Calculating Satoshi's coins

[NotATether]

We wanted to have a decentralized exchange for this project and created an own token as ADAB spin-off. We chose the Waves platform.

Exchange: https://waves.exchange/

Explorer with information on the token:
https://wavesexplorer.com/tx/9zMruSw8PPVPvRWgmrDi8QzsaGwNfBqdx9L5sMgASDAK

Name of the token: BitcoinADAB
Quantity: 10,000,000
Decimals: 8
Reissuable: no (10,000,000 tokens is max.)
AssetId: 9zMruSw8PPVPvRWgmrDi8QzsaGwNfBqdx9L5sMgASDAK

To find the token in the exchange:
Switch from 'Verified mode' to 'Community mode'
Search with the AssetId: 9zMruSw8PPVPvRWgmrDi8QzsaGwNfBqdx9L5sMgASDAK
Pairs: BitcoinADAB/BTC and BitcoinADAB/WAVES

This is our interaction token for this project.

How exactly is this supposed to interact with a private key solver program again?

The software would have to be modified to buy or sell tokens as progress is made in exhausting search space. And it's pretty tricky to modify these programs because I once did that, and then someone complained on Github that it wasn't finding keys anymore.

[BitcoinADAB]

How exactly is this supposed to interact with a private key solver program again?

The software would have to be modified to buy or sell tokens as progress is made in exhausting search space. And it's pretty tricky to modify these programs because I once did that, and then someone complained on Github that it wasn't finding keys anymore.

The participants will provide the system with distinguished points only and after solving a point, we will publish it and the solving participants will broadcast their reward address, so we can transfer them their reward. We expect that the first solutions will take some time and the intervals will be long enough to make it manually and not automated. Also the purchase of the interaction token will happen manually.

At the beginning ot this project we want to improve the system to solve the points. Once the points will be solved, we will find an automated solution to the rewarding. But we expect that the purchase of the interaction token will remain manually.

[BitcoinADAB]

One other important thing for our project is, that when all 'Satoshi's points' are calculated, owners of the interaction token would sell all their coins as they would be valueless after solving the last point. The token price would crash before solving the last points. For that problem we have following solution:

For the last 4000 points, the solving participants will get their 25 BTC (12.5 BTC for wild and 12.5 BTC for tame) reward as usual.
But the purchase of the token with the remaining 25 BTC will be different. We will place them all as 0.01 BTC bid orders after solving one point, so that all token holders can sell for 0.01 BTC at least. That means: 4000 points with 25 BTC each = 100,000 BTC and the price wouldn't go below 0.01 BTC in the end as that would cover all 10,000,000 tokens.

[BitcoinADAB]

We have to start somewhere ...

For example with a site like https://lbc.cryptoguru.org/about. They are calculating keys for hashed addresses. (We think that is impossible for Satoshi's addresses.)

[BitcoinADAB]

There is a project to calculate Satoshi's coins and bring them back.

Is this
https://www.fxstreet.com/cryptocurrencies/news/is-satoshi-cashing-out-640-nine-year-old-bitcoin-on-the-move-202107131344
related to ur project?
Or is it some prophet inequality calculation of when, the perfect timing for, "I have to go now"?

Not related. We are permanently checking the blocks for such moves, But none of Satoshi's coins heve been moved so far.

'Satoshi's points' what we are calculating are coinbases only and mined in 2009 and 2010.

[ymgve2]

Why are you limiting yourself to Satoshi's coins? There's nothing special about those private keys, if you got a way to crack those, you can attack any key which have had their public key exposed.

[BitcoinADAB]

Why are you limiting yourself to Satoshi's coins?

We want to solve Satoshi's coins, because these coins were mined to serve the purpose, to let the Bitcoin network run. Without these coins, we wouldn't have Bitcoin today, they are special as they had to be mined. Satoshi mined them, marked them and didn't transfer them. Satoshi alone can respond to our project e.g. can transfer them to other addresses. If someone can sign messages to our points, we will be sure that it is Satoshi as they were marked in a way, that you can separate them from others.

Think of it as sunken ships with these mined coins as their cargo. And we want to salve these ships and recover the coins.

That does not mean, that Satoshi isn't owning other coins (not sunken ships) than these marked.

[BitcoinADAB]

Pollard's kangaroo / lambda / rho accelerator for our project



It leads to inner loops, but all solvable.
Profit: with one point addition, one will cover 6 points.

[BitcoinADAB]

Pollard's kangaroo / lambda / rho accelerator



It will lead to inner loops, but all solvable.
Profit: with one point addition, one will cover 6 points.

When will you be done with that project?

here is pubkey
02991eb8eb2e45b4bc9c71bc9a022832e712a8dc1b2db62bd7456e49b2d9f7dac8
could you tell me first example if its x1 ? x2 ? x3 ?
if its x1 then whats x2 and x3 print pubkeys , it will help to vistors for understand about x1 x2 x3
thankx

Example: pubkey = 02991eb8eb2e45b4bc9c71bc9a022832e712a8dc1b2db62bd7456e49b2d9f7dac8
This point becomes Point (x1, y1), but we don't know if it is Point 1, 2, 3, 4, 5 or 6.

from our offline server:

Code:

Point 1 (x1, y1)
x1 = 0x991eb8eb2e45b4bc9c71bc9a022832e712a8dc1b2db62bd7456e49b2d9f7dac8
y1 = 0xeb3c392e5ac716a0cb40fa08e2616f47459e6a1cc0f2922836896a1ce5f631cc

Point 2 (x2, y2)
x2 = 0xa673e97568057fb5f41c35d6ed6c88ef97510d71222b3686ef892f4ccc2af536
y2 = 0xeb3c392e5ac716a0cb40fa08e2616f47459e6a1cc0f2922836896a1ce5f631cc

Point 3 (x3, y3)
x3 = 0xc06d5d9f69b4cb8d6f720d8f106b442956061673b01e9da1cb0886fe59dd2860
y3 = 0xeb3c392e5ac716a0cb40fa08e2616f47459e6a1cc0f2922836896a1ce5f631cc


Point 4 (x4, y4)
x4 = 0x991eb8eb2e45b4bc9c71bc9a022832e712a8dc1b2db62bd7456e49b2d9f7dac8
y4 = 0x14c3c6d1a538e95f34bf05f71d9e90b8ba6195e33f0d6dd7c97695e21a09ca63

Point 5 (x5, y5)
x5 = 0xa673e97568057fb5f41c35d6ed6c88ef97510d71222b3686ef892f4ccc2af536
y5 = 0x14c3c6d1a538e95f34bf05f71d9e90b8ba6195e33f0d6dd7c97695e21a09ca63

Point 6 (x6, y6)
x6 = 0xc06d5d9f69b4cb8d6f720d8f106b442956061673b01e9da1cb0886fe59dd2860
y6 = 0x14c3c6d1a538e95f34bf05f71d9e90b8ba6195e33f0d6dd7c97695e21a09ca63

(Now we can say that the example point was Point 1, but that is not important.)

Remember:
x1 = x4  and  x2 = x5  and  x3 = x6
y1 = y2 = y3  and  y4 = y5 = y6

Lowest x = x1  or  x = x4
x = 0x991eb8eb2e45b4bc9c71bc9a022832e712a8dc1b2db62bd7456e49b2d9f7dac8

Lowest y = y4  or  y = y5  or  y = y6
y = 0x14c3c6d1a538e95f34bf05f71d9e90b8ba6195e33f0d6dd7c97695e21a09ca63

That Point (x, y) would be the reference point to go on with. From that point you jump to another Point (x1, y1) according to your kangaroo / rho.
It doesn't matter if you jumped to Point 1 or 2 or 3 or 4 or 5 or 6, your reference point would be that Point (x, y) in all cases.

That makes kangaroo / rho faster. For example: A 'tame' that jumps to Point 2 will go on with Point 4. A 'wild' that jumps to Point 5 will also go on with Point 4 and we would have a solution.

But this only works if you have the full Bitcoin range (1 ... n) like in this project and not in a range like the puzzle #120 (2^119 ... 2^120 - 1).

[BitcoinADAB]

So it works in the full range of 2^256 so what would be the expected operations?

• 1 point addition to have Point (x1, y1)
• 1 subtraction to get y2
• 2 multiplications to get x2 and x3
• comparisions to get lowest x and lowest y

Then you will have all x and y coordinates for all 6 points with the effort of less than 2 point additions, what will increase the speed enormously.

[casinotester0001]

~

The speedup works only on Pollard Rho, at most sqrt(6) = 2.44 times. For Kangaroo only the negation (y) is applicable, with speedup at most 1.41 times (and bigger variance?) - AFAIK Jean-Luc uses it already.

All this is well known:
if we have a point (x,y) = k*G, the 6 points are
(aⁱx, b^jy) = cⁱd^j*(k*G)
with
a³ = 1 mod p (matching the chosen value of c)
b² = 1 mod p
c³ = 1 mod n (matching the chosen value of a)
d² = 1 mod n
i∈{0,1,2}
j∈{0,1}.
One can calculate the numbers by finding the primitive roots mod p and n
I.E.
r_p = 77643668876891235360856744073230947502707792537156648322526682022085734511405
r_n = 106331823171076060141872636901030920105366729272408102113527681246281393517969
a = (r_p^(p-1)/3)² = 55594575648329892869085402983802832744385952214688224221778511981742606582254
b = r_p^(p-1)/2 = 115792089237316195423570985008687907853269984665640564039457584007908834671662 = -1
c = r_n^(n-1)/3 = 37718080363155996902926221483475020450927657555482586988616620542887997980018
d = r_n^(n-1)/2 = 115792089237316195423570985008687907852837564279074904382605163141518161494336 = -1

[BitcoinADAB]

Building the group 

[casinotester0001]

I think that we need:

1) improvement of the hashing/computing power
2) new ways of calculating

I don't think that there will be a formula to get from the public key through a simple calculation the private key. But I'm sure that the 256 bit range can be calculated with less than the today's 128 bit (pollard). Let's say we bring it down to 80 bit and at the same time we improve the hashing/computing power, so it could be possible to solve this.