8 Prime Spirals SHA-based De-cryption? Private Keys

[TimS]

Now to you is he a genius or should he be mocked on this forum like you are doing. Face it, if you mock Dr. Adoni and his brilliant 30Mod Prime Algorithm the NSA is paying you to mock him.

Not sure if troll, or really that stupid. I'm going with the latter. Adoni and his crackpottery have plenty of company, all of it cooky. You either are him, or have fallen for his nonsense because you have little to no mathematical background.

This is conspiracy theory bullshit written by somebody with no clue in mathematics, number theory, primality testing, cryptography and so on.

Yes, the prime numbers distribution is not random and Ulam spirals are real but they are nothing more than a curious pattern with no practical applications. There is no magic formula that will yield simultaneously a) only primes, b) all primes and c) different primes every time without some kind of brute force testing.

...

Finally, someone else in this thread with some decent knowledge of modern mathematical algorithms and any mathematical background. Hear, hear!

That said, how exactly the NIST elliptic curves are picked is a concern and I personally don't trust Elliptic Curve Encryption - but that's only because I don't have a sufficiently good understanding of it (while I do understand and prefer RSA encryption). But nobody forces you to use the NIST curves. You can easily pick different ones and still use EC-based cryptography.

(quick intro: Bitcoin uses the secp256k1 curve. The only remotely suspicious things here are the generator base point G, and the choice of P as nextprime(2^256-2^32-2^10).) For you and anyone else interested in ECC and whether the base point G in secp256k1 could be a problem, read the post at https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 (also see https://bitcointalk.org/index.php?topic=289795.msg3206788#msg3206788 for a nothing-up-my-sleeve derivation of the rest of the parameters in secp256k1). Specifically:

3. The base point G is something I cannot explain, but the general understanding, at the time and still now, is that the base point G cannot contain a backdoor in the main problem underlying ECC, namely ECDLP and ECDHP. Indeed, random self-reducibility applies to prove that the choice of G is irrelevant for most versions of these problems.  Some cryptographic schemes, including ECDSA, seem to depend mildly on some other problems, in which the choice of G may be more relevant.    In particular, the ECDSA verification of a signature (r,s) includes a check that r is not zero.  If this check is dropped, then there is a possibility that party who chose G can have chosen G in such that to make some signature (0,s) valid for a particular message m.  (For details and examples, see my chapter in Advances in Cryptology II, or my paper “Generic Groups, Collisiion Resistance, and ECDSA”, or my IACR eprint “The One-Up Problem for ECDSA”.)   I strongly doubt that G is malicious, because these properties were not widely known at the time, and the adversary seems to have little to gain, the verifier has to be faulty.

Also:

When you say G is provably irrelevant, I can only assume (and I'd rather not hence this reply) that you mean a choice of G cannot effect the ability of an attacker to brute force a private key.  While there are convincing arguments of that in this thread, I wouldn't call any of them a proof.

You can transform any pubkey on any G to a pubkey on another generator by means of addition.  In particular, if there is some bad generator O where you can compute the log of Ox for arbitrary x easily, one can use find the discrete log of Gx as log_O(Gx)/log_O(G) mod order. One doesn't need to prove anything about the hardness of the discrete log to just show the arithmetic relation that if on a curve discrete log is insecure with respect to one generator then discrete log is insecure with respect to all generators of that group.

A better example that I could have given is how the byte order is chosen (big endian or little endian). You surely can't create an implementation without knowing how to deseralize the bytes, but byte order isn't relevant to security.

So if one G is broken, then they all are. It doesn't matter whether G is nothing-up-my-sleeve or specially chosen one way or another: either the NSA has an algorithm to break Bitcoin with any G, or they don't.

[1715202726]

1715202726

[1715202726]

1715202726

[1715202726]

1715202726

[jbreher]

Dr. Lenstra is Satoshi

Lenstra is not Satoshi.

But I have recently uncovered evidence that Adoni is in truth none other than Chuck Norriss.

[jonald_fyookball]

Dr. Lenstra is Satoshi

Lenstra is not Satoshi.

But I have recently uncovered evidence that Adoni is in truth none other than Chuck Norriss.

Adoni the scammer finds this on reddit and tries to exploit it and take credit..what else is new

http://www.reddit.com/r/Bitcoin/comments/2nicip/found_this_gem_newsgroups_from_2002/

whenever referring to him make sure to put adoni the scammer or adoni scammer....
that way the keywords will be associated in google.

he wants to spam his sites everywhere at least people should know adoni is fraud.

[Vessko]

So are you NSA Vessko? haha

LOL, no. In fact, I would probably be explicitly forbidden from working for the NSA.

From what I've read, Snowden docs proved the NSA hacked ECC with bad seed keys and NiST their government Org distributed them

Please provide a link that is the source of your claims, so that I can point out exactly what you have misread. Snowden never claimed that "the NSA hacked ECC". The "NIST distributed bad seed keys" nonsense, if redacted to say "NIST suggests elliptic curves known by the NSA to be weak" would make more sense - but that doesn't mean that ECC is broken; it only means that the particular curves suggested by NIST are not good. (And even that is probably stretching it to the conspiracy theory side. The way NIST selected the actual curves is a pretty transparent process.) But, as I have repeated several times, nobody forces you to use them.

The only thing we know for sure from the Snowden leaks is that the Dual Elliptic Curve Deterministic Random Bit Generation has been included as a NIST standard due to the influence of the NSA. That's it. The only thing we know for sure. Everything else is clueless suspicions and ignorant conspiracy theories by mathematically illiterate people.

For a more informed discussion of the issue, see here.

How about this, do you agree that the 30 Mod prime algorithm locates all primes over 5 in that they exist on 8 spirals?

No, I do not - but only because your statement is clueless and imprecise. The correct statement is that all primes larger than 29 are generated (along with many more composites) by the 8 "Adoni" polynomials. (The first 10 primes - i.e., 2 to 29 inclusive - are "hard-coded") So what? They (well, all primes larger than 3) are also generated by these two polynomials:

6 * k - 1
6 * k + 1

It is possible to pick an infinite number of sets of polynomials that generate all prime numbers above a given lower limit.

Now IF you agree that is a fact, that means all primes above 5 must be 30n+P where n = any number and P = one of the 8 Adoni Prime spirals.

Wrong again. That's true only for all primes above 29 - not for all primes above 5. To save the readers the effort to search what the Adoni polynomials actually are, they are this set:

30 * k + 1
30 * k + 7
30 * k + 11
30 * k + 13
30 * k + 17
30 * k + 19
30 * k + 23
30 * k + 29

where k is a natural (i.e., non-negative integer) number. It should be blindingly obvious even to the mathematically illiterate that they can never generate any prime numbers under 31.

Now that means PRIMES ARE NOT RANDOM

Of course primes aren't random - but I am 100% percent certain that you have no clue what "random" means. There is even a formula for the approximate number of primes smaller than a limit N. The formula is not exact, it gives only an upper and lower limit. The typesetting capabilities of this forum do not allow me to reproduce it here and the person I am replying to won't understand it anyway but for those of the readers who are mathematically inclined, see this article (warning, heavy math inside).

so the long history of mathematics had man geniuses looking for that and Dr. Adoni was the first guy to find it in 1995.

No, Dr. Adoni is an ignorant moron why is imagining to have discovered the secrets of the Universe by improving the sieve of Eratosthenes in a minuscule way (by saving it the need to sieve out the first 10 primes). And, what do you know, he even claims to predict earthquakes, tsunamis and hurricanes. I kid you not.

Now to you is he a genius or should he be mocked on this forum like you are doing.

Mocked, definitely. Oh, wait, was that a rhetorical question?

Face it, if you mock Dr. Adoni and his brilliant 30Mod Prime Algorithm the NSA is paying you to mock him.

I wish they were. Not for the money but because the NSA employs some of the most brilliant mathematicians in the world. I wish I were that good. Sadly, I'm not.

So who signs your checks Vessko? NSA right?

Actually, at the moment it is the Bulgarian Academy of Sciences and they aren't checks (we don't use those in our country).

As to bitcoin, do you agree bitcoin uses ECC crypto?

No, I do not. Again, that's because my penchant for precise statements, which the above isn't. I can only agree that Bitcoin uses the secp256k1 elliptic curve for signatures. It also uses no encryption and it uses the SHA-256 and RIPEMD-160 functions for hashing. Note that NIST actually suggests the use of secp256r1 - not of secp256k1. Conspiracy theory time - did Satoshi know something about what the NSA did way back in 2009?

Do you agree bitcoin use Koblitz Curves a form of ECC crypt?

No, I do not. Again, because of the lack of precision in the above statement. Koblitz is one of the authors of Elliptic Curve Cryptography. ECC makes use of possibly infinite number of elliptic curves for encryption and signing. One particular such curve is used for signing only in Bitcoin. That is the precise statement I can agree with.

So any major news about how corrupt ECC crypto CONCERNS BITCOIN

Indeed it does, to a certain degree (e.g., the security of transactions but not the mining), but there haven't been any.