This thread is so funny.
Some guys think they can bring up something better than the best mathematicians that dedicated most of their lives to this and similar problems.
E.g. https://en.wikipedia.org/wiki/John_Pollard_(mathematician)
You think you are smarter by doing your elementary school division?
Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 161. (Read 244877 times)
hallo!
posting an upd aftr ~1 week of ma full-time rndm-forcing #66
keyhunt is performing at ~160 Mkeys/s on my i9
./keyhunt -m address -f tests/66.txt -b 66 -l compress -R -q -s 1 -t 32 -e
PS i've made a mistake while polishing it last time
that's why there were G/s
bitcrack is doing better at ~3517.68 MKey/s
./bin/cuBitCrack --keyspace 20000000000000000:3ffffffffffffffff -c 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so -o KEY_IS_HERE_OPEN_ME.txt -r -b 256 -t 256 -p 2096
scripts are slightly polished without touching algos, just some minor optimisation. it helped me to get a sense of the code as reading the code without changing it - bad digesting in the end of the day
just some ideas about algo thing, what if we go bannanna and ML sequences (bithex -> pubkey -> r160h) + (binary -> pubkey -> r160h) + different variations of data representations to find patterns and regularity. even patterns of probabilities could be a great source of clues for optimisations the random-forcing attack i strongly believe that there is a polynomial solution out there that our math guys didn't find it yet, so patterns might help) anyway it's fascinating. wha do u say?
P.S. and I think i need more gpus think about to rig +5 4090 to get ~20 Bkeys/s for my random-forcing fun will my chances go up a bit?
posting an upd aftr ~1 week of ma full-time rndm-forcing #66
keyhunt is performing at ~160 Mkeys/s on my i9
./keyhunt -m address -f tests/66.txt -b 66 -l compress -R -q -s 1 -t 32 -e
PS i've made a mistake while polishing it last time
that's why there were G/s bitcrack is doing better at ~3517.68 MKey/s
./bin/cuBitCrack --keyspace 20000000000000000:3ffffffffffffffff -c 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so -o KEY_IS_HERE_OPEN_ME.txt -r -b 256 -t 256 -p 2096
scripts are slightly polished without touching algos, just some minor optimisation. it helped me to get a sense of the code as reading the code without changing it - bad digesting in the end of the day
just some ideas about algo thing, what if we go bannanna and ML sequences (bithex -> pubkey -> r160h) + (binary -> pubkey -> r160h) + different variations of data representations to find patterns and regularity. even patterns of probabilities could be a great source of clues for optimisations the random-forcing attack
i strongly believe that there is a polynomial solution out there that our math guys didn't find it yet, so patterns might help) anyway it's fascinating. wha do u say?P.S. and I think i need more gpus
think about to rig +5 4090 to get ~20 Bkeys/s for my random-forcing fun will my chances go up a bit? As I see it, the most important part of the brute force that is missing is:
Quick database implementation.
assuming you want to find the public key of
1582856285957395958375836588
if you have the ability to store 10Mk and read them quickly.
You could then change G for 10000000
and subtract 10MK from the target and you would only have to scan
158285628595739595837
Something like this you mean :Quick database implementation.
assuming you want to find the public key of
1582856285957395958375836588
if you have the ability to store 10Mk and read them quickly.
You could then change G for 10000000
and subtract 10MK from the target and you would only have to scan
158285628595739595837
Code:
75836588, 65836588, 55836588, 45836588, 35836588, 25836588, 15836588
Now we'd need to store 15, 836, 588 keys to look up.data base
1582856285957395958375836588-1
1582856285957395958375836588-2
.....................................................
1582856285957395958375836588-10000000
one of those keys in the database will be like this:
1582856285957395958360000000
Therefore, changing G to 10000000, we would only have to scan this range:
158285628595739595836
Once you get a match you look for the rest of the key.
scanning 1582856285957395958360000000-1582856285957395958380000000 using the official G
But try to generate 128bit number. You can't even do that with NumPy.
Well, I wasn't aware of the fact that when you generate random keys you have to pay the price by computing units, now I see you want even a faster RNG than the one you posted a link to.It does NOT have to be faster than that. Only if it works on 128bit.
But try to generate 128bit number. You can't even do that with NumPy.
Well, I wasn't aware of the fact that when you generate random keys you have to pay the price by computing units, now I see you want even a faster RNG than the one you posted a link to.I don't know anything about RNG or seeds used to feed RNG, but it looks like a waste of time looking for a drop in an ocean, while there is a better way, to shatter the crust and let the ocean drain, meaning you should try to work out public keys.
As I see it, the most important part of the brute force that is missing is:
Quick database implementation.
assuming you want to find the public key of
1582856285957395958375836588
if you have the ability to store 10Mk and read them quickly.
You could then change G for 10000000
and subtract 10MK from the target and you would only have to scan
158285628595739595837
Something like this you mean :Quick database implementation.
assuming you want to find the public key of
1582856285957395958375836588
if you have the ability to store 10Mk and read them quickly.
You could then change G for 10000000
and subtract 10MK from the target and you would only have to scan
158285628595739595837
Code:
75836588, 65836588, 55836588, 45836588, 35836588, 25836588, 15836588
Now we'd need to store 15, 836, 588 keys to look up. can you explain more about what exactly is happening here:
...it looks like you start with whatever this is, a hard-coded byte string or something?
...and then you go on to read more, random bytes from some file on disk? As a Windows/C# guy, I just can't quite grok what's happening here
Any help would be much appreciated 
Code:
#Random seed Config
#constant_prefix = b'' #back to no constant
#constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf' #Puzzle 50 seed - 10-18s
constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
prefix_length = len(constant_prefix)
length = 8
ending_length = length - prefix_length
with open("/dev/urandom", "rb") as urandom_file:
ending_bytes = urandom_file.read(ending_length)
random_bytes = constant_prefix + ending_bytes
print(f"[+] [Core]: {core_number+1:02}, [Random seed]: {random_bytes}")
random.seed(random_bytes)
#constant_prefix = b'' #back to no constant
#constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf' #Puzzle 50 seed - 10-18s
constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
prefix_length = len(constant_prefix)
length = 8
ending_length = length - prefix_length
with open("/dev/urandom", "rb") as urandom_file:
ending_bytes = urandom_file.read(ending_length)
random_bytes = constant_prefix + ending_bytes
print(f"[+] [Core]: {core_number+1:02}, [Random seed]: {random_bytes}")
random.seed(random_bytes)
...it looks like you start with whatever this is, a hard-coded byte string or something?
Code:
b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
...and then you go on to read more, random bytes from some file on disk? As a Windows/C# guy, I just can't quite grok what's happening here
Any help would be much appreciated It is a random seed for Puzzle 50 in kangaroo.
Code:
random_bytes = b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
random.seed(random_bytes) is a function in Python (i use 3.9) used to initialize the random number generator with a specific seed value. In this context, random_bytes is typically a sequence of bytes or an integer used as the seed. When you provide a seed value to the random number generator, it ensures that the sequence of random numbers generated will be reproducible. In other words, if you use the same seed value, you will get the same sequence of random numbers every time you run kangaroo program.
Every time you request a random number using functions like random.randint(), random.random(), or others from the random module, it generates the next number in the sequence based on the seed value and an algorithm.
Because the generator is initialized with the same seed each time you run program, you get the same sequence of random numbers - same kangaroo jumps - and same time for solving Puzzle
Theoretically, in the same way, every puzzle could be solved in 10-18 seconds if you know what a seed is.
The problem is how to reverse engineer a random seed for the private keys we don't have access to..
As I see it, the most important part of the brute force that is missing is:
Quick database implementation.
assuming you want to find the public key of
1582856285957395958375836588
if you have the ability to store 10Mk and read them quickly.
You could then change G for 10000000
and subtract 10MK from the target and you would only have to scan
158285628595739595837
Quick database implementation.
assuming you want to find the public key of
1582856285957395958375836588
if you have the ability to store 10Mk and read them quickly.
You could then change G for 10000000
and subtract 10MK from the target and you would only have to scan
158285628595739595837
I managed to prove experimentally on 5 different computers that everything is in seed. You can speed up solving the puzzle by a million years if you know the correct seed. And the best thing is that you can always achieve the same result in the same time. Proof is in the pudding.
PC-1
--snip--
PC-1
- [Kangaroo]: Wed Oct 11 11:51:00 2023
- [Puzzle]: 50
- [Lower range limit]: 562949953421312
- [Upper range limit]: 1125899906842623
- [Xcoordinate]: f46f41027bbf44fafd6b059091b900dad41e6845b2241dc3254c7cdd3c5a16c6
- [Ycoordinate]: eb3dfcc04c320b55c529291478550be6072977c0c86603fb2e4f5283631064fb
- [Using 4 CPU cores for parallel search]:
- [Core]: 03, [Random seed]: b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
- [Core]: 01, [Random seed]: b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
- [Core]: 04, [Random seed]: b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
- [Core]: 02, [Random seed]: b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
- PUZZLE SOLVED: Wed Oct 11 11:51:18 2023, total time: 18.38 sec, Core: 04
- WIF: -0000000000000000000000000000000000000000000000000022bd43c2e9354
--snip--
@nomachine after successfully proving to myself (I'm a bit behind the curve here) that anything I thought was a pattern/clue to solving this puzzle was just part of the maths inherent in the system, I'm now of the mind that this is correct... We can either try to brute-force the pkeys, and/or we can try to reverse-engineer (also by some amount of brute-force, I guess) and recreate the process by which the pkeys were created... Which is likely possible given that A) you appear to have done it at least once already for puzzle 50 above, and B) the person who claims to have created this said themselves that "It is just consecutive keys from a deterministic wallet"... That is, assuming the the words "consecutive" and "deterministic" apply accurately and weren't just used colloquially...
Anyway, I've looked through the code you posted (which I've snipped-out for brevity)... Is that python? I'm afraid IDK python... Which version are you using? 2.3 or newer, I assume? And can you explain more about what exactly is happening here:
Code:
#Random seed Config
#constant_prefix = b'' #back to no constant
#constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf' #Puzzle 50 seed - 10-18s
constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
prefix_length = len(constant_prefix)
length = 8
ending_length = length - prefix_length
with open("/dev/urandom", "rb") as urandom_file:
ending_bytes = urandom_file.read(ending_length)
random_bytes = constant_prefix + ending_bytes
print(f"[+] [Core]: {core_number+1:02}, [Random seed]: {random_bytes}")
random.seed(random_bytes)
#constant_prefix = b'' #back to no constant
#constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf' #Puzzle 50 seed - 10-18s
constant_prefix = b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
prefix_length = len(constant_prefix)
length = 8
ending_length = length - prefix_length
with open("/dev/urandom", "rb") as urandom_file:
ending_bytes = urandom_file.read(ending_length)
random_bytes = constant_prefix + ending_bytes
print(f"[+] [Core]: {core_number+1:02}, [Random seed]: {random_bytes}")
random.seed(random_bytes)
...it looks like you start with whatever this is, a hard-coded byte string or something?
Code:
b'\xbc\x9b\x8cd\xfc\xa1?\xcf'
...and then you go on to read more, random bytes from some file on disk? As a Windows/C# guy, I just can't quite grok what's happening here
Any help would be much appreciated I'm not sure I follow what you are talking about, who are you talking to? Hope it's not me.
What exactly does it mean to invent a random generator 10 times faster? Looks like you are confused about random, it just selects values without any pattern, the "speed" depends on other factors such as implementation and hardware. Unless you can invent a computer which operates beyond binary, there is no 10x faster invention.
What exactly does it mean to invent a random generator 10 times faster? Looks like you are confused about random, it just selects values without any pattern, the "speed" depends on other factors such as implementation and hardware. Unless you can invent a computer which operates beyond binary, there is no 10x faster invention.
Example:
https://github.com/lemire/fastrand
puzzle 130 private key is even number **************************************
Fundamentally, it is not a question of a desire/idea what someone conceived for building as script.
Ceate/invent a random generator 10 times faster than all existing ones. Any programming language.
Then we talk further on ideas.
There are very fast ones especially for short keys. But we need very large keys.
I'm not sure I follow what you are talking about, who are you talking to? Hope it's not me.Ceate/invent a random generator 10 times faster than all existing ones. Any programming language.
Then we talk further on ideas.
There are very fast ones especially for short keys. But we need very large keys.
What exactly does it mean to invent a random generator 10 times faster? Looks like you are confused about random, it just selects values without any pattern, the "speed" depends on other factors such as implementation and hardware. Unless you can invent a computer which operates beyond binary, there is no 10x faster invention.
Wait, they already invented such computer, it's called quantum, but where is it? No where to be found.
Cool story though about ideas, I have seen only a few useful ones, such as the one searching for rmd160 with step size, stride etc.
Have you seen a donkey with horns? What could happen if donkeys had horns? I imagine all our ancestors would have died a long time ago due to injuries caused by such creatures, that's why God didn't give them horns.
This applies to people like me, if I had programming skills/talent, we wouldn't be here chatting, read between the lines.
Well, tell me how you know this?
puzzle 80 private key is even number 105520030589234487939456
puzzle 85 private key is even number 21090315766411506144426920
puzzle 90 private key is odd number 868012190417726402719548863
puzzle 95 private key is even number 25525831956644113617013748212
puzzle 100 private key is even number 868221233689326498340379183142
puzzle 105 private key is odd number 29083230144918045706788529192435
puzzle 110 private key is even number 1090246098153987172547740458951748
puzzle 115 private key is even number 31464123230573852164273674364426950
puzzle 120 private key is odd number ************************************
puzzle 125 private key is even number *************************************
puzzle 130 private key is even number **************************************
Fundamentally, it is not a question of a desire/idea what someone conceived for building as script.
Ceate/invent a random generator 10 times faster than all existing ones. Any programming language.
Then we talk further on ideas.
There are very fast ones especially for short keys. But we need very large keys.
Ceate/invent a random generator 10 times faster than all existing ones. Any programming language.
Then we talk further on ideas.
There are very fast ones especially for short keys. But we need very large keys.
I will build out any script. Tell me your ideas and i will build. anyone interested PM.
you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
Go for it, we have 2 targets, we want to divide them both by a range, and then we want to add or subtract their results of division, but with a twist, if we are dividing for example by 2, 3, 4, 5, 6, we want to add or subtract target 1 divided by 6 from target 2 divided 5. I have learned a few tricks and it can be done this way, it could result in something good.you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
If you could make it to work by both scalar and points it would be great, we could comment out scalar operations when we are working with points, and vice versa.
Another one:
Ters function, we want to have 2 targets performing ters on each of them by different values, example, if we had -1 divide by 2, now we want to have a different strategy with second target, like, target 2 be -2 divide by 3, and then we want to either add or sub the results. Both over scalar and points preferably. Thanks and good luck.
I will build out any script. Tell me your ideas and i will build. anyone interested PM.
you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
Mnemonic code words for Puzzle 66
puzzle 130 private key is even number
Well, tell me how you know this?
puzzle 130 private key is even number
I will build out any script. Tell me your ideas and i will build. anyone interested PM.
you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
If you can you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
, then write a script that will determine the parity of the public key How can or might this be useful? When it comes to Kangaroo method, I think people over think it. You just need to find as many leading or trailing 0s (or any other hex character) as fast as possible.
The tame or wild range should be 1 range and the other should be throughout the range.
Find leading or trailing DPs, fast, set tame higher than wilds. It should be that easy.
Yes. Useful for dividing PK. Invert several random keys modulo N, then multiply them by the target PK. And then you drive it into a kangaroo. I checked it works. Divide by no more than 2^11, otherwise the probability of kangaroo work will be low.The tame or wild range should be 1 range and the other should be throughout the range.
Find leading or trailing DPs, fast, set tame higher than wilds. It should be that easy.
There may be several of them, all targets divided. But some goals are useless because the divisor is not suitable.
Constants in GPU code - Get 64bits lsb negative inverse of SecpK1 order
#define MM64 0xD838091DD2253531ULL
#define MM64o 0x4B0DFF665588B13FULL
Once upon a time I added inversion modulo _N. It was not originally in the Int class. There you just need to change _P to _N. This is the Montgomery method. But you can also do it using the DRS62 method. Simply replace MM64 with MM64o and the inversion will be modulo _N (this Order).
This function is necessary for dividing the Public key.
This may be useful to you
How can or might this be useful? When it comes to Kangaroo method, I think people over think it. You just need to find as many leading or trailing 0s (or any other hex character) as fast as possible.Code:
print 'GET MM64 Mod P'
invP = inverse_mod( -_p, (2**64))
MM64 = hex(invP)[2:-1]
MM64 = MM64.upper()
MM64 = '0x' + MM64 + 'ULL'
print MM64
print 'GET MM64_Order Mod N'
invP = inverse_mod( -_r, (2**64))
MM64o = hex(invP)[2:-1]
MM64o = MM64o.upper()
MM64o = '0x' + MM64o + 'ULL'
print MM64o
f = open('MM64.txt', 'a')
f.write('\n'.join(['#define MM64 ' + MM64 + '\n' + '#define MM64o ' + MM64o + '\n' ]))
f.close()
Result:invP = inverse_mod( -_p, (2**64))
MM64 = hex(invP)[2:-1]
MM64 = MM64.upper()
MM64 = '0x' + MM64 + 'ULL'
print MM64
print 'GET MM64_Order Mod N'
invP = inverse_mod( -_r, (2**64))
MM64o = hex(invP)[2:-1]
MM64o = MM64o.upper()
MM64o = '0x' + MM64o + 'ULL'
print MM64o
f = open('MM64.txt', 'a')
f.write('\n'.join(['#define MM64 ' + MM64 + '\n' + '#define MM64o ' + MM64o + '\n' ]))
f.close()
#define MM64 0xD838091DD2253531ULL
#define MM64o 0x4B0DFF665588B13FULL
Once upon a time I added inversion modulo _N. It was not originally in the Int class. There you just need to change _P to _N. This is the Montgomery method. But you can also do it using the DRS62 method. Simply replace MM64 with MM64o and the inversion will be modulo _N (this Order).
This function is necessary for dividing the Public key.
Code:
// ------------------------------------------------
// add by alek76-2
void Int::ModInvOrder() {// Montgomery method
// Compute modular inverse of this mop _N
// 0 < this < _N , _N must be odd
// Return 0 if no inverse
// 256bit
Int _N;
_N.SetBase16("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
Int u(&_N);
Int v(this);
Int r((int64_t)0);
Int s((int64_t)1);
//
Int x;
int k = 0;
// Montgomery method
while (v.IsStrictPositive()) {
if (u.IsEven()) {
shiftR(1, u.bits64);
shiftL(1, s.bits64);
} else if (v.IsEven()) {
shiftR(1, v.bits64);
shiftL(1, r.bits64);
} else {
x.Set(&u);
x.Sub(&v);
if (x.IsStrictPositive()) {
shiftR(1, x.bits64);
u.Set(&x);
r.Add(&s);
shiftL(1, s.bits64);
} else {
x.Neg();
shiftR(1, x.bits64);
v.Set(&x);
s.Add(&r);
shiftL(1, r.bits64);
}
}
k++;
}
if (r.IsGreater(&_N))
r.Sub(&_N);
r.Neg();
r.Add(&_N);
for (int i = 0; i < k; i++) {
if (r.IsEven()) {
shiftR(1, r.bits64);
} else {
r.Add(&_N);
shiftR(1, r.bits64);
}
}
Set(&r);
}
// ------------------------------------------------
// add by alek76-2
void Int::ModInvOrder() {// Montgomery method
// Compute modular inverse of this mop _N
// 0 < this < _N , _N must be odd
// Return 0 if no inverse
// 256bit
Int _N;
_N.SetBase16("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
Int u(&_N);
Int v(this);
Int r((int64_t)0);
Int s((int64_t)1);
//
Int x;
int k = 0;
// Montgomery method
while (v.IsStrictPositive()) {
if (u.IsEven()) {
shiftR(1, u.bits64);
shiftL(1, s.bits64);
} else if (v.IsEven()) {
shiftR(1, v.bits64);
shiftL(1, r.bits64);
} else {
x.Set(&u);
x.Sub(&v);
if (x.IsStrictPositive()) {
shiftR(1, x.bits64);
u.Set(&x);
r.Add(&s);
shiftL(1, s.bits64);
} else {
x.Neg();
shiftR(1, x.bits64);
v.Set(&x);
s.Add(&r);
shiftL(1, r.bits64);
}
}
k++;
}
if (r.IsGreater(&_N))
r.Sub(&_N);
r.Neg();
r.Add(&_N);
for (int i = 0; i < k; i++) {
if (r.IsEven()) {
shiftR(1, r.bits64);
} else {
r.Add(&_N);
shiftR(1, r.bits64);
}
}
Set(&r);
}
// ------------------------------------------------
This may be useful to you
The tame or wild range should be 1 range and the other should be throughout the range.
Find leading or trailing DPs, fast, set tame higher than wilds. It should be that easy.
I will build out any script. Tell me your ideas and i will build. anyone interested PM.
you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
you may have an idea that can lead to victory, may not be sure how to write the program. I've got you.
it may be taking forever because a great idea hasn't been built out yet
Constants in GPU code - Get 64bits lsb negative inverse of SecpK1 order
#define MM64 0xD838091DD2253531ULL
#define MM64o 0x4B0DFF665588B13FULL
Once upon a time I added inversion modulo _N. It was not originally in the Int class. There you just need to change _P to _N. This is the Montgomery method. But you can also do it using the DRS62 method. Simply replace MM64 with MM64o and the inversion will be modulo _N (this Order).
This function is necessary for dividing the Public key.
This may be useful to you
Code:
print 'GET MM64 Mod P'
invP = inverse_mod( -_p, (2**64))
MM64 = hex(invP)[2:-1]
MM64 = MM64.upper()
MM64 = '0x' + MM64 + 'ULL'
print MM64
print 'GET MM64_Order Mod N'
invP = inverse_mod( -_r, (2**64))
MM64o = hex(invP)[2:-1]
MM64o = MM64o.upper()
MM64o = '0x' + MM64o + 'ULL'
print MM64o
f = open('MM64.txt', 'a')
f.write('\n'.join(['#define MM64 ' + MM64 + '\n' + '#define MM64o ' + MM64o + '\n' ]))
f.close()
Result:invP = inverse_mod( -_p, (2**64))
MM64 = hex(invP)[2:-1]
MM64 = MM64.upper()
MM64 = '0x' + MM64 + 'ULL'
print MM64
print 'GET MM64_Order Mod N'
invP = inverse_mod( -_r, (2**64))
MM64o = hex(invP)[2:-1]
MM64o = MM64o.upper()
MM64o = '0x' + MM64o + 'ULL'
print MM64o
f = open('MM64.txt', 'a')
f.write('\n'.join(['#define MM64 ' + MM64 + '\n' + '#define MM64o ' + MM64o + '\n' ]))
f.close()
#define MM64 0xD838091DD2253531ULL
#define MM64o 0x4B0DFF665588B13FULL
Once upon a time I added inversion modulo _N. It was not originally in the Int class. There you just need to change _P to _N. This is the Montgomery method. But you can also do it using the DRS62 method. Simply replace MM64 with MM64o and the inversion will be modulo _N (this Order).
This function is necessary for dividing the Public key.
Code:
// ------------------------------------------------
// add by alek76-2
void Int::ModInvOrder() {// Montgomery method
// Compute modular inverse of this mop _N
// 0 < this < _N , _N must be odd
// Return 0 if no inverse
// 256bit
Int _N;
_N.SetBase16("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
Int u(&_N);
Int v(this);
Int r((int64_t)0);
Int s((int64_t)1);
//
Int x;
int k = 0;
// Montgomery method
while (v.IsStrictPositive()) {
if (u.IsEven()) {
shiftR(1, u.bits64);
shiftL(1, s.bits64);
} else if (v.IsEven()) {
shiftR(1, v.bits64);
shiftL(1, r.bits64);
} else {
x.Set(&u);
x.Sub(&v);
if (x.IsStrictPositive()) {
shiftR(1, x.bits64);
u.Set(&x);
r.Add(&s);
shiftL(1, s.bits64);
} else {
x.Neg();
shiftR(1, x.bits64);
v.Set(&x);
s.Add(&r);
shiftL(1, r.bits64);
}
}
k++;
}
if (r.IsGreater(&_N))
r.Sub(&_N);
r.Neg();
r.Add(&_N);
for (int i = 0; i < k; i++) {
if (r.IsEven()) {
shiftR(1, r.bits64);
} else {
r.Add(&_N);
shiftR(1, r.bits64);
}
}
Set(&r);
}
// ------------------------------------------------
// add by alek76-2
void Int::ModInvOrder() {// Montgomery method
// Compute modular inverse of this mop _N
// 0 < this < _N , _N must be odd
// Return 0 if no inverse
// 256bit
Int _N;
_N.SetBase16("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
Int u(&_N);
Int v(this);
Int r((int64_t)0);
Int s((int64_t)1);
//
Int x;
int k = 0;
// Montgomery method
while (v.IsStrictPositive()) {
if (u.IsEven()) {
shiftR(1, u.bits64);
shiftL(1, s.bits64);
} else if (v.IsEven()) {
shiftR(1, v.bits64);
shiftL(1, r.bits64);
} else {
x.Set(&u);
x.Sub(&v);
if (x.IsStrictPositive()) {
shiftR(1, x.bits64);
u.Set(&x);
r.Add(&s);
shiftL(1, s.bits64);
} else {
x.Neg();
shiftR(1, x.bits64);
v.Set(&x);
s.Add(&r);
shiftL(1, r.bits64);
}
}
k++;
}
if (r.IsGreater(&_N))
r.Sub(&_N);
r.Neg();
r.Add(&_N);
for (int i = 0; i < k; i++) {
if (r.IsEven()) {
shiftR(1, r.bits64);
} else {
r.Add(&_N);
shiftR(1, r.bits64);
}
}
Set(&r);
}
// ------------------------------------------------
This may be useful to you
Jump to: