Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 238.

Elliptic23

newbie

Activity: 22

Merit: 3

Quote from: noaj24 on November 14, 2018, 10:31:44 AM

@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?

It would require 2^80 work. That is just beyond what is currently feasible today. But not impossible.

arulbero

legendary

Activity: 1915

Merit: 2074

Quote from: noaj24 on November 14, 2018, 10:31:44 AM

@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?

Infeasible. More than universe age.

kucritt

full member

Activity: 616

Merit: 100

since 2014 i see there are many quiz right that, but until right now i dont know how to solve this problem, how to solve this puzzle? can anyone tell me how, so i can try to solve it by myself

noaj24

newbie

Activity: 14

Merit: 0

@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?

napulsnik

newbie

Activity: 19

Merit: 0

Quote from: arulbero on November 14, 2018, 10:22:36 AM

Quote from: napulsnik on November 14, 2018, 10:10:22 AM

Hi. I probably misunderstood something.

In your example #57 (first 200 bit + last 56 bit) =

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011101011001001011100100100000111100101 011101011000011100

HEX: 00000000000000000000000000000000000000000000000000eb25c90795d61c => 1J9zB6p4dRgyinst2eCVsyXvgYXtNhw2Y2

This is not a private key for #57

What did I miss?

I forgot '1' at the beginning of the number:

last 56 bit of the private key#57:

Code:

1101011001001011100100100000111100101011101011000011100

but there are only 55 bits

Correct-->

last 56 bit of the private key#57:

Code:

11101011001001011100100100000111100101011101011000011100

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011110101100100101110010010000011110010 1011101011000011100

HEX 00000000000000000000000000000000000000000000000001eb25c90795d61c

Thank you

arulbero

legendary

Activity: 1915

Merit: 2074

Quote from: napulsnik on November 14, 2018, 10:10:22 AM

Hi. I probably misunderstood something.

In your example #57 (first 200 bit + last 56 bit) =

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011101011001001011100100100000111100101 011101011000011100

HEX: 00000000000000000000000000000000000000000000000000eb25c90795d61c => 1J9zB6p4dRgyinst2eCVsyXvgYXtNhw2Y2

This is not a private key for #57

What did I miss?

I forgot '1' at the beginning of the number:

last 56 bit of the private key#57:

Code:

1101011001001011100100100000111100101011101011000011100

but there are only 55 bits

Correct-->

last 56 bit of the private key#57:

Code:

11101011001001011100100100000111100101011101011000011100

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000111101011001001011100100100000111100101011101011000011100

HEX 00000000000000000000000000000000000000000000000001eb25c90795d61c

napulsnik

newbie

Activity: 19

Merit: 0

Quote from: arulbero on November 10, 2018, 11:32:52 AM

Quote from: noaj24 on November 10, 2018, 10:28:55 AM

Im a bit lost, you mean you create a code that can be run on mobile fast enough to search for the private key of a known public key within a limited search space?

It uses only cpu. If the search space is very limited, it is like you know already many bit of 256.
I'm saying:

for example, if you provide me:
1) a public key
2) the first 198 bit of the private key

then I can recover the last 58 bit of the key. Nothing more.

There is no magic, 58 bit is not so much. That is the meaning of the sentence: "the search space is very limited".
My code runs on a cpu. So I can use efficiently the Ram of my pc. Gpus are good for hashing computations, cpus are good for elliptic (multi integer precision, 256 bit in this case) computations.

I'll try a little explanation:

If I know already the first 255 bit, then the search space is 2 (the value for the right key ends with 0 or 1).
if I know already the first 254 bit, then the search space is 2^2 = 4
if I know already the first 246 bit, then the search space is 2^10 = 1024

With so small number, any cpu can in less than 1 sec retrieve the correct private key with brute force.

Now we talk about the key #57 of the puzzle transaction. We all know that the first 200 bit are 000000.....00001
then I search only the last 56 bit (between 2^56 and 2^57 - 1). With brute force I would need to use 2^56 different private keys to generate 2^56 public keys. Too much time. But If I knew only the address and not the public key, that would be the only way.

But If I know the public key too, then I can exploit an algebraic property of the elliptic curve (of all elliptic curves, not only the secp256k1). Then instead of doing 2^56 "computations", I need only to compute a list of 2^28 public keys, put it in Ram, then generate another list of 2^28 public keys and do a comparison between the 2 lists. In this way I get 2^58 combinations (that's the way the Baby Step Giant Step algorithm works). If you look at the links I provided in the previous post you can understand it better.

Input data:

private key #57 :

Code:

first 200 bit:
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

public key
(I got it from https://www.blockchain.com/btc/tx/95b77d69302fbc805f1a6e97a3f0d27159017341e5f2d40ec79785d830fe9d59 -->
PUSHDATA(33)[02a521a07e98f78b03fc1e039bc3a51408cd73119b5eb116e583fe57dc8db07aea], look at this answer to understand how to get the y coordinate too)

Code:

x = a521a07e98f78b03fc1e039bc3a51408cd73119b5eb116e583fe57dc8db07aea
y = 6fb15c871dd7cf7d287390acd4e09d41f705081a98d5fe3a930ca032525dbcdc

Output data:

last 56 bit of the private key#57:

Code:

1101011001001011100100100000111100101011101011000011100

Now, for the next private key #58:

Input data:

private key #58 :

Code:

first 199 bit:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

public key

Code:

x = ?
y = ?

Output data:

last 57 bit of the private key#58:

Code:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi. I probably misunderstood something.

In your example #57 (first 200 bit + last 56 bit) =

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011101011001001011100100100000111100101 011101011000011100

HEX: 00000000000000000000000000000000000000000000000000eb25c90795d61c => 1J9zB6p4dRgyinst2eCVsyXvgYXtNhw2Y2

This is not a private key for #57

What did I miss?

holy_ship

jr. member

Activity: 111

Merit: 1

Quote from: maianh09

This is a game for geniuses with great minds.

The most funny thing - the guy who took 3 puzzles in a row just bought 3 gtx1080ti.

The next megagenius is the one, who will step in with 5 1080ti's Grin

Bajula

member

Activity: 166

Merit: 16

Quote from: racminer on November 12, 2018, 05:19:17 PM

Quote from: Bajula on November 12, 2018, 08:45:35 AM

anyone notice the other transactions on #57? how on earth did they do that? Those are hellafied vanity addresses.
edit: Sorry pre coffee me.. someone just sent to those addresses .. had me freaking out for a sec.. like oh man if they
can generate vanity addresses that long that fast they pretty much own all the btc... *panic mode engaged*
Then *doh! eureka moment* NOW it's funny.

These addresses are not vanity addresses, they are made up ones. it is just burning away some BTC... no one can claim them.

Am I making sense?

I got that, hence the edit right after I posted and had a couple of sips of coffee.

ref: doh! eureka moment.
I left the post because I'm just that way, I tack on info rather than delete posts.. (i.e. when I say something stupid I straight own it. hehe)

DaPaaShunting

newbie

Activity: 14

Merit: 1

There is something phishy about this post. Why should someone solve a transaction of pvk decimals?

racminer

member

Activity: 242

Merit: 17

Quote from: blockraw on November 12, 2018, 04:42:13 AM

Quote from: arulbero on November 11, 2018, 12:31:53 PM

That works only if you have enough RAM to store 2^28 keys. Otherwise that program cannot retrieve #57.

Besides if you want to retrieve only #57 and you don't modify the code, it starts always from 1 to 2^57 - 1 (instead from 2^56 to 2^57 - 1)

Could you please show us how to change the code so it can search only range 2^56 to 2^57 - 1?

see (https://gist.github.com/jhoenicke/2e39b3c6c49b1d7b216b8626197e4b89) and want to get all puzzle private keys up to #57 ,
you need to change giant steps up to 2^28

#define GSTEP (1<<28)

Also you need to complete the list of raw public keys

#define NUMPUBKEYS 57
unsigned char rawpubkeys[NUMPUBKEYS][33] =
{

}

racminer

member

Activity: 242

Merit: 17

Quote from: Bajula on November 12, 2018, 08:45:35 AM

anyone notice the other transactions on #57? how on earth did they do that? Those are hellafied vanity addresses.
edit: Sorry pre coffee me.. someone just sent to those addresses .. had me freaking out for a sec.. like oh man if they
can generate vanity addresses that long that fast they pretty much own all the btc... *panic mode engaged*
Then *doh! eureka moment* NOW it's funny.

These addresses are not vanity addresses, they are made up ones. it is just burning away some BTC... no one can claim them.

Am I making sense?

maianh09

full member

Activity: 672

Merit: 100

This is a game for geniuses with great minds. You see this is almost impossible when we are ordinary people but the whole article has too little information is given. Are you Conan? Or can you just fall asleep thinking about how to solve this problem?

arulbero

legendary

Activity: 1915

Merit: 2074

Quote from: noaj24 on November 12, 2018, 12:36:08 PM

@arulbero
I have an idea about #58. Can I message you the details?

Just to be clear: that is the time I need to recover the private key from the public one (using a cpu), to do a brute force I would need a gpu (or more) and a different program.

It is completely different.

noaj24

newbie

Activity: 14

Merit: 0

@arulbero
I have an idea about #58. Can I message you the details?

arulbero

legendary

Activity: 1915

Merit: 2074

Quote from: noaj24 on November 12, 2018, 02:36:40 AM

Quote

About 16.7 MKeys/s, 1 GKeys/min.

Let's say 2^24 Keys/s.
To compute 2 lists of 2^28 keys, it takes 2 * 2^4 seconds, about 30 seconds. That is the time it took to retrieve the key #57.

Have you tried to search a key in space of 10 quadrillion? How many hours you think it can finish that large space?

American or British system ? -> https://www.quadrillion.com/number.shtm

quadrillion = 10^15 -> 10 quadrillion = 10^16? 10^16 = 2^53 --> 2 lists of 2^26 keys = 2 * 2^2 = 8 seconds

quadrillion = 10^24 -> 10 quadrillion = 10^25? 10^25 = 2^83 --> 2 lists of 2^41 keys ? NO! Too much for my RAM!

Let's say that the max list size (for my RAM) is 2^28 keys.

To retrieve the #59, I need to compute 2 list of 2^29, I have to split the first in 2 * 2^28, then generate the 2^29 keys of the second list 2 times against each half of the first, tot: 2*2^28 + 2*2^29 = 3*2^29 instead of 2*2^29 (96 seconds instead of 64 seconds).

To retrieve the #61, I need to compute 2 list of 2^30, I have to split the first in 4 * 2^28, then generate the 2^30 keys of the second list 4 times against each quarter of the first list, tot: 4*2^28 + 4*2^30 = 5*2^30 instead of 2*2^30 (320 seconds instead of 128 seconds).

To retrieve the #63, I need to compute 2 list of 2^31, I have to split the first in 8 * 2^28, then generate the 2^31 keys of the second list 8 times against each part of the first list, tot: 8*2^28 + 8*2^31 = 9*2^31 instead of 2*2^31 (1152 seconds instead of 256 seconds).

To retrieve the #65, I need to compute 2 list of 2^32, I have to split the first in 16 * 2^28, then generate the 2^32 keys of the second list 16 times against each part of the first list, tot: 16*2^28 + 16*2^32 = 17*2^32 instead of 2*2^32 (4352 seconds instead of 512 seconds).

Time is for the #(57+x) = (2^(x/2)+1) lists of 2^((57+x-1)/2) keys instead of only 2 lists of 2^(57+x-1)/2 keys

For the #61 = #(57+4) = (2^2+1) * (2^30) = (2^2 + 1) lists of 2^30 -> 5 * 2^6 seconds = about 320 seconds = 5 min 20 sec

For the #71 = #(57+14) = (2^7+1) * (2^35) = (2^7 + 1) lists of 2^35 -> 2^7 * 2^11 seconds = about 2^18 seconds = 73 hours

For the #83 = #(57+26) = (2^13+1) * (2^82/2) = (2^13 + 1) lists of 2^41 -> 2^13 * 2^17 seconds = about 2^30 seconds = 34 years (if I had enough RAM, 2 * 2^41 = 2^42 keys = 2^18 seconds = 73 hours !!! I would need a RAM: 2^13 = 8000 times 32 GB)

Bajula

member

Activity: 166

Merit: 16

anyone notice the other transactions on #57? how on earth did they do that? Those are hellafied vanity addresses.
edit: Sorry pre coffee me.. someone just sent to those addresses .. had me freaking out for a sec.. like oh man if they
can generate vanity addresses that long that fast they pretty much own all the btc... *panic mode engaged*
Then *doh! eureka moment* NOW it's funny.

blockraw

newbie

Activity: 11

Merit: 0

Quote from: arulbero on November 11, 2018, 12:31:53 PM

That works only if you have enough RAM to store 2^28 keys. Otherwise that program cannot retrieve #57.

Besides if you want to retrieve only #57 and you don't modify the code, it starts always from 1 to 2^57 - 1 (instead from 2^56 to 2^57 - 1)

Could you please show us how to change the code so it can search only range 2^56 to 2^57 - 1?

noaj24

newbie

Activity: 14

Merit: 0

Quote

About 16.7 MKeys/s, 1 GKeys/min.

Let's say 2^24 Keys/s.
To compute 2 lists of 2^28 keys, it takes 2 * 2^4 seconds, about 30 seconds. That is the time it took to retrieve the key #57.

Have you tried to search a key in space of 10 quadrillion? How many hours you think it can finish that large space?

racminer

member

Activity: 242

Merit: 17

Quote from: ?? on ??

Quote from: stalker00075 on November 08, 2018, 07:19:43 AM

this is man 1AqEgLuT4V2XL2yQ3cCzjMtu1mXtJLVvww hacked:

1LzhS3k3e9Ub8i2W1V8xQFdB8n2MYCHPCa 2018-05-29
17aPYR1m6pVAacXg1PTDDU7XafvK1dxvhi 2018-09-08
15c9mPGLku1HuW9LRtBf4jcHVpBUt8txKz 2018-11-08 today

=$ 10,448

what hash 15c9mPGLku1HuW9LRtBf4jcHVpBUt8txKz.........

look this tx https://www.blockchain.com/btc/tx/c1c8a3c8c9dccc3dbbc470e294a0610a2bc2e22c41f9a0c2a06ef5dc1d6d4480
and this address https://www.blockchain.com/btc/address/1LqJ9cHPKxPXDRia4tteTJdLXnisnfHsof ownd by https://github.com/brichard19/BitCrack/blob/master/README.md (scroll down you will find the address). how fast BitCrack find the 57
puzzle key? "~~THIS MAN~~" is fast

Nope
Somehow Mr 1AqEgLuT4V2XL2yQ3cCzjMtu1mXtJLVvww has given some BTC (0.1) to 1LqJ9cHPKxPXDRia4tteTJdLXnisnfHsof Wink

I wonder why Wink

https://www.blockchain.com/btc/tx/c1c8a3c8c9dccc3dbbc470e294a0610a2bc2e22c41f9a0c2a06ef5dc1d6d4480

Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 238. (Read 192344 times)