Topic: == Bitcoin challenge transaction: ~1000 BTC total bounty to solvers! ==UPDATED== - page 3. (Read 56284 times)

Because if you want to crack a private key by the BTC address, the only option is brute-force (e.g. 160-bit security at most).

But if you have to crack a private key by its public key, Kangaroo, BSGS, or even random sampling (b-day paradox) reduces the search to square-root, so e.g. 160-bit public key is somehow 80-bit secure. But since puzzles 81 to 159 (except multiples of 5) only have the address today, then there is no public-key secure equivalent puzzle to the 81, 82, 83, or 84 bits puzzle, and so on. So, brute-force grows exponentially, but the cost to break them is way higher than the prize. If we had equivalent higher public-key puzzles (165 bits, 170 bits) etc. with public key known, than they weren't actually 160-bits secure, but 82-bits, 85 bits, etc.) - the creator moved those funds way before we had Kangaroo publicly available, so the "160+ puzzles are all actually 160-bits secure" did not make sense at the time.

Puzzle 159 with no pub key is way overkill, it's simply measuring SHA256 cracking performance, not EC security. The highest puzzle that would actually measure EC security would have been #256 (128-bits secure).

Frankly, I can't follow your logic why #81...#159 don't make sense at all in your opinion. I must be missing something.

Why would puzzle #127 be of somewhat similar difficulty as puzzle #254? Can't wrap my head around this statement and it puzzles me. As I'm following the puzzle's progress only out of a crypto security inspired context and don't have much knowledge about BSGS and Kangaroo, maybe you're so kind to give a brief ELI12 type answer.

It is unique. You can produce a proof for that, if you explore smaller elliptic curves.

Exactly. And the proof for that is produced, when you compute n-value, based on p-value, to construct the curve parameters in the first place. So, you first pick p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, and then, you calculate n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141, along with a proof, that it is exactly this value, and nothing else.

Also, you validate the proof, for example by taking any public key, and multiplying it by (n-1), and then see, how you go from (x,y) into (x,-y), no matter, which x-value and y-value you would pick. And you validate, that there are no hidden subgroups, by checking, that n-value is prime.

They make sense in case of Taproot addresses, because then, public keys are always revealed, and because breaking 160-bit public key requires only checking 2^80 keys, because of the birthday paradox. So, the range 161-256 can still become unsolved for P2PK, even if you solve it for P2PKH.

Yes. And you don't have to rely on your memory, it is written in the chain:

2019-06-01: https://mempool.space/tx/17e4e323cfbc68d7f0071cad09364e8193eedf8fefbcbd8a21b4b65717a4b3d3
2017-07-11: https://mempool.space/tx/5d45587cfd1d5b0fb826805541da7d94c61fe432259e68ee26f4a04544384164
2015-01-15: https://mempool.space/tx/08389f34c98c606322740c0be6a7125d9860bb8d5cb182c02f98461e5fa6cd15

Well by the same reasoning, puzzles from 81 to 159 don't make sense at all. It would have made more sense for 161-255 to only have outgoing TX, not be redistributed, because for example puzzle 254 would have somewhat similar difficulty as puzzle 127. But once #160 gets solved, then no one would be interested in solving 81 for a half-reward but double difficulty.

At the moment I can't explain it with scientific precision. The reason to scrap the puzzles #161 to #256 isn't that #160 likely won't be reachable in our lifetime and/or this century and maybe beyond. The reason is that hashing with RIPEMD160 caps the unambiguous bitrange to 160.

The relation private key --> public key is very likely unique, we can assume no collisions (I can't prove that mathematically, though), i.e. no two different private keys will give you the same public key.

To get a legacy public address there's a hashing step with RIPEMD160 that gives you a 160bit hash, thus there are mathematically obvious at max. 2⁹⁶ public keys with the same RIPEMD160 hash aka same legacy address.

Therefore by the initial puzzle conditions (no public key was revealed first), puzzles #161 to #256 make not much sense. This didn't occur to the puzzle creator at first but when he was nudged to it, he realized his mistake and redistributed funds from the no-sense range to the makes-sense range.

AFAIR revealing public keys for puzzles of multiples of 5 came even later (I could be wrong, don't have it crystal clear from my memory's bottom area).

Nobody. The initial idea of ​​the puzzle was to include a prize on each range, but after a few years the creator transferred the funds from addresses 161-256 to the remaining unsolved addresses from 160 downwards, making the prizes more appealing. I think that because we won't even find that 160 in our lifetime :-)

Has anyone cracked the 256 key?

Thank you. It really works. I tested it by creating a "fragile 69bit" wallet with $50 and made the transfer and the public key was not listed in the mempool.
Now I can continue my code using FPGA. Thank you very much for your kindness.

There are actually a few solutions!!

I am not a super mathematician, but I am someone who loves details on statistics and probability calculations.

I had stopped statistical studies due to some problems. But now, the growth of the reward from wallet 66 has caught my attention.

In this regard, I made some probability calculations based on the source of the n=nP formula and verified some parts because my hardware power is low.
Actually, this event is about a very thought-provoking mathematics and probability calculations.

I know that wallets like 67-68-69... will be found in a short time with high hardware power that gradually increases with Vanitysearch(--keyspace).

The important thing is that n=? np=? the rest automatically shortens the time.

Yes, i am also interested in knowing the private keys to these solved wallets, but when a year ago I asked to share 120 workfiles to possibly find out the private key, no one shared them.

Yes, you are right.

1- It will be written directly on the screen of the person who finds the wallet. Surprise

2- The pool will not have any profit, it will only be supported by the person who finds it and the donation method by other users.

3- It does not matter how powerful the hardware is, who scans it, they will know that they did this for themselves and their luck.

After telling Chris the reasons and reasons about this issue, TTD (ttsdsales) put the reward system.

My hardware is low but I found the wallet, I just entered the system. Thanks to my luck and knowledge, someone else will get 300k dollars but I will get 300 dollars. 

If a pool is properly developed this should never be a problem, the users will no have way to use the server as oracle, and the users can't lie about what they scan or what they don't scan.

ttdsales /66bit/ ??

ttdsales/67bit It's open, let's become a member now.

a community of people who waste their time and hardware.

Because the system is a closed circuit system, no one can prove anything. You find the money, but my server informs me. You can't see the background.


-----------------------------------------------------
Zielar, one of the people closest to Chris (TTD), also made a statement along these lines. I wonder what happened between them?

Zielar, who put a lot of effort into the system at first, now doesn't like the system?
I hope this will answer the question and other users will understand that it is not a correct system.

---

One of the system ideas is,

I scan a few ranges, the other person scans the range at the same level and we share information with each other.
There will be many things like system vulnerabilities etc.

For example, what if he wants to get information by lying about the range he did not scan?
User, IP, MAC address. BAN!!

How puzzles could have been generated:

what is TTD?

I completely agree with ziealer on this. He may be right about finding TTD in 64 and 66 wallets.

Zielar, who has had TTD before, I don't know what problem he has with Chris Zahrt.

I don't trust places like this from the beginning. Actually, I have a different idea in mind, but everyone's opinion may be needed.

Maybe they've been cracking keys using stolen credit cards to squat as many GPU's as possible, who knows. See this blog, it's a good read: https://modal.com/blog/catching-cryptominers

Higher school of driving :-D but as one of the few I have to admit that you contribute a lot of valuable issues to the topic. I haven't been here for some time because occasionally somewhere on the side I "cooperated" with ttd with free funds. Somewhere there, at the beginning at pool 64 I had concerns as to whether the creation of this pool was really for the purpose of "mutual benefit", but later I dispelled my concerns due to good contact with the owner. It became distasteful when, convinced by the recent successes of pool 66, I was focused on part of the prize - I finally dispelled my concerns in a negative way. Once again, someone has developed a twice as difficult range with positive results - and once again no one has flaunted it either before or after finding a solution... Well, yes - the simplest. Who is going to prove anything to whom when the results of the work have always been sent to the server. All you have to do is receive the key, withdraw it and announce that someone from outside has done it, right? Besides, tell me honestly - do you think that anyone ALONE is trying to break larger and larger ranges?? since even for me level 64 already seems so high that I gave up. And here you go - the last two low-level levels (for which pools were created) - the finder of the key unknown and the pool is not the finder...? And for credibility, it was enough to create some newbie account and post with the key and it would immediately look different... besides, for a profit of a million dollars - during these two years I would be able to develop even this account well and come up with a good story about how I got to this key)... but oh well... not every person acts the same. Personally, I completely give up on this type of "cooperation" and I strongly advise against it to others.. It's a waste of your money to pump it into others. If you think otherwise - you can deposit it into my wallet without deluding yourself that you will gain anything except my gratitude:
=============
bc1qv5a3urpj3fszalsuw0r4dlafxel68aaypqxxqlzhl8ygnehw6k9s8d3sm2
============
To be honest - what pissed me off was not even that I was disappointed in my opinion, but that despite spending free funds on some contribution to a previously trusted pool - in the end it turned out that I spent $4,000 on the scale of the entire contribution, so not a small amount. I know that there are those who spent much more and I sympathize with you very much. I know that life will return it to you in a double positive form. As I promoted earlier - I currently RECOMMEND NOT cooperating with you in any projects related to this challenge, because as statistics have shown - since I found with JLP and published solutions to the found ranges - each subsequent level has been discovered by an UNKNOWN PERSON in an UNKNOWN WAY... the solution is UNKNOWN for most, and the costs and requirements are much greater. There is no point in hiding - this challenge has already become only a matrix for creating the perfect idea for how to get rich by walking over dead bodies... and with today's technology - the chances are slim... and this was probably also the idea of ​​the creator, who paid so much BTC additionally to wallets. The entered phrase with a request to send the solution to PM is the only thing I can do to be able to learn the solutions... at least for statistical purposes... because this is probably the MAX of what you can be happy about today in the subject of this challenge.

I don't know if such person/people is reading us but...

A clever way to disclose the private key is the next:

Take all the inputs to your address but leave some dust input behind (all those wallets has always some dust inputs)
Then once that you cleared all the balances in all chains except one dust, make a special TX where you manually chose a repeated Nonce value or one with some difference small to be solvable with some math.
Broadcast that TX and someone should notice that repeated or weak R value and the key should be solved easily.