Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 314. (Read 228764 times)

Nope
Somehow Mr  1AqEgLuT4V2XL2yQ3cCzjMtu1mXtJLVvww has given some BTC (0.1) to 1LqJ9cHPKxPXDRia4tteTJdLXnisnfHsof   I wonder why

https://www.blockchain.com/btc/tx/c1c8a3c8c9dccc3dbbc470e294a0610a2bc2e22c41f9a0c2a06ef5dc1d6d4480

Of course.
Many blocks mined by Satoshi have txs with "pay to public key" script (P2PK) instead of "pay to public key hash" script (P2PKH, pay to address).

The public keys are known, but the btc are still there:

block #100

https://www.blockchain.com/it/btc/tx/2d05f0c9c3e1c226e63b5fac240137687544cf631cd616fd34fd188fc9020866

PUSHDATA(65)[04e70a02f5af48a1989bf630d92523c9d14c45c75f7d1b998e962bff6ff9995fc5bdb44f1793b3749 5d80324acba7c8f537caaf8432b8d47987313060cc82d8a93] CHECKSIG

@arulbero

If the public key is revealed it is still safe from bruteforce if the attacker don't know the range of bits to search for?

Is this puzzle still available?and remain unsolved thats why the answer keeps on coming even this thread has been posted three years ago?
Anyway this has been a big prize if the 32bitcoin remain as the bounty for the puzzle,no wonder how much the value for now of bitcoin

That works only if you have enough RAM to store 2^28 keys. Otherwise that program cannot retrieve #57.

Besides if you want to retrieve only #57 and you don't modify the code, it starts always from 1 to 2^57 - 1 (instead from 2^56 to 2^57 - 1)

I you try this code (https://gist.github.com/jhoenicke/2e39b3c6c49b1d7b216b8626197e4b89) and want to get all puzzle private keys up to #57 , you need to change
 giant steps up to  2^28

#define GSTEP (1<<28)

otherwise it stops at #52

@arulbero thanks mate!

Because 2^57 has 58 digits (in binary form '1' + 57 '0'). Then 2^57 could be the key #58, not #57

key 1 -> 1 bit :  1  ( from 2^0 to 2^1 - 1)

key 2 -> 2 bit :  from 2 to 3 (from 2^1 to 2^2 - 1) : 10 or 11

key 3 -> 3 bit : from 4 to 7 (from 2^2 to 2^3 - 1) : 100 or 101 or 110 or 111

key 57 -> 57 bit : from 2^56 to 2^57 - 1

key 58 -> 58 bit : from 2^57 to 2^58 - 1

If you look at

key #3
.....0000000000000000000000000000000000000000000000000000000000000111 (to address 19ZewH8Kk1PDbSNdJ97FP4EiCjTRaZMZQA)

and at the #4
.....0000000000000000000000000000000000000000000000000000000000001000 (to address 1EhqbyUMvvs7BfL8goY6qcPbD6YKfPqb7e)

key #3 = 2^3 - 1 = 7
key #4 = 2^3      = 8

Btw why -1?

I don't know, did you test it?

Look at this thread:
https://bitcointalksearch.org/topic/m.47210876
https://bitcointalksearch.org/topic/m.47263144

Wow faster than libsecp256k1

Well it ain't newbie in fact he ranked up to member. Anyway, I do not see something relevant with the data presented. It maybe some sort of coincidence. Even if so BTC won't be decrypted that easily and for that the reward is nothing. I bet no one could manage to predict on or cracked the things with BTC.

About 16.7 MKeys/s, 1 GKeys/min.
 
Let's say 2^24 Keys/s.
To compute 2 lists of 2^28 keys, it takes 2 * 2^4 seconds, about 30 seconds. That is the time it took to retrieve the key #57.

In your code how many keys can you generate per minute?

Right!


You have to use a library tailored to elliptic computations.

The most famous is the libsecp256k1 written by Pieter Wuille (it is in Bitcoin Core).

These programs https://gist.github.com/jhoenicke/2e39b3c6c49b1d7b216b8626197e4b89 and https://github.com/klynastor/supervanitygen use this library.

My code instead uses a different library written by myself for the LBC project.

@arulbero

which program you use to generate a large number of address and keys?

I'm currently using electrum however it's not reliable for this puzzle. and bitaddress.org bulk wallet not fast enough to generate large number of addresses.

Hi

If I get this correctly, you need the Raw Public Key to recover the private key.

But it is not possible to get the Raw Public Key  from a Bitcoin Address unless some transaction is done by whoever cracked the private key first, right?

It uses only cpu. If the search space is very limited, it is like you know already many bit of 256.
I'm saying:

for example, if you provide me:
1) a public key
2) the first 198 bit of the private key

then I can recover the last 58 bit of the key. Nothing more.

There is no magic, 58 bit is not so much. That is the meaning of the sentence: "the search space is very limited".
My code runs on a cpu. So I can use efficiently the Ram of my pc. Gpus are good for hashing computations, cpus are good for elliptic (multi integer precision, 256 bit in this case) computations.


I'll try a little explanation:

If I know already the first 255 bit, then the search space is 2 (the value for the right key ends with 0 or 1).
if I know already the first 254 bit, then the search space is 2^2 = 4
if I know already the first 246 bit, then the search space is 2^10 = 1024

With so small number, any cpu can in less than 1 sec retrieve the correct private key with brute force.

Now we talk about the key #57 of  the puzzle transaction. We all know that the first 200 bit are 000000.....00001
then I search only the last 56 bit (between 2^56 and 2^57 - 1). With brute force I would need to use 2^56  different private keys to generate 2^56 public keys. Too much time. But If I knew only the address and not the public key, that would be the only way.

But If I know the public key too, then I can exploit an algebraic property of the elliptic curve (of all elliptic curves, not only the secp256k1).  Then instead of doing 2^56 "computations", I need only to compute a list of 2^28 public keys, put it in Ram, then generate another list of 2^28 public keys and do a comparison between the 2 lists. In this way I get 2^58 combinations (that's the way the Baby Step Giant Step algorithm works). If you look at the links I provided in the previous post you can understand it better.


Input data:

private key #57 :

public key
(I got it from https://www.blockchain.com/btc/tx/95b77d69302fbc805f1a6e97a3f0d27159017341e5f2d40ec79785d830fe9d59 -->
PUSHDATA(33)[02a521a07e98f78b03fc1e039bc3a51408cd73119b5eb116e583fe57dc8db07aea], look at this answer to understand how to get the y coordinate too)

Output data:

last 56 bit of the private key#57:

Now, for the next private key #58:

Input data:

private key #58 :

public key

Output data:

last 57 bit of the private key#58:

Im a bit lost, you mean you create a code that can be run on mobile fast enough to search for the private key of a known public key within a limited search space?

Code is only for cpu. Why GPU?