Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 133.

alek76

member

Activity: 93

Merit: 16

Quote from: nomachine on October 09, 2023, 03:00:09 AM

if we want to trim the high bytes of the derived key with zeros, can we do so by copying only the lower bytes of the key to the BIGNUM ?

Yes. Only he edited the high bits. Or maybe bytes Cheesy

I just replaced the high byte with 0x2.
Why divide modulo Range? Modulo the Order is probably correct, it gives a different result. And then cut off the 32-bit string.
I found an error again

Code:

    unsigned char derivedKey[64]; // SHA-512 produces a 64-byte key
    if (PKCS5_PBKDF2_HMAC((const char*)BN_bn2hex(minKey), BN_num_bytes(minKey), salt, sizeof(salt), 0, EVP_sha512(), sizeof(derivedKey), derivedKey) != 1) {
        // Handle error
        return nullptr;
    }
****************************************************************************************
int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
				const unsigned char *salt, int saltlen, int iter,
				const EVP_MD *digest,
				int keylen, unsigned char *out);
****************************************************************************************

pass the seed - Input data
passlen
salt = "Bitcoin seed"; // Salt is always constant !
iter = 1 // Didn't look at the code? 0 gives 1 intervention? or 2048 intervention?
// in VanitySearch version function 0 gives 1 iteration.
keylen = 64
-------------------------------------------------------------------------------------------
Where is the Input data Huh

rosengold

jr. member

Activity: 149

Merit: 7

Quote from: digaran on October 08, 2023, 12:59:50 PM

Here, if anyone is interested, I have managed to divide puzzle 115 by 2^23 without reaching fractions, but in order to do that, you'd need to guess the last 6 characters.

Code:

from sympy import mod_inverse

N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

def ters(scalar, target):
    k = mod_inverse(2, N)
    scalar_bin = bin(scalar)[2:]
    for i in range(len(scalar_bin)):
        if scalar_bin[i] == '0':
            result = (target * k) % N
        else:
            result = ((target * k) % N + N - 1) % N
        target = result
    return result

target1 = 31464123230573852164273674364426950
target2 = 6331078

print("Target results:")
for x in range(8388608, 8388700):
    result1 = ters(x, target1)
    (f"T1: {result1:x}")
for x in range(8388608, 8388700):
    result2 = ters(x, target2)
    (f"T2: {result2:x}")
for x in range(8388608, 8388700):
    result1 = ters(x, target1)
    result2 = ters(x, target2)
    subtraction = (result1  - result2) % N
    print(f"S:{subtraction:x}")

I still don't understand what you need to do to find the private key after find the key subtraction result, if I understand it maybe I could write a CUDA version for it.

nomachine

member

Activity: 462

Merit: 24

Quote from: alek76 on October 08, 2023, 10:41:55 PM

For this need BigNum from the OpenSSL library. Here again need OpenSSL, no matter what Roll Eyes

if we want to trim the high bytes of the derived key with zeros, can we do so by copying only the lower bytes of the key to the BIGNUM ?

Code:

#include 
#include 
#include 

// Function to generate a random private key with PBKDF2-HMAC-SHA512 using OpenSSL's EVP library
BIGNUM* generateRandomPrivateKey(const BIGNUM* minKey, const BIGNUM* maxKey) {
    BIGNUM* randomPrivateKey = BN_new();
    BIGNUM* range = BN_new();

    // Calculate the range (maxKey - minKey)
    BN_sub(range, maxKey, minKey);

    unsigned char salt[16];
    // Generate a random salt
    if (RAND_bytes(salt, sizeof(salt)) != 1) {
        // Handle error
        return nullptr;
    }

    unsigned char derivedKey[64]; // SHA-512 produces a 64-byte key
    if (PKCS5_PBKDF2_HMAC((const char*)BN_bn2hex(minKey), BN_num_bytes(minKey), salt, sizeof(salt), 0, EVP_sha512(), sizeof(derivedKey), derivedKey) != 1) {
        // Handle error
        return nullptr;
    }

    // Copy the entire derived key to the BIGNUM
    BN_bin2bn(derivedKey, sizeof(derivedKey), randomPrivateKey);

    // Ensure that the derived key is within the desired range
    BN_mod(randomPrivateKey, randomPrivateKey, range, nullptr);

    // Add the minimum value to the generated random number
    BN_add(randomPrivateKey, randomPrivateKey, minKey);

    // Cleanup the range BIGNUM
    BN_free(range);

    return randomPrivateKey;
}

alek76

member

Activity: 93

Merit: 16

I made a new key generator. Tested the HMAC-SHA512 function, the data output is correct. Added a split of the 512 bit key into 2 keys - respectively 256 bits each.
It may not be necessary to add anything more, all the initial data is not known...

Code:

// Get Keys from SEED
void VanitySearch::getKeysFromRandomSeed(int nbitL, int nbitU, bool master, int nbThread, Int *keys) {
	
	// Generate a seed byte sequence S of a chosen length (between 128 and 512 bits; 256 bits is advised) from a (P)RNG. 
	// Calculate I = HMAC-SHA512(Key = "Bitcoin seed", Data = S) 
	// Split I into two 32-byte sequences, IL and IR. 
	// Use parse256(IL) as master secret key, and IR as master chain code.
	
	// Variables
	Int IL;// IL as master secret key
	Int IR;// IR as master chain code
	Int pKey;
	Int sKey;
	
	// Master key generation 
	
	for (int i = 0; i < nbThread; i++) {
		
		newSeed:
		
		string seed = Timer::getSeed(32);// Used the random seed ???
		
		// test seed
		//seed = "bla bla bla";// Mnemonic code words
		
		string salt = "Bitcoin seed";// = "VanitySearch";
		
		unsigned char hseed[64];
		
		pbkdf2_hmac_sha512(hseed, 64, (const uint8_t *)seed.c_str(), seed.length(), 
		(const uint8_t *)salt.c_str(), salt.length(), 
		hmac_sha512_nb_round);// 1024 Electrum ?
		//2048);// 2048 rounds of hashing required by the BIP 39 Standard ???
		
		// Reverse bytes (not use sha256)
		unsigned char hseed_r[64];
		int b = 0;
		for (b = 0; b < 64; b++) hseed_r[63 - b] = hseed[b];
		
		// Split I into two 32-byte sequences, IL and IR.
		// Use parse256(IL) as master secret key, and IR as master chain code.
		
		// Split IL and IR
		unsigned long long *vTmp_IL = (unsigned long long *)&hseed_r[32];// IL as master secret key
		unsigned long long *vTmp_IR = (unsigned long long *)&hseed_r;// IR as master chain code
		
		IL.bits64[0] = vTmp_IL[0];
		IL.bits64[1] = vTmp_IL[1];
		IL.bits64[2] = vTmp_IL[2];
		IL.bits64[3] = vTmp_IL[3];
		IL.bits64[4] = 0;
		//
		IR.bits64[0] = vTmp_IR[0];
		IR.bits64[1] = vTmp_IR[1];
		IR.bits64[2] = vTmp_IR[2];
		IR.bits64[3] = vTmp_IR[3];
		IR.bits64[4] = 0;
		// end Split
		
		// debug printf
		printf("\n[i] Nb: %d Key IL: %s ", i, IL.GetBase16().c_str());
		printf("\n[i] Nb: %d Key IR: %s ", i, IR.GetBase16().c_str());
		
		// Set Keys 256 bits
		pKey.SetInt32(0);
		sKey.SetInt32(0);
		// Switch IL or IR
		if (master) {
			pKey.Set(&IL);// IL as master secret key
		} else {
			pKey.Set(&IR);// IR as master chain code
		}
		
		// Set Key in ranges nbitL and nbitU		
		uint32_t nb = nbitU / 32;
		uint32_t leftBit = nbitU % 32;
		uint32_t mask = 1;
		mask = (mask << leftBit) - 1;
		uint32_t j = 0;		
		for(j = 0; j < nb; j++) 
			sKey.bits[j] = pKey.bits[j];
		sKey.bits[j] = pKey.bits[j] & mask;
		
		//sha256(hseed, 64, (unsigned char *)sKey.bits64);// No used this function
		
		// Trim with zeros ???
		// We do not know how the high byte of the key were edited. 32 BTC Puzzle.
		if (nbitU == 66) {
			//printf("\n[i] Nb: %d sKey: %s ", i, sKey.GetBase16().c_str());
			//sKey.SetByte(8, 0x02);// The high byte is 0x02
			sKey.SetByte(8, (unsigned char)KEY66_HIGH_BYTE);// The high byte is 0x03
			//printf("\n[i] Nb: %d sKey: %s ", i, sKey.GetBase16().c_str());			
		}
		
		// Check length 
		int len = sKey.GetBitLength();		
		if (len < nbitL) goto newSeed;
		
		keys[i].Set(&sKey);// Set Keys 
		
		// Hi ;-) The END ??? 		
	}
}

VanitySearch cannot divide a 512-bit number modulo the Order (only 320 bits). For this need BigNum from the OpenSSL library. Here again need OpenSSL, no matter what Roll Eyes

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Here, if anyone is interested, I have managed to divide puzzle 115 by 2^23 without reaching fractions, but in order to do that, you'd need to guess the last 6 characters.

Code:

from sympy import mod_inverse

N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

def ters(scalar, target):
    k = mod_inverse(2, N)
    scalar_bin = bin(scalar)[2:]
    for i in range(len(scalar_bin)):
        if scalar_bin[i] == '0':
            result = (target * k) % N
        else:
            result = ((target * k) % N + N - 1) % N
        target = result
    return result

target1 = 31464123230573852164273674364426950
target2 = 6331078

print("Target results:")
for x in range(8388608, 8388700):
    result1 = ters(x, target1)
    (f"T1: {result1:x}")
for x in range(8388608, 8388700):
    result2 = ters(x, target2)
    (f"T2: {result2:x}")
for x in range(8388608, 8388700):
    result1 = ters(x, target1)
    result2 = ters(x, target2)
    subtraction = (result1  - result2) % N
    print(f"S:{subtraction:x}")

I am working on something new, I want to know how we could just guess the last 4 characters and divide our target by e.g, 2^120 etc, I'm sure there is a way, yesterday I figured a way to divide a target by 10, 20, 30 etc, but the results were mixed with n/10, n/20, n/30, meaning by subtracting n/10 from target/10 we could reach the actual target/10, I haven't tried that yet. God willing I will start working on it, I just don't know why I am not interested to work with my laptop anymore, it causes distraction.😉

Do share your findings after doing your thing.

Some tips, try subtracting 2^116 from puzzle 115 and then put the result on target 2, then try dividing by different values. Grind your way through this giant iron made mountain we call elliptic curve.😂

zahid888

member

Activity: 272

Merit: 20

the right steps towerds the goal

Quote from: EternityMessage on October 08, 2023, 08:09:15 AM

Is all this a robbery/steal/theft attempt?

After spending really too much time of my life trying different code and algorithms, buying and running loud hot hardware to solve #66 & #130 I started to wander about ethics of what I am trying to do !
OK, if I have a really really good luck, I will find the key after 1-2 more years!
... BUT !!! Do I have the right to take the coins in the address? ...
The coins (the money) are not mine, and the owner (the assumed puzzle creator) never said that, if I brake the private key, I have the right to take the money !!! (Also the fact that the person has more money than us, does not give us the right to take his money!)
So .. did I spent so much time of my life trying to become a thief? ...
The assumption when I started was ... That is a challenge .. I can do my best .. BUT Do I have the moral right to get money assuming it is by the rules ? ... There are no official rules? We conveniently assume the owner intentions and are ready to get his money ... but what if we are wrong?

Mr./Mrs. Puzzle creator and puzzle addresses money owner,
Please sign a message with any known non-broken puzzle address, and state your will!
Are you fine, if money from these addresses are taken?"
Or "you consider us thieves?" or ...
(the signing #150, #155... public keys are already known and will not compromise security)

Thanks

Quote from: saatoshi_rising on April 27, 2017, 02:41:08 AM

I am the creator.
Finally, I wish to express appreciation of the efforts of all developers of new cracking tools and technology. The "large bitcoin collider" is especially innovative and interesting!

As the creator had appreciated all the developers, especially LBC, who solved puzzles from 51 to 56, I hope you have found the answer to your question.

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Quote from: EternityMessage on October 08, 2023, 08:09:15 AM

Thanks

Welcome.
Did you think about this before buying/ spending money on it? Or after failing to find a key you realized what you are doing is morally wrong?
Consider yourself as a security testing expert, but before getting to work, first calculate the cost and the profit and then continue, when you are done, just show us how you did it if you want to earn honestly. I don't see solving these puzzles and taking the coins morally wrong.

alek76

member

Activity: 93

Merit: 16

Quote from: nomachine on October 08, 2023, 08:41:41 AM

Quote from: alek76 on October 08, 2023, 08:01:55 AM

As the creator said, you need to trim the high bytes of the key with zeros!

I think it's obvious that he has his own custom deterministic wallet. Based on an existing one or completely new one from scratch.

That said, I'm not sure it can sign a message with that tool.

Maybe. And it’s not even necessary, just add your own salt, and that will be enough - going over SEED will be useless.

Code:

string seed = Timer::getSeed(32);

//seed = "bla bla bla";// Mnemonic code words

string salt = "Bitcoin seed";// = "VanitySearch";
		
unsigned char hseed[64];

pbkdf2_hmac_sha512(hseed, 64, (const uint8_t *)seed.c_str(), seed.length(), 
(const uint8_t *)salt.c_str(), salt.length(), 
//2048);// 2048 rounds of hashing required by the BIP 39 Standard ???
//2048);// Used 2048 rounds ???
//0);// Used 0 rounds !!!
1024);// Electrum ?

nomachine

member

Activity: 462

Merit: 24

Quote from: alek76 on October 08, 2023, 08:01:55 AM

As the creator said, you need to trim the high bytes of the key with zeros!

I think it's obvious that he has his own custom deterministic wallet. Based on an existing one or completely new one from scratch.

That said, I'm not sure it can sign a message with that tool.

EternityMessage

newbie

Activity: 15

Merit: 0

Is all this a robbery/steal/theft attempt?

After spending really too much time of my life trying different code and algorithms, buying and running loud hot hardware to solve #66 & #130 I started to wander about ethics of what I am trying to do !
OK, if I have a really really good luck, I will find the key after 1-2 more years!
... BUT !!! Do I have the right to take the coins in the address? ...
The coins (the money) are not mine, and the owner (the assumed puzzle creator) never said that, if I brake the private key, I have the right to take the money !!! (Also the fact that the person has more money than us, does not give us the right to take his money!)
So .. did I spent so much time of my life trying to become a thief? ...
The assumption when I started was ... That is a challenge .. I can do my best .. BUT Do I have the moral right to get money assuming it is by the rules ? ... There are no official rules? We conveniently assume the owner intentions and are ready to get his money ... but what if we are wrong?

Mr./Mrs. Puzzle creator and puzzle addresses money owner,
Please sign a message with any known non-broken puzzle address, and state your will!
Are you fine, if money from these addresses are taken?"
Or "you consider us thieves?" or ...
(the signing #150, #155... public keys are already known and will not compromise security)

Thanks

alek76

member

Activity: 93

Merit: 16

Quote from: nomachine on October 08, 2023, 06:49:11 AM

Quote from: zahid888 on October 07, 2023, 02:29:13 PM

seed = random.getrandbits(128)
   seed_value = int(seed)
   random.seed(seed_value)
   seed = str(seed_value)

It's not even close to 128.

The closest I've come up with 8 to 2 ** 65

30568377238562584866, b'\xc9\xd9\x1d\xbc\x16\x9d\xdb\x86'

Code:

import random
puzzle = 65
lower_range_limit = 2 ** (puzzle - 1) 
upper_range_limit = (2 ** puzzle) - 1 
owner_salt = b'\xc9\xd9\x1d\xbc\x16\x9d\xdb\x86'
random.seed(owner_salt)
dec = random.randint(lower_range_limit, upper_range_limit)
print(f"{dec}, {owner_salt}")

but even so a part is missing to get a 100% accurate result. Grin

it seems most likely that pbkdf2_hmac was used

hashlib.pbkdf2_hmac('sha512', os.urandom(8 ), b'', iterations=1024)[:32]

some combination like this.

In that code, the 512-bit key is normalized by division modulo % CURVE_ORDER
from_arbitrary_size_secret()

Code:

def normalize_secret_bytes(cls, privkey_bytes: bytes) -> bytes:
        scalar = string_to_number(privkey_bytes) % CURVE_ORDER
        if scalar == 0:
            raise Exception('invalid EC private key scalar: zero')
        privkey_32bytes = number_to_string(scalar, CURVE_ORDER)
        return privkey_32bytes

As the creator said, you need to trim the high bytes of the key with zeros!

nomachine

member

Activity: 462

Merit: 24

Quote from: zahid888 on October 07, 2023, 02:29:13 PM

seed = random.getrandbits(128)
   seed_value = int(seed)
   random.seed(seed_value)
   seed = str(seed_value)

It's not even close to 128.

The closest I've come up with 8 to 2 ** 65

30568377238562584866, b'\xc9\xd9\x1d\xbc\x16\x9d\xdb\x86'

Code:

import random
puzzle = 65
lower_range_limit = 2 ** (puzzle - 1) 
upper_range_limit = (2 ** puzzle) - 1 
owner_salt = b'\xc9\xd9\x1d\xbc\x16\x9d\xdb\x86'
random.seed(owner_salt)
dec = random.randint(lower_range_limit, upper_range_limit)
print(f"{dec}, {owner_salt}")

but even so a part is missing to get a 100% accurate result. Grin

it seems most likely that pbkdf2_hmac was used

hashlib.pbkdf2_hmac('sha512', os.urandom(8 ), b'', iterations=1024)[:32]

some combination like this.

https://docs.python.org/3/library/hashlib.html

alek76

member

Activity: 93

Merit: 16

Quote from: nomachine on October 08, 2023, 01:11:17 AM

Quote from: alek76 on October 07, 2023, 06:51:46 PM

I'm currently making a random seed code using the HMAC-SHA512 function.

80% that is electrum
https://github.com/spesmilo/electrum/blob/e81f4bdcd11a072e7c4f38fb1c7eec19c2f7e1a8/electrum/storage.py#L164
He may have even changed the source code. Grin

Thanks for the advice. I'll take a look at this code. I just installed 2048 interactions and the keys began to be generated for a very long time.

_Counselor

member

Activity: 107

Merit: 61

Quote from: citb0in on October 08, 2023, 05:10:02 AM

I understand what you wrote, but I don't understand the real interest. Let's assume this is the real key for the 120bit puzzle 9C15FC66A182003BB1BE5D1DF12CAB
what did you gain from this insight other than the satisfaction of pure curiosity ?

I don’t know what else to answer you other than what I already wrote.

Anyway, as I wrote above, if anyone else besides me is still interested in finding out the key to 120 and still has kangaroo's workfiles for 120 puzzle with DP of 30 bits and above, please share them. Workfiles for 125 not interesting me, because I did not work on it.

citb0in

hero member

Activity: 630

Merit: 731

Bitcoin g33k

Quote from: _Counselor on October 08, 2023, 04:30:52 AM

This is just something like scientific interest. I previously spent a lot of time and resources trying to solve puzzle 120 and I'm still curious about its key.

I understand what you wrote, but I don't understand the real interest. Let's assume this is the real key for the 120bit puzzle 9C15FC66A182003BB1BE5D1DF12CAB
what did you gain from this insight other than the satisfaction of pure curiosity ?

_Counselor

member

Activity: 107

Merit: 61

Quote from: citb0in on October 08, 2023, 04:17:32 AM

yeah, but what's the point? I cannot imagine it's pure curiosity. What's the real reason ?

I already wrote the real reason. Or are you expecting me to write something like "using the 120 key, I know how to calculate 130"? Unfortunately, this is not so, and if it were possible, then the one who found 120 and 125 would have solved the next puzzles long ago.

citb0in

hero member

Activity: 630

Merit: 731

Bitcoin g33k

yeah, but what's the point? I cannot imagine it's pure curiosity. What's the real reason ?

_Counselor

member

Activity: 107

Merit: 61

Quote from: citb0in on October 08, 2023, 03:51:22 AM

let's say the finder of puzzle 120 will reveal the private key. In what way does it help you proceeding with finding #66 or #130 or ... ?

I strongly doubt that this will somehow help to solve 130 or 66, just as the keys 63, 115 and below previously did not help to solve 120 and 64. This is just something like scientific interest. I previously spent a lot of time and resources trying to solve puzzle 120 and I'm still curious about its key. If the finder or puzzle's author would just publish the key itself, I would also be grateful.

citb0in

hero member

Activity: 630

Merit: 731

Bitcoin g33k

Quote from: _Counselor on October 08, 2023, 03:48:34 AM

Even though the 120 key was found, I'm still interested in finding it since it hasn't been published. If anyone still has kangaroo's workfiles for 120 puzzle with DP of 30 bits and above, I would be grateful if you share them.

let's say the finder of puzzle 120 will reveal the private key. In what way does it help you proceeding with finding #66 or #130 or ... ?

_Counselor

member

Activity: 107

Merit: 61

Even though the 120 key was found, I'm still interested in finding it since it hasn't been published. If anyone still has kangaroo's workfiles for 120 puzzle with DP of 30 bits and above, I would be grateful if you share them.

Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 133. (Read 215611 times)