Author

Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 313. (Read 228813 times)

legendary
Activity: 1932
Merit: 2077
@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?


It would require 2^80 work. That is just beyond what is currently feasible today. But not impossible.

No, it would require much more than 2^80 work. Or you would require 2^80 work + a storage capable of containing a hash table of 2^80 * (256 bit + 80 bit)  = 336 * 2^80 bit = 2^88.4 bit = more than 2^38 PB.

The current max size of my hash table is now 2^28 * (64 bit + 32 bit) = 96 * 2^28 bit = 2^34.58 bit = 24 GB (to store 2^28 keys in ram). It is only 1/2^54 of 2^88.4!

It is not possible to get such amount of ram in the next 40 years.
newbie
Activity: 22
Merit: 3
@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?


It would require 2^80 work. That is just beyond what is currently feasible today. But not impossible.
legendary
Activity: 1932
Merit: 2077
@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?


Infeasible. More than universe age.
full member
Activity: 616
Merit: 100
since 2014 i see there are many quiz right that, but until right now i dont know how to solve this problem, how to solve this puzzle? can anyone tell me how, so i can try to solve it by myself
newbie
Activity: 14
Merit: 0
@arulbero

If you have the public key and the search space is 2^160 how fast can you find the private key?
newbie
Activity: 19
Merit: 0
Hi. I probably misunderstood something.

In your example #57 (first 200 bit + last 56 bit) =

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011101011001001011100100100000111100101 011101011000011100

HEX: 00000000000000000000000000000000000000000000000000eb25c90795d61c => 1J9zB6p4dRgyinst2eCVsyXvgYXtNhw2Y2

This is not a private key for #57

What did I miss?

I forgot '1' at the beginning of the number:

last 56 bit of the private key#57:
Code:
1101011001001011100100100000111100101011101011000011100
but there are only 55 bits

Correct-->

last 56 bit of the private key#57:
Code:
11101011001001011100100100000111100101011101011000011100

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011110101100100101110010010000011110010 1011101011000011100

HEX  00000000000000000000000000000000000000000000000001eb25c90795d61c

Thank you
legendary
Activity: 1932
Merit: 2077
Hi. I probably misunderstood something.

In your example #57 (first 200 bit + last 56 bit) =

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011101011001001011100100100000111100101 011101011000011100

HEX: 00000000000000000000000000000000000000000000000000eb25c90795d61c => 1J9zB6p4dRgyinst2eCVsyXvgYXtNhw2Y2

This is not a private key for #57

What did I miss?

I forgot '1' at the beginning of the number:

last 56 bit of the private key#57:
Code:
1101011001001011100100100000111100101011101011000011100
but there are only 55 bits

Correct-->

last 56 bit of the private key#57:
Code:
11101011001001011100100100000111100101011101011000011100

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000111101011001001011100100100000111100101011101011000011100

HEX  00000000000000000000000000000000000000000000000001eb25c90795d61c
newbie
Activity: 19
Merit: 0
Im a bit lost, you mean you create a code that can be run on mobile fast enough to search for the private key of a known public key within a limited search space?

It uses only cpu. If the search space is very limited, it is like you know already many bit of 256.
I'm saying:

for example, if you provide me:
1) a public key
2) the first 198 bit of the private key

then I can recover the last 58 bit of the key. Nothing more.

There is no magic, 58 bit is not so much. That is the meaning of the sentence: "the search space is very limited".
My code runs on a cpu. So I can use efficiently the Ram of my pc. Gpus are good for hashing computations, cpus are good for elliptic (multi integer precision, 256 bit in this case) computations.


I'll try a little explanation:

If I know already the first 255 bit, then the search space is 2 (the value for the right key ends with 0 or 1).
if I know already the first 254 bit, then the search space is 2^2 = 4
if I know already the first 246 bit, then the search space is 2^10 = 1024

With so small number, any cpu can in less than 1 sec retrieve the correct private key with brute force.

Now we talk about the key #57 of  the puzzle transaction. We all know that the first 200 bit are 000000.....00001
then I search only the last 56 bit (between 2^56 and 2^57 - 1). With brute force I would need to use 2^56  different private keys to generate 2^56 public keys. Too much time. But If I knew only the address and not the public key, that would be the only way.

But If I know the public key too, then I can exploit an algebraic property of the elliptic curve (of all elliptic curves, not only the secp256k1).  Then instead of doing 2^56 "computations", I need only to compute a list of 2^28 public keys, put it in Ram, then generate another list of 2^28 public keys and do a comparison between the 2 lists. In this way I get 2^58 combinations (that's the way the Baby Step Giant Step algorithm works). If you look at the links I provided in the previous post you can understand it better.


Input data:

private key #57 :
Code:
first 200 bit:
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

public key
(I got it from https://www.blockchain.com/btc/tx/95b77d69302fbc805f1a6e97a3f0d27159017341e5f2d40ec79785d830fe9d59 -->
PUSHDATA(33)[02a521a07e98f78b03fc1e039bc3a51408cd73119b5eb116e583fe57dc8db07aea], look at this answer to understand how to get the y coordinate too)
Code:
x = a521a07e98f78b03fc1e039bc3a51408cd73119b5eb116e583fe57dc8db07aea
y = 6fb15c871dd7cf7d287390acd4e09d41f705081a98d5fe3a930ca032525dbcdc

Output data:

last 56 bit of the private key#57:
Code:
1101011001001011100100100000111100101011101011000011100

Now, for the next private key #58:

Input data:

private key #58 :
Code:
first 199 bit:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

public key
Code:
x = ?
y = ?

Output data:

last 57 bit of the private key#58:
Code:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



Hi. I probably misunderstood something.

In your example #57 (first 200 bit + last 56 bit) =

0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000011101011001001011100100100000111100101 011101011000011100

HEX: 00000000000000000000000000000000000000000000000000eb25c90795d61c => 1J9zB6p4dRgyinst2eCVsyXvgYXtNhw2Y2

This is not a private key for #57

What did I miss?
jr. member
Activity: 115
Merit: 1
Quote from: maianh09
This is a game for geniuses with great minds.

The most funny thing - the guy who took 3 puzzles in a row just bought 3 gtx1080ti.

The next megagenius is the one, who will step in with 5 1080ti's  Grin
member
Activity: 166
Merit: 16
anyone notice the other transactions on #57? how on earth did they do that? Those are hellafied vanity addresses.
edit: Sorry pre coffee me.. someone just sent to those addresses .. had me freaking out for a sec.. like oh man if they
can generate vanity addresses that long that fast they pretty much own all the btc... *panic mode engaged*
Then *doh! eureka moment*  NOW it's funny.



These addresses are not vanity addresses, they are made up ones.  it is just burning away some BTC... no one can claim them. 

Am I making sense?


I got that, hence the edit right after I posted and had a couple of sips of coffee. Smiley ref: doh! eureka moment.
I left the post because I'm just that way, I tack on info rather than delete posts.. (i.e. when I say something stupid I straight own it. hehe)
newbie
Activity: 14
Merit: 1
There is something phishy about this post. Why should someone solve a transaction of pvk decimals?
member
Activity: 245
Merit: 17
That works only if you have enough RAM to store 2^28 keys. Otherwise that program cannot retrieve #57.

Besides if you want to retrieve only #57 and you don't modify the code, it starts always from 1 to 2^57 - 1 (instead from 2^56 to 2^57 - 1)

Could you please show us how to change the code so it can search only range 2^56 to 2^57 - 1?

see (https://gist.github.com/jhoenicke/2e39b3c6c49b1d7b216b8626197e4b89) and want to get all puzzle private keys up to #57 ,
you need to change  giant steps up to  2^28

#define GSTEP (1<<28)

Also you need to complete the list of raw public keys

#define NUMPUBKEYS 57
unsigned char rawpubkeys[NUMPUBKEYS][33] =
{

}
member
Activity: 245
Merit: 17
anyone notice the other transactions on #57? how on earth did they do that? Those are hellafied vanity addresses.
edit: Sorry pre coffee me.. someone just sent to those addresses .. had me freaking out for a sec.. like oh man if they
can generate vanity addresses that long that fast they pretty much own all the btc... *panic mode engaged*
Then *doh! eureka moment*  NOW it's funny.



These addresses are not vanity addresses, they are made up ones.  it is just burning away some BTC... no one can claim them. 

Am I making sense?
full member
Activity: 672
Merit: 100
This is a game for geniuses with great minds. You see this is almost impossible when we are ordinary people but the whole article has too little information is given. Are you Conan? Or can you just fall asleep thinking about how to solve this problem?
legendary
Activity: 1932
Merit: 2077
@arulbero
I have an idea about #58. Can I message you the details?

Just to be clear: that is the time I need to recover the private key from the public one (using a cpu), to do a brute force I would need a gpu (or more) and a different program.
 
It is completely different.
newbie
Activity: 14
Merit: 0
@arulbero
I have an idea about #58. Can I message you the details?
legendary
Activity: 1932
Merit: 2077

Quote

About 16.7 MKeys/s, 1 GKeys/min.
 
Let's say 2^24 Keys/s.
To compute 2 lists of 2^28 keys, it takes 2 * 2^4 seconds, about 30 seconds. That is the time it took to retrieve the key #57.
Have you tried to search a key in space of 10 quadrillion? How many hours you think it can finish that large space?

American or British system ? -> https://www.quadrillion.com/number.shtm

quadrillion = 10^15 -> 10 quadrillion = 10^16?  10^16 = 2^53  -->  2 lists of 2^26 keys = 2 * 2^2 = 8 seconds  

quadrillion = 10^24 -> 10 quadrillion = 10^25?  10^25 = 2^83  --> 2 lists of 2^41 keys ? NO! Too much for my RAM!


Let's say that the max list size (for my RAM) is 2^28 keys.
 
To retrieve the #59, I need to compute 2 list of 2^29, I have to split the first in 2 * 2^28, then generate the 2^29 keys of the second list 2 times against each half of the first,  tot: 2*2^28 + 2*2^29 = 3*2^29 instead of 2*2^29 (96 seconds instead of 64 seconds).

To retrieve the #61, I need to compute 2 list of 2^30, I have to split the first in 4 * 2^28, then generate the 2^30 keys of the second list 4 times against each quarter of the first list,  tot: 4*2^28 + 4*2^30 = 5*2^30 instead of 2*2^30 (320 seconds instead of 128 seconds).

To retrieve the #63, I need to compute 2 list of 2^31, I have to split the first in 8 * 2^28, then generate the 2^31 keys of the second list 8 times against each part of the first list,  tot: 8*2^28 + 8*2^31 = 9*2^31 instead of 2*2^31 (1152 seconds instead of 256 seconds).

To retrieve the #65, I need to compute 2 list of 2^32, I have to split the first in 16 * 2^28, then generate the 2^32 keys of the second list 16 times against each part of the first list,  tot: 16*2^28 + 16*2^32 = 17*2^32 instead of 2*2^32 (4352 seconds instead of 512 seconds).

Time is for the #(57+x) = (2^(x/2)+1) lists of 2^((57+x-1)/2) keys instead of only 2 lists of 2^(57+x-1)/2 keys


For the #61 = #(57+4) = (2^2+1) * (2^30) = (2^2  + 1) lists of 2^30  -> 5 * 2^6 seconds = about 320 seconds = 5 min 20 sec

For the #71 = #(57+14) = (2^7+1) * (2^35) = (2^7  + 1) lists of 2^35  -> 2^7 * 2^11 seconds = about 2^18 seconds = 73 hours

For the #83 = #(57+26) = (2^13+1) * (2^82/2) = (2^13  + 1) lists of 2^41  -> 2^13 * 2^17 seconds = about 2^30 seconds = 34 years  (if I had enough RAM, 2 * 2^41 = 2^42 keys = 2^18 seconds = 73 hours !!! I would need a RAM:  2^13  = 8000 times 32 GB)

member
Activity: 166
Merit: 16
anyone notice the other transactions on #57? how on earth did they do that? Those are hellafied vanity addresses.
edit: Sorry pre coffee me.. someone just sent to those addresses .. had me freaking out for a sec.. like oh man if they
can generate vanity addresses that long that fast they pretty much own all the btc... *panic mode engaged*
Then *doh! eureka moment*  NOW it's funny.

newbie
Activity: 11
Merit: 0
That works only if you have enough RAM to store 2^28 keys. Otherwise that program cannot retrieve #57.

Besides if you want to retrieve only #57 and you don't modify the code, it starts always from 1 to 2^57 - 1 (instead from 2^56 to 2^57 - 1)

Could you please show us how to change the code so it can search only range 2^56 to 2^57 - 1?
newbie
Activity: 14
Merit: 0

Quote

About 16.7 MKeys/s, 1 GKeys/min.
 
Let's say 2^24 Keys/s.
To compute 2 lists of 2^28 keys, it takes 2 * 2^4 seconds, about 30 seconds. That is the time it took to retrieve the key #57.
Have you tried to search a key in space of 10 quadrillion? How many hours you think it can finish that large space?
Jump to: