Pollard's kangaroo ECDLP solver

[hamnaz]

Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.

any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt

[a.a]

notatTether posted a python Script some time ago. But i also have a Javascript Version of it, which can be made to be an standalone executable. interested?

[NotATether]

notatTether posted a python Script some time ago. But i also have a Javascript Version of it, which can be made to be an standalone executable. interested?

Definitely. Compiled Node is much faster than any Python script I can throw at here.

How did you make it?

[WanderingPhilospher]

Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.

any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt

So halve -i input.txt divide by 2 = -o output.txt ?

[hamnaz]

Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.

any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt

So halve -i input.txt divide by 2 = -o output.txt ?

yes

[hamnaz]

Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.

any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt

So halve -i input.txt divide by 2 = -o output.txt ?

yes

i think all cuda developers here, maybe no one have time for write small script in c for halve pubkeys by file ?

[a.a]

There is already a small python script for your needs here in this thread.

[hamnaz]

There is already a small python script for your needs here in this thread.

i know python scripts, already have it too, but for asking about c script, it will faster then python

[NotATether]

i know python scripts, already have it too, but for asking about c script, it will faster then python

Most likely you will have to pay someone to make such a program for you as almost all of us are too busy with side projects and/or our personal lives and matters to work on something as complex as a C program (they'd also have to make the makefile too).

[ssxb]

Deny it again if you can.

Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates. In comparison, using Shor's algorithm to break the RSA algorithm requires 4098 qubits and 5.2 trillion Toffoli gates for a 2048-bit RSA key, suggesting that ECC is an easier target for quantum computers than RSA. All of these figures vastly exceed any quantum computer that has ever been built, and estimates place the creation of such computers at a decade or more away.

Supersingular Isogeny Diffie–Hellman Key Exchange provides a post-quantum secure form of elliptic curve cryptography by using isogenies to implement Diffie–Hellman key exchanges. This key exchange uses much of the same field arithmetic as existing elliptic curve cryptography and requires computational and transmission overhead similar to many currently used public key systems.

In August 2015, the NSA announced that it planned to transition "in the not distant future" to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy."


 

[fxsniper]

Can anyonel help to advice code on c++?

I know may be possible 99% not working and fail
I would like to test modify jump of Pollard's kangaroo
refer from kangaroo illustration JeanLucPons github
DP is foot of kangaroo right but jump is up to high right
I think 120 bit is to high  may be make jump to long will be help

yes, it possible to missing some point to found
Just would like to try

on Kangaroo.cpp
void Kangaroo::CreateJumpTable() {

this function right?

may be I change up 2 to  3-10
just testing a little

[NotATether]

Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.

Link to resource?

on Kangaroo.cpp
void Kangaroo::CreateJumpTable() {

Wrong function.

The code for jumping is in SolveKeyGPU and SolveKeyCPU.

You can just make a for loop between 1 to 3 or 10 that computes 3 or 10 consecutive jumps but only store the last one in the hashtable. It won't improve speed but it will slow down your hashtable from ballooning to a large memory footprint.

[fxsniper]

Wrong function.

The code for jumping is in SolveKeyGPU and SolveKeyCPU.

You can just make a for loop between 1 to 3 or 10 that computes 3 or 10 consecutive jumps but only store the last one in the hashtable. It won't improve speed but it will slow down your hashtable from ballooning to a large memory footprint.

Thank you

Quick test, result fail
compare test solve problem 65
original CPU finish in 3 minute
original GPU finish in 31 minute

problem 65
modify CPU (3 hour not found any thing)
modify GPU (3 hour not found any thing)

[ssxb]

 author=NotATether link=topic=5244940.msg58213662#msg58213662 date=1634617918]

Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.



Link to resource?

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

look for Quantum computing attacks in the end

[NotATether]

Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.

Link to resource?

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

look for Quantum computing attacks in the end

Read https://www.reddit.com/r/Bitcoin/comments/6is19z/new_estimate_quantum_computers_require_at_most/ , an x-post of your resource:

blk0  72 points 4 years ago
In all fairness, I have to state that the 2330 qubits refer to ideal, fault-tolerant, logical qubits, whereas the 17 qubits currently achieved by IBM's quantum processor are raw, imperfect qubits which could be used to encode 7 logical qubits. Yet, quantum error-correction of even a single fault-tolerant qubit has not been achieved in experiments today.

As Spock would say, your IBM's quantum computer is "illogical" 

World's most powerful quantum computer as of today can do 66 qubits.

And *it's* research paper says this:

In conclusion, we have reported the design, fabrication, measurement, and benchmarking of a state-of-the-art 66- qubit superconducting quantum processor that is fully programmable through electric control. ...... We note that the performance of the whole system behaves as predicted when system size grows from small to large, confirming our high fidelity quantum operations and low correlated errors on the Zuchongzhi processor. The quantum processor has a scalable architecture that is compatible with surface-code error correction, which can act as the test-bed for fault-tolerant quantum computing.

In other words, you still have a long shot to make even 66 *logical* (fault-free) Qbits.

So wake me up when you get anywhere near 2000 logical ones.

[bigvito19]

Does anybody has this script, its gone.

What to use to look at the DP's I have in the workfiles?

If you can compile your own version, you can add the export option that https://github.com/PatatasFritas/FriedKangaroo created.  If you search for PatatasFritas in this thread, they also have a python script that will do the same; export the wild and tame files.

This was previously posted in this thread but deleted for some reason, it's a snippet from iceland2k14's Github that divides a pubkey by an arbitrary number and returning all the parts in between. I polished it a bit to print the compressed and uncompressed keys: https://gist.github.com/ZenulAbidin/286a652b160086b3b0f184a886ba68ca

Here's the script output when called with a random (uninteresting - with no balance) pubkey, divided by 48. The keys divided by 0, 1, 2, 3 and so on are printed in order:

Code:

>>> shiftdown("0267830f83723fa565ccb8677c14d13f7d47bf1008fea826833359f27f866632ab", 48)
023f81e98df59d891264d3fca9bca16552feaf1c7dba1bebd9a774c5fd6041f248 043f81e98df59d891264d3fca9bca16552feaf1c7dba1bebd9a774c5fd6041f24873afd6e4fe6e2e93db77f96f04428dc8f66831960a6122c81e8a6095428f8b94
03b7d16572d1c71e629645c311078ca3cfbdd15b752de69ac606d9b0076f8373ca 04b7d16572d1c71e629645c311078ca3cfbdd15b752de69ac606d9b0076f8373ca90d73ee0e478d1f9440ce9ae6a08d65d35a7f0c3b1b34d14e7d1bce7f51b3fc1
0227216fdb90bd046064c3b93d10270a047233d17073ec6dae0ece6fe5d5f3942c 0427216fdb90bd046064c3b93d10270a047233d17073ec6dae0ece6fe5d5f3942c4813f1e70df2d6222bc3c5fd822cd750ed63bc899651f89fe39d6630999360e4
033b9934491df1cd5308886498dcc2be62a7a38093a372dd9355d45625a50c5407 043b9934491df1cd5308886498dcc2be62a7a38093a372dd9355d45625a50c54075b2d3d5e12b0c892016f9d30e44f98fad0e9bf35ee6897b9278fabad3eb6f9ab
0236bd119cd3471b5dab8599b0963fafa39972139a9c0cf11d57ff88e4449c15ce 0436bd119cd3471b5dab8599b0963fafa39972139a9c0cf11d57ff88e4449c15ceecea8c7018281b1b7efe9571623a1656e929999064a8a38288e743158645b638
03dfacf1392ee2a08655897f64563cdbbc9f8d700425f5d47a789fdbab028061db 04dfacf1392ee2a08655897f64563cdbbc9f8d700425f5d47a789fdbab028061dbd5c479f1e6fc35d3db8088791a740b52d0324a034e76789b01f813d75aac184d
0375bb11d9936856d2a081847bf121cf6ba4b687ca1ed890e46662ec26d626514b 0475bb11d9936856d2a081847bf121cf6ba4b687ca1ed890e46662ec26d626514b8f517daf3b05802849bfd51d23b60104c185be840bd481289800b957aa1bbc3d
02d4524b803c225a177449263b024bb6b2b7196fed3cb6905dbe02f9a54b4cfa53 04d4524b803c225a177449263b024bb6b2b7196fed3cb6905dbe02f9a54b4cfa53529f8e7328cdf85fca6727e4d44e45402d43480e65c11117ae0041aa8978a1c4
03d71a03b483720655d327983a64dbedf6f3d4b29a0545907e8894a9d575d5e004 04d71a03b483720655d327983a64dbedf6f3d4b29a0545907e8894a9d575d5e0046c7bfc0f84767f43ddc51015469aa09108ca1b1369305c3430f6651b245c415d
0284ef6b14ba3accb84d467c5f39c3d6bee2b1b972f260283ef29a3391ff44cc92 0484ef6b14ba3accb84d467c5f39c3d6bee2b1b972f260283ef29a3391ff44cc92e191dd65da677a85c858795c6995a164a2c4c35ccd27dfdd7f14af515e679b4a
02afb52737d6ffc033455fcd93aac81b7f9744fdcb6393553a8c1ab5f0c7540f2e 04afb52737d6ffc033455fcd93aac81b7f9744fdcb6393553a8c1ab5f0c7540f2ec78c5e51b4eb89dab380cc62912d861084ad587b7530f6276a37ad206adfea4e
03e872311ae7200f33bff94d33159596e716a5d149547d4c8b5cc0319e69272006 04e872311ae7200f33bff94d33159596e716a5d149547d4c8b5cc0319e69272006fdf7c325e3e06e9fd666afb0af6e280d461a608e04614a2921a6d5ab41fc2491
0204f555a02d8e439e216f6f906ecb3f18a3156ac27a52b8be50241e94a4ad1b5b 0404f555a02d8e439e216f6f906ecb3f18a3156ac27a52b8be50241e94a4ad1b5be4f1c6ca003b968f1c34d055d4fb2d7bbdc152f2632dde308b0c08ba64e1636e
02f38ef3d039a01f254dfea5c526cd7fbac66ba4f119f4f079b023b358c966c88f 04f38ef3d039a01f254dfea5c526cd7fbac66ba4f119f4f079b023b358c966c88fc67031c67a9698df456693055b1e7f5905180f6d4f1ac050dd599d87614acd72
03e68a481b261229bc326522334573acedc08def4e27156625b67fc3618ab37865 04e68a481b261229bc326522334573acedc08def4e27156625b67fc3618ab37865fc00b314a85033f24e610fce633d3f0034dc07ced7bab805ddd4882ba385a411
037edc3ad44ab06b71a8c15cce4cf366411cd24d4017b4195a757aadf71b2bf79e 047edc3ad44ab06b71a8c15cce4cf366411cd24d4017b4195a757aadf71b2bf79e0ce8524931e85be88aef99081775e20140c19d8b62075e6216f211c5d977c3eb
029c864308910b3ac3856e71c1261018fff180f0340c19addfb62d277ccb6ae730 049c864308910b3ac3856e71c1261018fff180f0340c19addfb62d277ccb6ae73073625826e7e8cae06cbed7384ae158c584f7ce49e65f859da5ed3b8fada338de
02d7ca55e58d070e78126bb3bd2ed75825627775c9fddd032d35082c15131deebd 04d7ca55e58d070e78126bb3bd2ed75825627775c9fddd032d35082c15131deebd419621117f642ebdebf3d284ddaf8b10bbf601759ea6943032981b0240001f00
02ef9af103205ed92432df2a7d07241615a6566f80743fb5673bb6d6dee5d8b4f1 04ef9af103205ed92432df2a7d07241615a6566f80743fb5673bb6d6dee5d8b4f1e0e321db29fa0c9d550fcb08aed871ee6d9d25f670f5bbfad973048033db6cea
03ad7aaf4595b3afbf432cded4e394583d093b6c25049e5f3134c95358e3588745 04ad7aaf4595b3afbf432cded4e394583d093b6c25049e5f3134c95358e35887458a6dae6d5614abd980f56245ee45975ad72957bd800b6e0335382c2a59ed91c9
03ddb8447d948936dd4760cec2dd6cd273c7cf50ca4d5d381044b36ec8741b22c5 04ddb8447d948936dd4760cec2dd6cd273c7cf50ca4d5d381044b36ec8741b22c5a008a1b0cb8e41a1a376db4cf750bdd93b5dabb1458b58555c22de3d11693321
02a510ab53586dd366388ce5e83dd566dfa036fa5cea5b2ac50c0470ec39d952d5 04a510ab53586dd366388ce5e83dd566dfa036fa5cea5b2ac50c0470ec39d952d5715d568b37ecc1f1d2073482cb6fe48d5e44b03ac7340fcd04d8e0785461d20e
03f76ffb506b5757398a43d41ab98d2613b0df0e4637e3d266278395a7b578d09c 04f76ffb506b5757398a43d41ab98d2613b0df0e4637e3d266278395a7b578d09c0be238cfd2b54079d47ab5db419bba96c44ea0f7fce5a01a79da2c432c398597
02ca39a54157c35b04b1fee81710a867ed862fa279e2302662a720c8f46c5b4d7b 04ca39a54157c35b04b1fee81710a867ed862fa279e2302662a720c8f46c5b4d7b6bc7d7f2d980e86cac28bb5b63076a0dd0aa5fae87fa302d9fd4ad1e7c15269a
02ede8c8e81369cfeb0abb53de9511896d2d7c9e8e5ed40928bd356d7287c5d9b8 04ede8c8e81369cfeb0abb53de9511896d2d7c9e8e5ed40928bd356d7287c5d9b8bd74498e1cfb9b6d96bfe31c13179af6d92b84700353351d372939fe0c7eb41e
03920a3695485fd70304b37ebb7d8ee72c27d9052bdc1c59e1224cd9fa6124fc44 04920a3695485fd70304b37ebb7d8ee72c27d9052bdc1c59e1224cd9fa6124fc443281843227790e8f3ba432d58b32d0a156e6547f8b41ffa747b922abb709be55
0347d1765f1a5627a8c16041bbdf14d88abfbefed90aa8672ead83a6eff3b9f2e7 0447d1765f1a5627a8c16041bbdf14d88abfbefed90aa8672ead83a6eff3b9f2e7db8669de83cfb8c20454dc2197875c5bcfb499c47bd227c28a61d569bc02bf7f
0215f893d55929a8a101be21c6071f706d1be874af95a33eea23b7fc7a283d6f75 0415f893d55929a8a101be21c6071f706d1be874af95a33eea23b7fc7a283d6f759f1cf84d6b9bbd6bc97c41256b1f12a12ffacd00a1f915a92567318260ee3b38
027bd4d04d02759b7cddb134d6eb88b9ef54ea950c42b929b050e431e32dcc4276 047bd4d04d02759b7cddb134d6eb88b9ef54ea950c42b929b050e431e32dcc42768569e2c75663956d932c9ab6af8e33dd1b5922100ccd86b74065ca187da18e4a
022c5062793956267056d8420aff1e7628533cf9d0e4d30416aea06c8ffa57075a 042c5062793956267056d8420aff1e7628533cf9d0e4d30416aea06c8ffa57075ae55c7e00e8d3502960abc07df0462bac678d50fa0283423b6501c5cf384b4292
03d9e8fdea0f739a5a67585c801e24b8ae5f528e64ca9268ac2703dd96ef9640f3 04d9e8fdea0f739a5a67585c801e24b8ae5f528e64ca9268ac2703dd96ef9640f32f4e6e1c4780e7ee0e24b03edb514a1eb42b9311ae69f15c2933ea4bf1993e5b
02fa1e16af956474cdb52eb069012813ebfe508ac50e16bb7bef6c2233605c3709 04fa1e16af956474cdb52eb069012813ebfe508ac50e16bb7bef6c2233605c37093780172eeb613c2c19836f63bba7d7ac164420130c7d71dd06bd11e00f465db4
0361b28c079e403ec070efe4247ca22c652f4feee414cc361b1a70b6c8bd753f48 0461b28c079e403ec070efe4247ca22c652f4feee414cc361b1a70b6c8bd753f4890e76066c3a07d6514dab89784b7847d3967ea77e70322373cb485313c13f009
0347cbf63b2849c894f9c22660c766034226ac6c61ae76b220b5df7831cc9b9e0b 0447cbf63b2849c894f9c22660c766034226ac6c61ae76b220b5df7831cc9b9e0b91a3017cb6a8ed5744bbb30af37d984209a489f94c4c85629cfa1ef7ff3f5131
03a452116d43720f3fd28243e2a114ff145f8475016b34a378af021946e2a3f87b 04a452116d43720f3fd28243e2a114ff145f8475016b34a378af021946e2a3f87b28649a7d5a2559a5092d52c697c66aa04beb7f5d1ddc171003e50dea58b6674d
032a9c89f590aba176ef0d1a69dab1121fdf4d925900d3fa58676267b02c538567 042a9c89f590aba176ef0d1a69dab1121fdf4d925900d3fa58676267b02c5385672974e58f4b1073c60c89e2e7d1a1d39494cbe10e3fcfa2ed07843c078cc1af07
03385b50a489bebc64d8b989c55756ab8db18cbc9bedb3119d020de02ea728b8f0 04385b50a489bebc64d8b989c55756ab8db18cbc9bedb3119d020de02ea728b8f03dd3d75614a806a8aa9e691bfcb8e407e3b60713d2dea8209e577647ce502bb3
036b54187fd9bbbfa4839f0a8cd22117bb25c32d0488005efd2932748ca6b170b4 046b54187fd9bbbfa4839f0a8cd22117bb25c32d0488005efd2932748ca6b170b42776916233d8ebb1e7f8ced8ed49dded5c5431891f4cada816bd09f77ab965b1
03b02a39d64581de4644a9dabf7b82d39e56ab3451325be2d6297ef04bd41ae8d4 04b02a39d64581de4644a9dabf7b82d39e56ab3451325be2d6297ef04bd41ae8d4a35e244188dbf0bf733089259d4806eb6e6c7e9b623af719e6aec28a23e18301
0301df71ddf8bffee835dcaf0c8d40625b297b972fc65c9fc528bde11782f78056 0401df71ddf8bffee835dcaf0c8d40625b297b972fc65c9fc528bde11782f780569ec37a656613d99f2a5b828def9e7d9997766077f6dc734802e99e6458ba211f
03719a27faa6d659cbb05a19f8e194ee393b19ad2be8975a459afa67ff1e83f60f 04719a27faa6d659cbb05a19f8e194ee393b19ad2be8975a459afa67ff1e83f60fee4cb7b2dc564a9bf1646fe947d7f0a03b5e86a8824211d0ff81e092928612af
02c59315d3c212c3f5fac3c543f123e01a84968700563387838093b713255bc719 04c59315d3c212c3f5fac3c543f123e01a84968700563387838093b713255bc719ed2cdb661626657ed5dd4952a740ec3479c0f8c0c002c554b064ec61bc2d229e
036f7a6354b572e5d916977036a05080e8f1b4d4b9318ff01e2d34d1c2d23d74a8 046f7a6354b572e5d916977036a05080e8f1b4d4b9318ff01e2d34d1c2d23d74a80becc560cd7e25710dba8b091629bfd187baafcdfefedf85d571411ac00e0073
03171895c9e5014231367bcc5a4dfa7a627130766c8ee156be591f08406aad0559 04171895c9e5014231367bcc5a4dfa7a627130766c8ee156be591f08406aad05598dc268607c44ae9d4b778e33ae1c4a9df1b4e861c62007c3521f2973f3321ef7
027cea24324d9a75b087b0e4edfe9010e4344b82d031ea5aada98b76d8e3be195d 047cea24324d9a75b087b0e4edfe9010e4344b82d031ea5aada98b76d8e3be195d16eb15dc757870c79b18bc0ed6a73957ff1b0c0c0b453d92e37a950c1747fc26
02242dda2b724f4d591656be1385e1fa12b0f14058f018bfec4d43ff381de4fa71 04242dda2b724f4d591656be1385e1fa12b0f14058f018bfec4d43ff381de4fa712552b2a971ca452b757c9b50bb21c79d3cccfeb5b6959adf2d03c7007d4e630c
03c2966edf6fbc5d4fac3374bb2efa742866b172f7615e0bd344da40802e8d5f19 04c2966edf6fbc5d4fac3374bb2efa742866b172f7615e0bd344da40802e8d5f192e50a8745d87bcbd60d5f4e66615bb5f73399eea3aa831e510c91a614e7c0bb7
03762c522915bbf095256a81d5e4f727e5de10adeefae46a29aa145245cdfeb1aa 04762c522915bbf095256a81d5e4f727e5de10adeefae46a29aa145245cdfeb1aaf38fe17a77bea18c35f8597a58e3b5581c35ccfe07cd66b61c20b1858c21c905
03eae5e964c71aad0103e47ad1c51dfd176dc79d7723065809b9030898ced99138 04eae5e964c71aad0103e47ad1c51dfd176dc79d7723065809b9030898ced99138c34a46c6f2585b6760b04516323d89e01d7a3af1df27e84df18dfa58973c823d

*edit: some text was cut off*

[wedom]

Does anybody has this script, its gone.
...
If you can compile your own version, you can add the export option that https://github.com/PatatasFritas/FriedKangaroo created.  If you search for PatatasFritas in this thread, they also have a python script that will do the same; export the wild and tame files.

...

it was a forked from JeanLucPons/Kangaroo
https://github.com/JeanLucPons/Kangaroo
I can't tell if there were any changes from the original. I still have the saved page, but there is no archive with the files


for the second question: the link is valid, everything is in place
https://gist.github.com/ZenulAbidin/286a652b160086b3b0f184a886ba68ca

[wedom]

Does anybody has this script, its gone.
...

I found the code of a script for browsing workfiles

kangaroo-tool.py

Code:

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import sys, os
if sys.version_info.major<3:
    print("Python3 required")
    sys.exit(0)

import argparse
from struct import unpack
from binascii import hexlify,unhexlify
from math import log2

HEADW = 0xFA6A8001  # Full work file
HEADK = 0xFA6A8002  # Kangaroo only file

HASH_SIZE = 2**18

TAME=False
WILD=True




def bytes_to_num(b):
    return int(hexlify(b), 16)

def GetTimeStr(dTime):
  tmp = ''
  nbDay = dTime / 86400.0
  if nbDay >= 1:
    nbYear = nbDay / 365.0
    if nbYear > 1:
      if nbYear < 5:
        tmp += "%.1fy" % (nbYear)
      else:
        tmp += "%gy" % (nbYear)
    else:
      tmp += "%.1fd" % (nbDay)

  else:

    iTime = dTime
    nbHour = ((iTime % 86400) / 3600)
    nbMin = (((iTime % 86400) % 3600) / 60)
    nbSec = (iTime % 60)

    if nbHour == 0:
      if nbMin == 0:
        tmp += "%02ds" % (nbSec)
      else:
        tmp += "%02d:%02d" % (nbMin, nbSec)
    else:
      tmp += "%02d:%02d:%02d" % (nbHour, nbMin, nbSec)

  return tmp


def checkhead(wf):
    head = unpack('I', wf.read(4))[0]
    if head==HEADW:
        return head
    else:
        print('HEADER ERROR %08x %08x' % (head, HEADW))
        return False

def workinfo(workfile):

  wf = open(workfile, 'rb')
  head = checkhead(wf)
  if not head:
    print('Invalid WorkFile Header')
    return
  version = unpack('I', wf.read(4))[0]
  dp1 = unpack('I', wf.read(4))[0]
  RangeStart = bytes(wf.read(32))[::-1]
  RangeEnd = bytes(wf.read(32))[::-1]
  x = bytes(wf.read(32))[::-1]
  y = bytes(wf.read(32))[::-1]
  count = unpack('Q', wf.read(8))[0]
  time = unpack('d', wf.read(8))[0]

  print('Header   : %08x' % head)
  print('Version  : %d' % version)
  print('DP Bits  : %08x' % dp1)
  print('Start    : %x' % bytes_to_num(RangeStart))
  print('Stop     : %x' % bytes_to_num(RangeEnd))
  print('PubKey X : %s' % hexlify(x).decode())
  print('PubKey Y : %s' % hexlify(y).decode())

  if count>0:
    print('Count    : %d 2^%.3f' % (count, log2(count)))
  else:
    print('Count    : %d' % (count))

  print('Time     : %s' % GetTimeStr(time))

  wf.close()


def workexport(workfile):

    wf = open(workfile, 'rb')
    head = checkhead(wf)
    if not head:
      print('Invalid WorkFile Header')
      return
    wf.seek(156,0) # Skip WorkFile header

    tameFile = open('tame.txt','a')
    wildFile = open('wild.txt','a')

    for h in range(HASH_SIZE):
      nbItem = unpack('I', wf.read(4))[0]
      maxItem = unpack('I', wf.read(4))[0]
      for i in range(nbItem):
        x = bytes(wf.read(16))[::-1]
        d = bytes(wf.read(16))[::-1]

        sign = (bytes_to_num(d) & 0x80000000000000000000000000000000)>0
        htype = (bytes_to_num(d) & 0x40000000000000000000000000000000)>0

        if htype==TAME:
          tameFile.write('%05x%032x ' % (h, bytes_to_num(x)))
          tameFile.write('%032x\n' % (bytes_to_num(d) & 0x3fffffffffffffffffffffffffffffff))
        else:
          wildFile.write('%05x%032x ' % (h, bytes_to_num(x)))
          if sign:
            wildFile.write('-')
          wildFile.write('%032x\n' % (bytes_to_num(d) & 0x3fffffffffffffffffffffffffffffff))

        if args.verbose:
          sys.stdout.write('%s' % ('Tame' if htype==TAME else 'Wild'))
          sys.stdout.write(' %05x%032x ' % (h, bytes_to_num(x)))
          if sign:
            sys.stdout.write('-')
          sys.stdout.write('%032x\n' % (bytes_to_num(d) & 0x3fffffffffffffffffffffffffffffff))


if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-f', dest='workfile', type=str, required=True, help='WorkFile path')
    parser.add_argument('--winfo', dest='winfo', action='store_true', help='Show workfile info')
    parser.add_argument('--wexport', dest='wexport', action='store_true', help='Export workfile into tame.txt and wild.txt')
    parser.add_argument('-v', dest='verbose', action='store_true', help='Verbose')
    args = parser.parse_args()

    if args.workfile:
        print("[+] Workfile %s" % args.workfile)

    if args.winfo:
        workinfo(args.workfile)

    if args.wexport:
        workexport(args.workfile)

https://gist.github.com/PatatasFritas/a0409df4306fb1bb81f9a53e70151ddc

[bigvito19]

Does anybody has this script, its gone.
...

I found the code of a script for browsing workfiles

kangaroo-tool.py

Code:

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import sys, os
if sys.version_info.major<3:
    print("Python3 required")
    sys.exit(0)

import argparse
from struct import unpack
from binascii import hexlify,unhexlify
from math import log2

HEADW = 0xFA6A8001  # Full work file
HEADK = 0xFA6A8002  # Kangaroo only file

HASH_SIZE = 2**18

TAME=False
WILD=True




def bytes_to_num(b):
    return int(hexlify(b), 16)

def GetTimeStr(dTime):
  tmp = ''
  nbDay = dTime / 86400.0
  if nbDay >= 1:
    nbYear = nbDay / 365.0
    if nbYear > 1:
      if nbYear < 5:
        tmp += "%.1fy" % (nbYear)
      else:
        tmp += "%gy" % (nbYear)
    else:
      tmp += "%.1fd" % (nbDay)

  else:

    iTime = dTime
    nbHour = ((iTime % 86400) / 3600)
    nbMin = (((iTime % 86400) % 3600) / 60)
    nbSec = (iTime % 60)

    if nbHour == 0:
      if nbMin == 0:
        tmp += "%02ds" % (nbSec)
      else:
        tmp += "%02d:%02d" % (nbMin, nbSec)
    else:
      tmp += "%02d:%02d:%02d" % (nbHour, nbMin, nbSec)

  return tmp


def checkhead(wf):
    head = unpack('I', wf.read(4))[0]
    if head==HEADW:
        return head
    else:
        print('HEADER ERROR %08x %08x' % (head, HEADW))
        return False

def workinfo(workfile):

  wf = open(workfile, 'rb')
  head = checkhead(wf)
  if not head:
    print('Invalid WorkFile Header')
    return
  version = unpack('I', wf.read(4))[0]
  dp1 = unpack('I', wf.read(4))[0]
  RangeStart = bytes(wf.read(32))[::-1]
  RangeEnd = bytes(wf.read(32))[::-1]
  x = bytes(wf.read(32))[::-1]
  y = bytes(wf.read(32))[::-1]
  count = unpack('Q', wf.read(8))[0]
  time = unpack('d', wf.read(8))[0]

  print('Header   : %08x' % head)
  print('Version  : %d' % version)
  print('DP Bits  : %08x' % dp1)
  print('Start    : %x' % bytes_to_num(RangeStart))
  print('Stop     : %x' % bytes_to_num(RangeEnd))
  print('PubKey X : %s' % hexlify(x).decode())
  print('PubKey Y : %s' % hexlify(y).decode())

  if count>0:
    print('Count    : %d 2^%.3f' % (count, log2(count)))
  else:
    print('Count    : %d' % (count))

  print('Time     : %s' % GetTimeStr(time))

  wf.close()


def workexport(workfile):

    wf = open(workfile, 'rb')
    head = checkhead(wf)
    if not head:
      print('Invalid WorkFile Header')
      return
    wf.seek(156,0) # Skip WorkFile header

    tameFile = open('tame.txt','a')
    wildFile = open('wild.txt','a')

    for h in range(HASH_SIZE):
      nbItem = unpack('I', wf.read(4))[0]
      maxItem = unpack('I', wf.read(4))[0]
      for i in range(nbItem):
        x = bytes(wf.read(16))[::-1]
        d = bytes(wf.read(16))[::-1]

        sign = (bytes_to_num(d) & 0x80000000000000000000000000000000)>0
        htype = (bytes_to_num(d) & 0x40000000000000000000000000000000)>0

        if htype==TAME:
          tameFile.write('%05x%032x ' % (h, bytes_to_num(x)))
          tameFile.write('%032x\n' % (bytes_to_num(d) & 0x3fffffffffffffffffffffffffffffff))
        else:
          wildFile.write('%05x%032x ' % (h, bytes_to_num(x)))
          if sign:
            wildFile.write('-')
          wildFile.write('%032x\n' % (bytes_to_num(d) & 0x3fffffffffffffffffffffffffffffff))

        if args.verbose:
          sys.stdout.write('%s' % ('Tame' if htype==TAME else 'Wild'))
          sys.stdout.write(' %05x%032x ' % (h, bytes_to_num(x)))
          if sign:
            sys.stdout.write('-')
          sys.stdout.write('%032x\n' % (bytes_to_num(d) & 0x3fffffffffffffffffffffffffffffff))


if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-f', dest='workfile', type=str, required=True, help='WorkFile path')
    parser.add_argument('--winfo', dest='winfo', action='store_true', help='Show workfile info')
    parser.add_argument('--wexport', dest='wexport', action='store_true', help='Export workfile into tame.txt and wild.txt')
    parser.add_argument('-v', dest='verbose', action='store_true', help='Verbose')
    args = parser.parse_args()

    if args.workfile:
        print("[+] Workfile %s" % args.workfile)

    if args.winfo:
        workinfo(args.workfile)

    if args.wexport:
        workexport(args.workfile)

https://gist.github.com/PatatasFritas/a0409df4306fb1bb81f9a53e70151ddc

Thanks

[fxsniper]

Can I ask about Pollard's kangaroo python script ?

Did I understand wrong?
Pollard's kangaroo generate random number(in range) to private key for generate public point and compare collision right ?

if I understand correct
What variable is private key Pollard's kangaroo ?

from ask, I mean private key of each generate point for check. ( I not mean private key of result )

https://github.com/JeanLucPons/Kangaroo/blob/master/Kangaroo.cpp
http://fe57.org/forum/thread.php?board=4&thema=1#1
https://github.com/Telariust/pollard-kangaroo/blob/master/pollard-kangaroo-multi.py

pollard_kangaroo.txt
t.append((3 << problem - 2) + random.randint(1, 1 << problem - 1))
w.append(random.randint(1, 1 << problem - 1))

pollard-kangaroo-multi.py
prvkey0 = random.randint(L,U)

Kangaroo.cpp
?