brute-forcing public keys at amazing speed 2.2 PH/s on CPU [malware warning]

[Etar]

Seems you realy do not understand))
I talk about brutforce (you know what is this?) and you are trying to impose a search for an incomprehensible pubkey that I can look for years.

No I am talking about finding the private key for ANY pubkey which matches a particular criteria: one where the first 60 bits are zero, so that it will take on average 2^60 operations to find it.

I am not talking that programm can found public key with criteria like 192 leading zeros or something. Read carefully!
I told that programm can brutforce keys to find public key with speed 2.2Ph on xeon.
if you know public key than YES program can found private key from this public key after some time...
But this time depends only how far the starting private key from the desired..

Do you see the difference in your task and what I write?

[MrFreeDragon]

-snip-
I told that programm can brutforce keys to find public key with speed 2.2Ph on xeon.
-snip-

Can you please explain pelease what kind of operation you mean by 1 hash?

2.2Ph/s means 2,200,000,000,000,000 h/s

So what is your "one operation"?

[gmaxwell]

I am not talking that programm can found public key with criteria like 192 leading zeros or something.

If your program could actually do what you claimed-- evaluate 2.2 petakeys per second, then it could find keys whos pubkeys have 60-bit leading zeros quite quickly.

Read carefully!
I told that programm can brutforce keys to find public key with speed 2.2Ph on xeon.
if you know public key than YES program can found private key from this public key after some time...
But this time depends only how far the starting private key from the desired..

Do you see the difference in your task and what I write?

But instead you demand a starting point _and_ a public key (rather than, e.g. a key hash). Which means you cannot actually do what you claim, because you need to compute a point difference in order to use a precomputed table.  One we consider that, instead what you claim is not impressive-- it is outright slow.

Assuming that the pubkey isn't available for that challenge payment-- go solve it.  It's worth several thousand dollars, so if you could actually operate at the speed you could you wouldn't be wasting my time, you'd be collecting the bounty.

Or go start at key 1, within 2^64 operations you will find a pubkey that begins with 60 zero bits with very high likelihood.

[Etar]

-snip-
I told that programm can brutforce keys to find public key with speed 2.2Ph on xeon.
-snip-

Can you please explain pelease what kind of operation you mean by 1 hash?

2.2Ph/s means 2,200,000,000,000,000 h/s

So what is your "one operation"?

Please, look at https://bitcointalk.org/index.php?topic=5238719.msg54180387#msg54180387
And you will understand what "one operation" mean. Thanks!

[MrFreeDragon]

-snip-
I told that programm can brutforce keys to find public key with speed 2.2Ph on xeon.
-snip-

Can you please explain pelease what kind of operation you mean by 1 hash?

2.2Ph/s means 2,200,000,000,000,000 h/s

So what is your "one operation"?

Please, look at https://bitcointalk.org/index.php?topic=5238719.msg54180387#msg54180387
And you will understand what "one operation" mean. Thanks!

Not clear from that post, sorry.
Is your "one operation" the EC calculation of the public key for one private key or EC points addition?

It looks like you just overestimate your calculation power adding the operations that are not really performed.

[NotATether]

There is no computer processor in existence that has a rate of Petahertz per second, because of Moore's law. All modern processors today have a max turbo speed of around 5GHz per thread and even that can only be sustained for a short amount of time and then it reverts to it's base speed of around 2.5 GHz per thread. Since you're assuming this can be done on personal computers, even if you have say 8 cores then that's only a combined base speed of a little more than 16GHz per second.

And even then these numbers are just for CPU instructions, the process of finding a SHA256(SHA256(x)) hash has severely lower rates than what I posted.

Look at this table here https://en.bitcoin.it/wiki/Non-specialized_hardware_comparison. Look at the Mhash/s column, every processor listed only has megahash speed.

You know that CPU XEON 2680v2 can brute-force public key (secp256k1 curve)  at speed 55TH/s per thread

No, it doesn't. According to the link I just posed, double Xeon E5-2690 processors (in the same family as 2680, since 2680 isn't on the list) has a listed hashrate of 66 Mhash/s. So it's safe to assume a single Xeon E5-2680 can do 33 Mhash/s for the entire processor.

This screenshot looks like you hacked up a visual basic program and coded it to print sketchy results. 55 TH/s sounds very dodgy, like you're using an Antminer S17 with 56 TH/s as the mining source instead.

[Etar]

Not clear from that post, sorry.
Is your "one operation" the EC calculation of the public key for one private key or EC points addition?

It looks like you just overestimate your calculation power adding the operations that are not really performed.

I will give a final explanation of how this works.
***************************************

Imagine a house with 5 rooms. Each room has 200 people. All people have different non-repeating names.
Your task is to find David. You can go around every room, go up to every person and ask his name David or not.
In this way, you will find David by tomorrow's best.


Or you can do otherwise. Shout the whole name David to the whole room; if David responds, then he is found; if not, then go to another room.
For example, you spent 1 second on the first, second, third and fourth rooms and there was no David anywhere.
You go to the fifth room, shout out a name and get a response from David. in 1 second
A total of 5 seconds of time was spent. 1 second per room. there were a total of 1000 people.
V=1000/5=200person/s
***************************************
Resul the same in both way - We found Devid. in first way in a day, in second way in 5s.

If you do not agree, then write what speed for the second example according to your

You can tell anything, that this speed is impossible and so on. I say that if we need found private key of known public key than my algoritm will fast than algorithm where hashrate of 66 Mhash/s ))  in millions times. And that is final explanation  

[Etar]

There is no computer processor in existence that has a rate of Petahertz per second, because of Moore's law. All modern processors today have a max turbo speed of around 5GHz per thread and even that can only be sustained for a short amount of time and then it reverts to it's base speed of around 2.5 GHz per thread. Since you're assuming this can be done on personal computers, even if you have say 8 cores then that's only a combined base speed of a little more than 16GHz per second.

And even then these numbers are just for CPU instructions, the process of finding a SHA256(SHA256(x)) hash has severely lower rates than what I posted.

Look at this table here https://en.bitcoin.it/wiki/Non-specialized_hardware_comparison. Look at the Mhash/s column, every processor listed only has megahash speed.

You know that CPU XEON 2680v2 can brute-force public key (secp256k1 curve)  at speed 55TH/s per thread

No, it doesn't. According to the link I just posed, double Xeon E5-2690 processors (in the same family as 2680, since 2680 isn't on the list) has a listed hashrate of 66 Mhash/s. So it's safe to assume a single Xeon E5-2680 can do 33 Mhash/s for the entire processor.

This screenshot looks like you hacked up a visual basic program and coded it to print sketchy results. 55 TH/s sounds very dodgy, like you're using an Antminer S17 with 56 TH/s as the mining source instead.

Move away from gigahertz, look more abstractly...
if you need, for example, to get 2^2 and then 2^3 .. you can of course go by adding or multiplying or even raising to a power)) and spend a lot of processor time on it.
Or you can just shift the bit to the left.
In both case you get the same result. but spend a miserable resource on it.
And ofcourse i will say that second way will much more efficiency and speed is faster!

[MrFreeDragon]

Etar, you are funny person.

Yes, you just overestimate the rate. It is known that due to pollard kanagaroo method it is possible to perform less bruteforce operations. And roughly it is square root from the total length.

You just count the operations which are not actually performed. You use the method which is good due to birthday paradox. However, due to this methond you just need less operations.

So, your actual speed is not 2.2Ph/s but the square root from this amount, i.e. approx. 47 Mh/s in total.

[Etar]

Etar, you are funny person.

Yes, you just overestimate the rate. It is known that due to pollard kanagaroo method it is possible to perform less bruteforce operations. And roughly it is square root from the total length.

You just count the operations which are not actually performed. You use the method which is good due to birthday paradox. However, due to this methond you just need less operations.

So, your actual speed is not 2.2Ph/s but the square root from this amount, i.e. approx. 47 Mh/s in total.

You can write your vision of speed in example#2 in https://bitcointalk.org/index.php?topic=5238719.msg54181362#msg54181362
If we start from private key 0x01 with my algorithm and you with your algorithm where hashrate is 66Mg/s than i found same public key in million times faster than you. Do you agree with me?
V=S/t  If i passed the range S in 2315681358314736639 privatkey values and T=8411seconds i can easy get V = 2315681358314736639/8411 = 275315819559474 keys/s
Or you have a different vision of this formula, different from the rest of the world

[Jean_Luc]

Etar, you are funny person.

Yes, you just overestimate the rate. It is known that due to pollard kanagaroo method it is possible to perform less bruteforce operations. And roughly it is square root from the total length.

You just count the operations which are not actually performed. You use the method which is good due to birthday paradox. However, due to this methond you just need less operations.

So, your actual speed is not 2.2Ph/s but the square root from this amount, i.e. approx. 47 Mh/s in total.

This is what we try to explain since the beginning of this post.

[NotATether]

It is known that due to pollard kanagaroo method it is possible to perform less bruteforce operations. And roughly it is square root from the total length.

This is actually an interesting concept so I looked it up. It basically computes two sets of numbers, one set for each side of the x^y = m equation. Later elements in the set are derived from earlier elements, and sometimes this will not find a collision between two elements  in the same position of the two sets. I wonder if the regions/domains of x that will be missed is known, or at least if there have been studies about this.

[Tamarindei]

I also think it is unfair to say its malware or scam with warning so early.
Maybe Etar can say what his intentions are for creating this topic here?

[gmaxwell]

I also think it is unfair to say its malware or scam with warning so early.
Maybe Etar can say what his intentions are for creating this topic here?

Perhaps, but quite a few times people have shown up with "cracking" tools that turned out to be a scam. It's a pretty standard MO. In particular several of the more recent ones have setup making these seemingly pointless "advertising posts" then nailing people who PM them, e.g. by sending them the software privately where other people can't call it out for being malware.  I guess they feel better about robbing people because they imagine they're robbing other thieves.

[odolvlobo]

[Give me public key what ever you whant and give me start private key with whom I can find public key for 1 day with speed 1Ph/s
this will drop options with tables 2 ^ 31

10¹⁵ checks/s for 1 day is 8.64x10¹⁹ (4AF0A763BB1C00000₁₆) checks. If you can actually do that, you should  be able to check all private keys between

0x49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000

and

0x49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5effffffffffffffff

in less than 6 hours.

But, I'll give you a whole day to find the private keys for these 16 public keys. The private keys are randomly distributed in the above range. If you can do that, I'll be impressed. I don't think that you can find 4.

Code:

0459A3BFDAD718C9D3FAC7C187F1139F0815AC5D923910D516E186AFDA28B221DC994327554CED887AAE5D211A2407CDD025CFC3779ECB9C9D7F2F1A1DDF3E9FF8
04A50FBBB20757CC0E9C41C49DD9DF261646EE7936272F3F68C740C9DA50D42BCD3E48440249D6BC78BC928AA52B1921E9690EBA823CBC7F3AF54B3707E6A73F34
0404A49211C0FE07C9F7C94695996F8826E09545375A3CF9677F2D780A3EB70DE3BD05357CAF8340CB041B1D46C5BB6B88CD9859A083B0804EF63D498B29D31DD1
040B39E3F26AF294502A5BE708BB87AEDD9F895868011E60C1D2ABFCA202CD7A4D1D18283AF49556CF33E1EA71A16B2D0E31EE7179D88BE7F6AA0A7C5498E5D97F
04837A31977A73A630C436E680915934A58B8C76EB9B57A42C3C717689BE8C0493E46726DE04352832790FD1C99D9DDC2EE8A96E50CAD4DCC3AF1BFB82D51F2494
040ECDB6359D41D2FD37628C718DDA9BE30E65801A88A00C3C5BDF36E7EE6ADBBAD71A2A535FCB54D56913E7F37D8103BA33ED6441D019D0922AC363FCC792C29A
0422DD52FCFA3A4384F0AFF199D019E481D335923D8C00BADAD42FFFC80AF8FCF038F139D652842243FC841E7C5B3E477D901F88C5AB0B88EE13D80080E413F2ED
04DB4F1B249406B8BD662F78CBA46F5E90E20FE27FC69D0FBAA2F06E6E50E536695DF83B68FD0F396BB9BFCF6D4FE312F32A43CF3FA1FE0F81DF70C877593B64E0
043BD0330D7381917F8860F1949ACBCCFDC7863422EEE2B6DB7EDD551850196687528B6D2BC0AA7A5855D168B26C6BAF9DDCD04B585D42C7B9913F60421716D37A
04332A02CA42C481EAADB7ADB97DF89033B23EA291FDA809BEA3CE5C3B73B20C49C410D1AD42A9247EB8FF217935C9E28411A08B325FBF28CC2AF8182CE2B5CE38
04513981849DE1A1327DEF34B51F5011C5070603CA22E6D868263CB7C908525F0C19EBA6BD2A8DCF651E4342512EDEACB6EA22DA323A194E25C6A1614ABD259BC0
04D4E6FA664BD75A508C0FF0ED6F2C52DA2ADD7C3F954D9C346D24318DBD2ECFC6805511F46262E10A25F252FD525AF1CBCC46016B6CD0A7705037364309198DA1
0456B468963752924DBF56112633DC57F07C512E3671A16CD7375C58469164599D1E04011D3E9004466C814B144A9BCB7E47D5BACA1B90DA0C4752603781BF5873
04D5BE7C653773CEE06A238020E953CFCD0F22BE2D045C6E5B4388A3F11B4586CBB4B177DFFD111F6A15A453009B568E95798B0227B60D8BEAC98AF671F31B0E2B
04B1985389D8AB680DEDD67BBA7CA781D1A9E6E5974AAD2E70518125BAD5783EB5355F46E927A030DB14CF8D3940C1BED7FB80624B32B349AB5A05226AF15A2228
0455B95BEF84A6045A505D015EF15E136E0A31CC2AA00FA4BCA62E5DF215EE981B3B4D6BCE33718DC6CF59F28B550648D7E8B2796AC36F25FF0C01F8BC42A16FD9

[Etar]

I also think it is unfair to say its malware or scam with warning so early.
Maybe Etar can say what his intentions are for creating this topic here?

Perhaps, but quite a few times people have shown up with "cracking" tools that turned out to be a scam. It's a pretty standard MO. In particular several of the more recent ones have setup making these seemingly pointless "advertising posts" then nailing people who PM them, e.g. by sending them the software privately where other people can't call it out for being malware.  I guess they feel better about robbing people because they imagine they're robbing other thieves.

Yesterday, I read in detail about the giant baby steps algorithm.
I had heard about him before, but did not delve into the gist of it.
This algorithm is very similar to the one I use.
I just thought that I was the first one to think of this, but it turns out that something similar was invented before))
You can delete the topic if you want. All the same, I will not publish the source code.

[Etar]

[Give me public key what ever you whant and give me start private key with whom I can find public key for 1 day with speed 1Ph/s
this will drop options with tables 2 ^ 31

10¹⁵ checks/s for 1 day is 8.64x10¹⁹ (4AF0A763BB1C00000₁₆) checks. If you can actually do that, you should  be able to check all private keys between

0x49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000

and

0x49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5effffffffffffffff

in less than 6 hours.

But, I'll give you a whole day to find the private keys for these 16 public keys. The private keys are randomly distributed in the above range. If you can do that, I'll be impressed. I don't think that you can find 4.

Code:

0459A3BFDAD718C9D3FAC7C187F1139F0815AC5D923910D516E186AFDA28B221DC994327554CED887AAE5D211A2407CDD025CFC3779ECB9C9D7F2F1A1DDF3E9FF8
04A50FBBB20757CC0E9C41C49DD9DF261646EE7936272F3F68C740C9DA50D42BCD3E48440249D6BC78BC928AA52B1921E9690EBA823CBC7F3AF54B3707E6A73F34
0404A49211C0FE07C9F7C94695996F8826E09545375A3CF9677F2D780A3EB70DE3BD05357CAF8340CB041B1D46C5BB6B88CD9859A083B0804EF63D498B29D31DD1
040B39E3F26AF294502A5BE708BB87AEDD9F895868011E60C1D2ABFCA202CD7A4D1D18283AF49556CF33E1EA71A16B2D0E31EE7179D88BE7F6AA0A7C5498E5D97F
04837A31977A73A630C436E680915934A58B8C76EB9B57A42C3C717689BE8C0493E46726DE04352832790FD1C99D9DDC2EE8A96E50CAD4DCC3AF1BFB82D51F2494
040ECDB6359D41D2FD37628C718DDA9BE30E65801A88A00C3C5BDF36E7EE6ADBBAD71A2A535FCB54D56913E7F37D8103BA33ED6441D019D0922AC363FCC792C29A
0422DD52FCFA3A4384F0AFF199D019E481D335923D8C00BADAD42FFFC80AF8FCF038F139D652842243FC841E7C5B3E477D901F88C5AB0B88EE13D80080E413F2ED
04DB4F1B249406B8BD662F78CBA46F5E90E20FE27FC69D0FBAA2F06E6E50E536695DF83B68FD0F396BB9BFCF6D4FE312F32A43CF3FA1FE0F81DF70C877593B64E0
043BD0330D7381917F8860F1949ACBCCFDC7863422EEE2B6DB7EDD551850196687528B6D2BC0AA7A5855D168B26C6BAF9DDCD04B585D42C7B9913F60421716D37A
04332A02CA42C481EAADB7ADB97DF89033B23EA291FDA809BEA3CE5C3B73B20C49C410D1AD42A9247EB8FF217935C9E28411A08B325FBF28CC2AF8182CE2B5CE38
04513981849DE1A1327DEF34B51F5011C5070603CA22E6D868263CB7C908525F0C19EBA6BD2A8DCF651E4342512EDEACB6EA22DA323A194E25C6A1614ABD259BC0
04D4E6FA664BD75A508C0FF0ED6F2C52DA2ADD7C3F954D9C346D24318DBD2ECFC6805511F46262E10A25F252FD525AF1CBCC46016B6CD0A7705037364309198DA1
0456B468963752924DBF56112633DC57F07C512E3671A16CD7375C58469164599D1E04011D3E9004466C814B144A9BCB7E47D5BACA1B90DA0C4752603781BF5873
04D5BE7C653773CEE06A238020E953CFCD0F22BE2D045C6E5B4388A3F11B4586CBB4B177DFFD111F6A15A453009B568E95798B0227B60D8BEAC98AF671F31B0E2B
04B1985389D8AB680DEDD67BBA7CA781D1A9E6E5974AAD2E70518125BAD5783EB5355F46E927A030DB14CF8D3940C1BED7FB80624B32B349AB5A05226AF15A2228
0455B95BEF84A6045A505D015EF15E136E0A31CC2AA00FA4BCA62E5DF215EE981B3B4D6BCE33718DC6CF59F28B550648D7E8B2796AC36F25FF0C01F8BC42A16FD9

As i understand all of this public keys is in range of private keys:
from
 0x49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000
to
0x49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5effffffffffffffff

ok i will try to do this.

[Jean_Luc]

Yesterday, I read in detail about the giant baby steps algorithm.
I had heard about him before, but did not delve into the gist of it.
This algorithm is very similar to the one I use.

So you have use this algorithm which is in O(sqrt(n)) for both memory and time where n is the size of the range.
Starting with an offset does not prevent to use this algorithm.
That means that the key rate (or group operation) you announced is wrong.
Do not waste time in solving the above problem, solving it will just prove that you have correctly implemented this known algorithm.

[Etar]

Yesterday, I read in detail about the giant baby steps algorithm.
I had heard about him before, but did not delve into the gist of it.
This algorithm is very similar to the one I use.

So you have use this algorithm which is in O(sqrt(n)) for both memory and time where n is the size of the range.
Starting with an offset does not prevent to use this algorithm.
That means that the key rate (or group operation) you announced is wrong.
Do not waste time in solving the above problem, solving it will just prove that you have correctly implemented this known algorithm.

About speed, read above. Yes, an algorithm is used that minimizes the use of resources. But this does not mean that they do not need to be taken into calculation of speed. The total number of keys that are processed will not decrease. It’s just that they are processed by comparison, not by adding a point.

I did not write that CPU can do 2.2 P operations of addiding points/s i say 2.2Ph/s mean 2.2Pkeys/s. This mean that CPU can brutforce range of 2.2*10^15 points in 1/s
if range is 1000 points and you check this range in 1seconds than you can say that speed is 1000points/s no matter how you do that whith comparsation or addiding or in other way!

[Jean_Luc]

This is well know since the beginning of elliptic curve usage in crypto.
But we count the number of group operation really performed (not the size of the range divided by time).

For instance in my BTCollider which use the DP method (also in O(sqrt(n))), I get 27.9 Mips (GeForce GTX 1050 Ti) for 80bit collision search. That means that I really compute 27.9M group operation and hash per second. It solves 80bit collision in 14h30 (in average). Note that in that case, it have to compute an EC mult for each group operation.

https://github.com/JeanLucPons/BTCCollider