Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 316. (Read 229737 times)

Wow faster than libsecp256k1

Well it ain't newbie in fact he ranked up to member. Anyway, I do not see something relevant with the data presented. It maybe some sort of coincidence. Even if so BTC won't be decrypted that easily and for that the reward is nothing. I bet no one could manage to predict on or cracked the things with BTC.

About 16.7 MKeys/s, 1 GKeys/min.
 
Let's say 2^24 Keys/s.
To compute 2 lists of 2^28 keys, it takes 2 * 2^4 seconds, about 30 seconds. That is the time it took to retrieve the key #57.

In your code how many keys can you generate per minute?

Right!


You have to use a library tailored to elliptic computations.

The most famous is the libsecp256k1 written by Pieter Wuille (it is in Bitcoin Core).

These programs https://gist.github.com/jhoenicke/2e39b3c6c49b1d7b216b8626197e4b89 and https://github.com/klynastor/supervanitygen use this library.

My code instead uses a different library written by myself for the LBC project.

@arulbero

which program you use to generate a large number of address and keys?

I'm currently using electrum however it's not reliable for this puzzle. and bitaddress.org bulk wallet not fast enough to generate large number of addresses.

Hi

If I get this correctly, you need the Raw Public Key to recover the private key.

But it is not possible to get the Raw Public Key  from a Bitcoin Address unless some transaction is done by whoever cracked the private key first, right?

It uses only cpu. If the search space is very limited, it is like you know already many bit of 256.
I'm saying:

for example, if you provide me:
1) a public key
2) the first 198 bit of the private key

then I can recover the last 58 bit of the key. Nothing more.

There is no magic, 58 bit is not so much. That is the meaning of the sentence: "the search space is very limited".
My code runs on a cpu. So I can use efficiently the Ram of my pc. Gpus are good for hashing computations, cpus are good for elliptic (multi integer precision, 256 bit in this case) computations.


I'll try a little explanation:

If I know already the first 255 bit, then the search space is 2 (the value for the right key ends with 0 or 1).
if I know already the first 254 bit, then the search space is 2^2 = 4
if I know already the first 246 bit, then the search space is 2^10 = 1024

With so small number, any cpu can in less than 1 sec retrieve the correct private key with brute force.

Now we talk about the key #57 of  the puzzle transaction. We all know that the first 200 bit are 000000.....00001
then I search only the last 56 bit (between 2^56 and 2^57 - 1). With brute force I would need to use 2^56  different private keys to generate 2^56 public keys. Too much time. But If I knew only the address and not the public key, that would be the only way.

But If I know the public key too, then I can exploit an algebraic property of the elliptic curve (of all elliptic curves, not only the secp256k1).  Then instead of doing 2^56 "computations", I need only to compute a list of 2^28 public keys, put it in Ram, then generate another list of 2^28 public keys and do a comparison between the 2 lists. In this way I get 2^58 combinations (that's the way the Baby Step Giant Step algorithm works). If you look at the links I provided in the previous post you can understand it better.


Input data:

private key #57 :

public key
(I got it from https://www.blockchain.com/btc/tx/95b77d69302fbc805f1a6e97a3f0d27159017341e5f2d40ec79785d830fe9d59 -->
PUSHDATA(33)[02a521a07e98f78b03fc1e039bc3a51408cd73119b5eb116e583fe57dc8db07aea], look at this answer to understand how to get the y coordinate too)

Output data:

last 56 bit of the private key#57:

Now, for the next private key #58:

Input data:

private key #58 :

public key

Output data:

last 57 bit of the private key#58:

Im a bit lost, you mean you create a code that can be run on mobile fast enough to search for the private key of a known public key within a limited search space?

Code is only for cpu. Why GPU?

No, I can't.


Information:

https://sefiks.com/2018/02/28/attacking-elliptic-curve-discrete-logarithm-problem/
http://andrea.corbellini.name/2015/06/08/elliptic-curve-cryptography-breaking-security-and-a-comparison-with-rsa/


Code (not mine, slower than mine but good, with the first 51 public keys of the puzzle transaction) :

https://gist.github.com/jhoenicke/2e39b3c6c49b1d7b216b8626197e4b89

Can you share the code?

If you use just only a mobile cpu, what repository you use (searching the space) that also work in mobile?

I'm currently using one in github but only works in pc.

Ok, that's fine, becouse  I began to get nervous yesterday about  my own wallet security.

i think that this sentence is pretty clear:

You can get the private key from a public key only if you know already that the private key lies in a very limited range (in this case from 2^56 to 2^57).

That means: only in the puzzle transaction case (for the keys number 1, 2,  3, ...., 80 more or less, more than 80 bit is not a very limited range)

You mean that everybody can calculate the private key of wallets or what?

Read 5/6 posts from here: https://bitcointalksearch.org/topic/m.40086839

How did you get private key then If you don't know the person?

Ok, I understand

Knowing that the private key has a limited width, so maybe you do your search so to  match the transaction script ?

So this person is still unknown ?

Just to be clear, I didn't find the key. I got the key only after the address was swept by somebody else.