorithm.

Open source:

https://github.com/Telariust/vs-kangaroo
https://github.com/Telariust/pollard-kangaroo
https://github.com/Telariust/pollard-kangaroo-c99

Reward: For one private key found, you get one BTC coin.
1 PRIVKEY = 1 BTC // of 144,000,000 PUBKEY

Contact with the sender of coins: secp256k1pro@protonmail.com
Official website: https://secp256k1.pro

[1715255401]

1715255401

[1715255401]

1715255401

[gmaxwell]

This is almost certainly yet another set of malware links.

[MrFreeDragon]

This is almost certainly yet another set of malware links.

These links could be malware, but should not. I guess this post is like scam to use the computer power.

Let'sargue with logic and understand, why some anonymous person wants to pay 1BTC for the found private key? Nothing said about this. The author just said that there are 144 million public keys provided by him, and he pays 1BTC for any found private key. But why? He did not say about this... What is the source of the payment? Give the address with the signed message by the private key of that source address.

I beleive that the author used elliptic curve additions for the rich BTC address, and received 144 million public keys. All these 144 million public keys belong to zero balance addresses, however knowing any one private key to one of these 144 million public keys allow the author to access the target address.

If k is the private key from the target address, so its public key is Q = k*G. ithout knowing the k value, auhor created 144 million public keys adding some value to the public key, let's say m value. Hence, the calcaulted public key is P = Q + m*G, which is P = k*G + m*G = (k+m)*G = x*G, where x = k+m. The m value is known only by the author of this 144 million public key list. Private key for P public key not known as well as for target Q public key, but the author published 144 million values of P public keys. The followers of this "hidden scam" project will find the private key for P, and as they found it and provide it, the author could calculate the private key from the target address as k = x - m.

Proobably the target address has thousand of BTC, so the payment in the ammount of 1BTC will be easy.

This is "hidden scam", because actually the followers will crack the target address, not knowing what they are doing. Just thik for a while, what is the reason to pay 1BTC for the private key from the public key with the 0 balance?

PS. There are already some examples of the same "hidden" scam topics:
https://bitcointalk.org/index.php?topic=5060735.0
https://bitcointalk.org/index.php?topic=1306983.msg53030914#msg53030914
https://bitcointalk.org/index.php?topic=5166284.msg53065525#msg53065525

[BiThemis]

The Secp256k1 PRO project was created as a search for private key collisions using the Pollard's kangaroo algorithm.

In early December, at a thematic forum:

https://bitcointalk.org/index.php?topic=5166284.msg52318676#msg52318676
https://bitcointalk.org/index.php?topic=5173445.msg52473992#msg52473992

It was proposed to give users a new puzzle and a new opportunity to get BTC coins by searching for private keys from a large list of compressed public keys.

https://drive.google.com/uc?id=1UpHRrhSll_OCp4GIvvk-bj3sTJwx6MtO&export=download
https://drive.google.com/uc?id=1_S9o5tFs4Nr37FkAx3HkbuVXqS8HqIAX&export=download

The amount is: 144 million public keys.
The most effective private key search tool is the Pollard's kangaroo algorithm.

Open source:

https://github.com/Telariust/vs-kangaroo
https://github.com/Telariust/pollard-kangaroo
https://github.com/Telariust/pollard-kangaroo-c99

Reward: For one private key found, you get one BTC coin.
1 PRIVKEY = 1 BTC // of 144,000,000 PUBKEY

Contact with the sender of coins: secp256k1pro@protonmail.com
Official website: https://secp256k1.pro

GPU is suitable for this project. CUDA Software!!! The Slav brothers are already completely eager for battle
https://www.freelancer.com.ru/projects/python/Project-for-Nikola-21352048/details

[BiThemis]

Roughly there are 2^256 possible private key and 2^160 bitcoin address (excluding address with prefix 3 and bc1), so of course private key is possible.

P.S. please prove why Pollard's kangaroo algorithm is the most effective private key search tool

Pollard's kangaroo algorithm is a mathematical calculation. Brute Force is not very effectiveWith the help of enumeration, much less keys are checked. When busting, you waste time and computer power. And in mathematical calculation, you are ahead of time. All this is described in detail in the documents:

How pollard-kangaroo works, the Tame and Wild kangaroos, is a simple explanation.

Suppose there is pubkeyX, unknow privkeyX, but privkeyX is in range w=[L..U]. The keys have a property - if we increase pubkey by S, then its privkey will also increase by S. We start step-by-step to increase pubkeyX by S(i), keeping sumX(S(i)). This is a Wild kangaroo. We select a random privkeyT from range [L..U], compute pubkeyT. We start step-by-step to increment pubkeyT by S(i) while maintaining sumT(S(i)). This is a Tame kangaroo. The size of the jump S(i) is determined by the x coordinate of the current point, so if a Wild or Tame kangaroo lands on one point, their paths will merge. (we are concerned with pseudo random walks whose next step is determined by the current position) Thanks to the Birthday Paradox (Kruskal's card trick), their paths will one day meet. Knowing each traveled path (sumX and sumT), privkeyX is calculated. The number of jumps is approximately 2w1/2 group operations, which is much less than a full search w.

Kangaroos, Monopoly and Discrete Logarithms --> https://web.northeastern.edu/seigen/11Magic/KruskalsCount/PollardKangarooMonopoly.pdf

Using Pollard's kangaroo algorithm, you can’t crack all the addresses, but you can partially determine the desired private key from a huge list of public keys. Theoretical is possible!

[gmaxwell]

Let'sargue with logic and understand, why some anonymous person wants to pay 1BTC for the found private key? Nothing said about this. The author just said that there are 144 million public keys provided by him, and he pays 1BTC for any found private key. But why? He did not say about this... What is the source of the payment? Give the address with the signed message by the private key of that source address.

I beleive that the author used elliptic curve additions for the rich BTC address, and received 144 million public keys. All these 144 million public keys belong to zero balance addresses, however knowing any one private key to one of these 144 million public keys allow the author to access the target address.

What you're describing works out algebraically but not logically.

I can, indeed, take some valuable key  P,  and some other key with a private key I know Q to it and get a new key R = P + Q where if you find a xG = R and tell me, then I can compute xG = P and steal P's coins.

I even offered a bounty based on doing this to challenge one of the first of these bullshit fake crackers.

The problem is that finding _any_ discrete log of an arbitrary point in the secp256k1 group is intractably difficult-- so this scheme doesn't have a pay-off even if you get a LOT of suckers grinding for you.

What does have a pay-off though is making people think you're doing that so they're willing to help out just for the 1BTC you've promised... and meanwhile you slip them some malware. Probably the best way scammers have found to rip people off is to pretend to be doing something illegal and highly profitable to get people to go along with their scheme-- e.g. how pirate40 spread rumors that he was laundering drug money.

We've seen key attacking tools posted to BCT which certainly had malware and were used to rob people. But it takes a ton of effort to go actually find a subtle backdoor, so when someone posts some tool that doesn't make logical sense it's usually a good guess that it's just a trojan horse.

[MrFreeDragon]

-snip-
We've seen key attacking tools posted to BCT which certainly had malware and were used to rob people. But it takes a ton of effort to go actually find a subtle backdoor, so when someone posts some tool that doesn't make logical sense it's usually a good guess that it's just a trojan horse.

If somebody posts a tool without a logical sense, you are right that is a good plac for malware. However particullary in this case, the author posted the archives with txt files, where the public keys are located.
For example, these are the 30 first keys from the file Pubkey(100).txt of the second link Pubkey2.rar:

Code:

02000029ae90c20c20e5848b3418e6458376d2cebe5cf866d62f85ff4e3f9fbac6
020000314d144b2ca3c395b75a6d6b2a6ea82fc7900406a8c1f5395a8aeadd1cd4
0200004c6f1c74cfebaacc62ef84af64e5d06f9d0cd41a884dacb0ccb0222ac7df
020000633491aa27f1920e1570e4d6c234c99c8bb1f691c54e25f0a6918f335176
020000a2ecadcf92316778ec6f517fc2de9da73a502e9a6070fde8f08aec159177
020000db86e817cf11d1a4aef05811c7c2b681cd14ac2f3d579b9db621f1d27bea
020000ed2a69a5e6054a5536bd297960217d75a79f83a861ecc27fc55867fff01e
020000ee0cb9b8a9d9f9b10d6e226ccda4424a614155c6b78054d1097e075e9c87
0200010a19204869e61e27d55879f51d8de977d2f0038b584483a69aa12eb9b006
0200011995bf132097e285a964a6d880eb199f0f1d3bc0d1aa8d17f19edeebb7fd
0200011e1a2b2f3b758c81a329b74f2f618aafe62af75fbf1c78b7071c586a82c3
0200012a5ab691c5687ce89f3a57e9ab49b0b096071e2522c45088fe73c66fe544
020001529b0e10ed35a6fe67dcf648d0e9faf2db0f3fa0c01463343fcbc14134db
020001627f1d3cc0b319641313791c22b406cf21f19fb4d265098c19a5a6ccbef6
02000180dd028aa3452f6ef291e3d8aeea78792811932130943872d5aa8f5c5e63
0200018c1314711418db9a59d9ab5c9eb434f191cf6bf5f4e19192fa958c3e0eac
020002141f6890d6db83b7d2ae563947bbdf575f11a857ae2ab2420752e1ac3728
020002274951a12dd67580ec2244604593887115cb51eb9dbff2583c9bae8d7ddb
02000244ea9c1758907c44bd9f41c14651cd725ac254efeaedf1e1c13ccbc43232
020002b83e07b6d50e66966da842a36aadbbe634992152a4495acf0e34f98d3d52
020002c0bdcd6a59f9bdb984f659182b7795df22522482870fde6f096493ad12c0
020002c18497227f30a23bfb18e2eee15c0c212fd03d2c7f7dbedb43a18a87b4b2
020002e1890e3e4546a48eb7eef367b53e5e5c0c713c3477124050474f06566e1f
02000329b822de533380375026abdb81fa0d9d11e83567185caa6486e127411db9
0200033259ff42bb773579df1585c051cd94c20bc02cd5cb6e653a11c3c38243c4
0200034c7879d38575f2832cac4d40820db7a2a63c9e6b07bc9754d9272ef89df0
02000351792f4e9addbf8763168c3291862ef87ab7a8e1fa274d054cbd456a7989
0200035d7758a1dbfa60fc32e2c19e855ed5affa471fdad8637a65f454c2603558
02000364b145c17ca39c211d3ad4ece2ebab60b60d1050d8794558f007867565c8
0200037d836b5178bc50402594276fc57a95c0e2b5cb87b9cc53effc25c9f55489

These keys are sordet by name. So in order to understand the connection between the public keys all of them should be downloaded and checked for connection. I suppose that the easiest 1G step between pubkeys could be used (but not necesssary). But it also could be 10*G, 1000*G, 2^100*G or any other number.

I still beleive that all the 144 million public keys packed in 2 rar archieves are connected with some very rich address (or may be with different addresses). Check just these extracted 30 public keys - all of them related to 0 balance wallets. And there is no reason to author to pay 1BTC for the private key from 0 balance address (i guess he can generate a bulk of such 0 balance addresses). That's why the author has the hidden interest - to receive the private key from the rich address. And I do not recommend to participate in this activity.

[gmaxwell]

I don't think you understood my point.

The idea you imagine cannot work because the keys cannot be cracked even with the computing power of every computer on earth for the rest of his life. The attacker just wastes his own time constructing and posting the 'hidden list'.

Instead, if the attacker pretends his motivation is cracking some hidden list, some people might participate (because why would they care if someone elses coins are stolen, so long as they get paid)--- and then he can give them malware either in the original software or in some later 'speedup'. *That* is a good reason well worth the attacker's time.

It works even better if someone shows up warning about hidden lists: that gives a cover motivation for the attacker which isn't a danger to the participants. Just like people who were suggesting pirate40 was really laundering drug money ultimately ended up encouraging people to pay into his ponzi scheme, before they heard the laundering claim they thought it was a scam (which it was).

Maybe your thought is right and the poster is just exceptionally stupid and does not realize that no key will ever be cracked this way. ... but it is safer to assume the poster is not stupid and has a motivation which actually makes sense like malware especially because we have several times seen users post 'key crackers' that were malware in the past.