Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 366.

NorrisK

legendary

Activity: 1946

Merit: 1007

Quote from: BurtW on December 29, 2015, 01:08:01 PM

Quote from: NorrisK on December 29, 2015, 04:17:14 AM

So a version 1 bitcoin address has a security level of 2¹⁶⁰, but how to make sure you have a security of 2²⁵⁶? From when on was the version 1 bitcoin address abandoned and we are sure to enjoy increased security?

Maybe I'm understanding this wrong and everybody is using version 1 addresses, but I would rather know for sure I'm using the safest keys possible.

Even though the security of Bitcoin is reduced to "only" 2¹⁶⁰ by the selected second hashing algorithm it is actually more secure in other ways due to the selection of two different hashing algorithms in the public key to Bitcoin address step since both algorithms need to be broken in order to break that step.

Every step of the way everything possible was done to ensure that Bitcoin was secure. For example Bitcoin is one of the only systems in existence that uses the secp256k1 curve instead of the secp256r1 curve that is used by almost everyone else. But this was a very wise decision in light of recent leaks about the NSA and their underhanded practices with respect to the cryptography they produce or help produce.

secp256r1 was designed by the NSA, secp256k1 was not.

Thanks for the explanation! Good to know that bitcoin uses an encryption curve that was not designed by the NSA. Also feels good that bitcoin is one of the only ones to use this method, as it gives less incentive for hackers to try and crack the cryptography (would be worth more if you hack a bank right?).

Back to the puzzle: Nice find tyz, looks like it is less random than we thought a bit before. It's getting interesting now, I'll take another crack at it

shorena

copper member

Activity: 1498

Merit: 1562

No I dont escrow anymore.

Quote from: Bulista on December 30, 2015, 12:07:35 PM

Quote from: tyz on December 30, 2015, 10:06:16 AM

I made some research and I believe that the numbers are results of a polynomial (ring) function.

It also seems that someone already got into this in February 2015. Probably the guy who cashed out the first addresses.
http://pastebin.com/erN0F1ce

Quote

-673909/1307674368000*x^15 + 5004253/87178291200*x^14 - 151337/52254720*x^13 + 9320029/106444800*x^12 - 25409989753/14370048000*x^11 + 2192506957/87091200*x^10 - 19011117413/73156608*x^9 + 1200887962891/609638400*x^8 - 3585932821063/326592000*x^7 + 647416874047/14515200*x^6 - 18586394742863/143700480*x^5 + 30899291755337/119750400*x^4 - 274137631043849/825552000*x^3 + 36933161067083/151351200*x^2 - 87781079/1155*x

If you put for x the values 0 to 15, you will get exactly the first 16 numbers.

Quote

1
3
7
8
21
49
76
224
467
514
1155
2683
5216
10544
26867
51510

When you put x = 17 then you got -1514935. This is probably because the formula is not complete. There is x^16 to x^256 missing.
The callange is to find out what formula generates the -673909/1307674368000, 5004253/87178291200,... values.

Very nice finding tyz, this gives us some hope that this puzzle will still be solved during our lifetime Cheesy

Yes the problem are those divisions like -673909/1307674368000, not sure whats the formula behind this, will have a look on it.

Sounds like overfitting to me. Its easy to find a function with x+1 terms to match x points exactly. 2 points define a line (a*x¹+b*x⁰), 3 points define a function of leading coefficient x², etc.

Bulista

member

Activity: 169

Merit: 25

Quote from: tyz on December 30, 2015, 10:06:16 AM

I made some research and I believe that the numbers are results of a polynomial (ring) function.

It also seems that someone already got into this in February 2015. Probably the guy who cashed out the first addresses.
http://pastebin.com/erN0F1ce

Quote

-673909/1307674368000*x^15 + 5004253/87178291200*x^14 - 151337/52254720*x^13 + 9320029/106444800*x^12 - 25409989753/14370048000*x^11 + 2192506957/87091200*x^10 - 19011117413/73156608*x^9 + 1200887962891/609638400*x^8 - 3585932821063/326592000*x^7 + 647416874047/14515200*x^6 - 18586394742863/143700480*x^5 + 30899291755337/119750400*x^4 - 274137631043849/825552000*x^3 + 36933161067083/151351200*x^2 - 87781079/1155*x

If you put for x the values 0 to 15, you will get exactly the first 16 numbers.

Quote

1
3
7
8
21
49
76
224
467
514
1155
2683
5216
10544
26867
51510

When you put x = 17 then you got -1514935. This is probably because the formula is not complete. There is x^16 to x^256 missing.
The callange is to find out what formula generates the -673909/1307674368000, 5004253/87178291200,... values.

Very nice finding tyz, this gives us some hope that this puzzle will still be solved during our lifetime Cheesy

Yes the problem are those divisions like -673909/1307674368000, not sure whats the formula behind this, will have a look on it.

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

Quote from: tyz on December 30, 2015, 11:19:32 AM

What do you mean? The explanation of my finding or something else here on the thread?

Quote from: calkob on December 30, 2015, 10:52:05 AM

Good luck with this, cause i havn't got a baldy what the heck yous are talking about. Huh

He is just bumping his post count for his paid signature. He did not read a single posting in the thread. Ignore him.

tyz

legendary

Activity: 3360

Merit: 1533

What do you mean? The explanation of my finding or something else here on the thread?

Quote from: calkob on December 30, 2015, 10:52:05 AM

Good luck with this, cause i havn't got a baldy what the heck yous are talking about. Huh

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

So there is hope of finding a mathematical solution! Great find.

Adjust parameters until you match the first 50 claimed private keys then start adjusting parameters until you start finding more keys.

I wish I had time to do this.

Maybe when I finish paying off all my legal fees and retire

ATguy

sr. member

Activity: 423

Merit: 250

Quote from: tyz on December 30, 2015, 10:06:16 AM

I made some research and I believe that the numbers are results of a polynomial (ring) function.

It also seems that someone already got into this in February 2015. Probably the guy who cashed out the first addresses.
http://pastebin.com/erN0F1ce

Quote

-673909/1307674368000*x^15 + 5004253/87178291200*x^14 - 151337/52254720*x^13 + 9320029/106444800*x^12 - 25409989753/14370048000*x^11 + 2192506957/87091200*x^10 - 19011117413/73156608*x^9 + 1200887962891/609638400*x^8 - 3585932821063/326592000*x^7 + 647416874047/14515200*x^6 - 18586394742863/143700480*x^5 + 30899291755337/119750400*x^4 - 274137631043849/825552000*x^3 + 36933161067083/151351200*x^2 - 87781079/1155*x

If you put for x the values 0 to 15, you will get exactly the first 16 numbers.

Quote

1
3
7
8
21
49
76
224
467
514
1155
2683
5216
10544
26867
51510

When you put x = 17 then you got -1514935. This is probably because the formula is not complete. There is x^16 to x^256 missing.
The callange is to find out what formula generates the -673909/1307674368000, 5004253/87178291200,... values.

Nice finding, so it is puzzle afterall and not just bruteforcing the x random bits. It also explain why the adresses are redeemed in bundles at the same time...

calkob

hero member

Activity: 1106

Merit: 521

Good luck with this, cause i havn't got a baldy what the heck yous are talking about. Huh

tyz

legendary

Activity: 3360

Merit: 1533

I made some research and I believe that the numbers are results of a polynomial (ring) function.

It also seems that someone already got into this in February 2015. Probably the guy who cashed out the first addresses.
http://pastebin.com/erN0F1ce

Quote

-673909/1307674368000*x^15 + 5004253/87178291200*x^14 - 151337/52254720*x^13 + 9320029/106444800*x^12 - 25409989753/14370048000*x^11 + 2192506957/87091200*x^10 - 19011117413/73156608*x^9 + 1200887962891/609638400*x^8 - 3585932821063/326592000*x^7 + 647416874047/14515200*x^6 - 18586394742863/143700480*x^5 + 30899291755337/119750400*x^4 - 274137631043849/825552000*x^3 + 36933161067083/151351200*x^2 - 87781079/1155*x

If you put for x the values 0 to 15, you will get exactly the first 16 numbers.

Quote

1
3
7
8
21
49
76
224
467
514
1155
2683
5216
10544
26867
51510

When you put x = 17 then you got -1514935. This is probably because the formula is not complete. There is x^16 to x^256 missing.
The callange is to find out what formula generates the -673909/1307674368000, 5004253/87178291200,... values.

Bulista

member

Activity: 169

Merit: 25

Quote from: BurtW on December 29, 2015, 02:05:59 PM

I am comfortable in my use of "never" since it is based on the most fundamental laws of thermodynamics.

At any rate if a computer ever does simply count from 1 to 2²⁵⁶ ~~look~~ dig me up so you can tell me "I told you so".

We all will be long gone when that happens to tell you "I told you so" Cheesy

About the puzzle, the final verdict is that it is unsolvable without brute force, same opinion all?

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

I am comfortable in my use of "never" since it is based on the most fundamental laws of thermodynamics.

At any rate if a computer ever does simply count from 1 to 2²⁵⁶ ~~look~~ dig me up so you can tell me "I told you so".

Bulista

member

Activity: 169

Merit: 25

Amph

legendary

Activity: 3248

Merit: 1072

Quote from: BurtW on December 29, 2015, 12:54:34 PM

Quote from: Bulista on December 29, 2015, 05:59:59 AM

With regards to the future, we never know what will be possible tomorrow.

Not exactly true. With respect to brute forcing a private key we know it will never be possible because we can calculate how much energy it would take for a theoretical best possible computer from a thermodynamics point of view to do the task of just counting from 1 to 2¹⁶⁰ or 2²⁵⁶.

Since any possible actual computer will be less efficient than the best possible computer we know it will take any possible actual computer more energy than the theoretical machine - which is already too much energy.

Carefully reread the description next to the picture of the sun that is posted every single time this question is posed.

In your previous thread it was posted here:

https://bitcointalksearch.org/topic/m.13377953

mmh, "never" is a strong statement, you can't be sure about a very distant future. 1-10 thousand years or more, maybe the laws that we know today will be reviewed, because new things will be discovered in the unknown universe

even satoshi said that if something will broke sha256 in the future, it will be a completely new thing, not imaginable today

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

Quote from: NorrisK on December 29, 2015, 04:17:14 AM

So a version 1 bitcoin address has a security level of 2¹⁶⁰, but how to make sure you have a security of 2²⁵⁶? From when on was the version 1 bitcoin address abandoned and we are sure to enjoy increased security?

Maybe I'm understanding this wrong and everybody is using version 1 addresses, but I would rather know for sure I'm using the safest keys possible.

Even though the security of Bitcoin is reduced to "only" 2¹⁶⁰ by the selected second hashing algorithm it is actually more secure in other ways due to the selection of two different hashing algorithms in the public key to Bitcoin address step since both algorithms need to be broken in order to break that step.

Every step of the way everything possible was done to ensure that Bitcoin was secure. For example Bitcoin is one of the only systems in existence that uses the secp256k1 curve instead of the secp256r1 curve that is used by almost everyone else. But this was a very wise decision in light of recent leaks about the NSA and their underhanded practices with respect to the cryptography they produce or help produce.

secp256r1 was designed by the NSA, secp256k1 was not.

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

Quote from: Bulista on December 29, 2015, 05:59:59 AM

With regards to the future, we never know what will be possible tomorrow.

Not exactly true. With respect to brute forcing a private key we know it will never be possible because we can calculate how much energy it would take for a theoretical best possible computer from a thermodynamics point of view to do the task of just counting from 1 to 2¹⁶⁰ or 2²⁵⁶.

Since any possible actual computer will be less efficient than the best possible computer we know it will take any possible actual computer more energy than the theoretical machine - which is already too much energy.

Carefully reread the description next to the picture of the sun that is posted every single time this question is posed.

In your previous thread it was posted here:

https://bitcointalksearch.org/topic/m.13377953

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

After some analysis I believe the underlying sequence is probably random. It may have been a PRNG instead of a RNG but that would not help us much. It would be great if we had all 50 actual values to work with.

Code:

BTC Actual Range of Values Location
Value Value Low High in Range
----- ---------- ------------------------------------- ---------
0.001 1 0 1 100.0000%
0.002 3 2 3 100.0000%
0.003 7 4 7 100.0000%
0.004 8 8 15 0.0000%
0.005 21 16 31 33.3333%
0.006 49 32 63 54.8387%
0.007 76 64 127 19.0476%
0.008 224 128 255 75.5906%
0.009 467 256 511 82.7451%
0.010 514 512 1,023 0.3914%
0.011 1,155 1,024 2,047 12.8055%
0.012 2,683 2,048 4,095 31.0210%
0.013 5,216 4,096 8,191 27.3504%
0.014 10,544 8,192 16,383 28.7144%
0.015 26,867 16,384 32,767 63.9871%
0.016 51,510 32,768 65,535 57.1978%
0.017 95,823 65,536 131,071 46.2150%
0.018 198,669 131,072 262,143 51.5728%
0.019 357,535 262,144 524,287 36.3889%
0.020 863,317 524,288 1,048,575 64.6648%
0.021 1,811,764 1,048,576 2,097,151 72.7833%
0.022 3,007,503 2,097,152 4,194,303 43.4089%
0.023 5,598,802 4,194,304 8,388,607 33.4858%
0.024 14,428,676 8,388,608 16,777,215 72.0032%
0.025 16,777,216 33,554,431
0.026 33,554,432 67,108,863
0.027 67,108,864 134,217,727
0.028 134,217,728 268,435,455
0.029 268,435,456 536,870,911
0.030 536,870,912 1,073,741,823
0.031 1,073,741,824 2,147,483,647
0.032 2,147,483,648 4,294,967,295
0.033 4,294,967,296 8,589,934,591
0.034 8,589,934,592 17,179,869,183
0.035 17,179,869,184 34,359,738,367
0.036 34,359,738,368 68,719,476,735
0.037 68,719,476,736 137,438,953,471
0.038 137,438,953,472 274,877,906,943
0.039 274,877,906,944 549,755,813,887
0.040 549,755,813,888 1,099,511,627,775
0.041 1,099,511,627,776 2,199,023,255,551
0.042 2,199,023,255,552 4,398,046,511,103
0.043 4,398,046,511,104 8,796,093,022,207
0.044 8,796,093,022,208 17,592,186,044,415
0.045 17,592,186,044,416 35,184,372,088,831
0.046 35,184,372,088,832 70,368,744,177,663
0.047 70,368,744,177,664 140,737,488,355,327
0.048 140,737,488,355,328 281,474,976,710,655
0.049 281,474,976,710,656 562,949,953,421,311
0.050 562,949,953,421,312 1,125,899,906,842,620
0.051 1,125,899,906,842,620 2,251,799,813,685,250
0.052 2,251,799,813,685,250 4,503,599,627,370,490

Bulista

member

Activity: 169

Merit: 25

Quote from: DannyHamilton on December 28, 2015, 10:49:51 PM

-snip-

It will not, however, ever be possible to brute-force attempt 2²⁵⁶ possibilities.

-snip-

Quote from: Bulista on December 28, 2015, 05:49:22 PM

2^256 115792089237316000000000000000000000000000000000000000000000000000000000000000 <- And this is how safe bitcoin is.

Nope.

That's how secure an ECDSA public key is, but version 1 bitcoin addresses use a 160 bit hash of that public key, so the security is reduced to 2¹⁶⁰.

Effectively yes.

My analogy was based on the fact that there are 2^256 private keys.

With regards to the future, we never know what will be possible tomorrow.

I believe somehow there will be some kind of evolution in computation that will make all the current encryption algorithms useless, but surely not during our life time.

I know its hard to believe, but if back in 1700 you'd tell Isaac Newton that one day mankind would have something called computers at home doing millions of instructions per second using his formulas, it would also be hard to believe.

NorrisK

legendary

Activity: 1946

Merit: 1007

Quote from: DannyHamilton on December 28, 2015, 10:49:51 PM

Quote from: Bulista on December 28, 2015, 05:49:22 PM

- snip -
it may take decades and decades or centuries but eventually it will be possible to crack 2^256 pvks.
- snip -

It's impossible to say whether or not any future mathematicians will be able to discover any weaknesses in the ECDSA algorithm with the secp256k1 curve.

It will not, however, ever be possible to brute-force attempt 2²⁵⁶ possibilities.

Quote from: Bulista on December 28, 2015, 05:49:22 PM

2^160 1461501637330900000000000000000000000000000000000

2¹⁶⁰ is the security level of version 1 bitcoin addresses.

Quote from: Bulista on December 28, 2015, 05:49:22 PM

2^256 115792089237316000000000000000000000000000000000000000000000000000000000000000 <- And this is how safe bitcoin is.

Nope.

That's how secure an ECDSA public key is, but version 1 bitcoin addresses use a 160 bit hash of that public key, so the security is reduced to 2¹⁶⁰.

So a version 1 bitcoin address has a security level of 2¹⁶⁰, but how to make sure you have a security of 2²⁵⁶? From when on was the version 1 bitcoin address abandoned and we are sure to enjoy increased security?

Maybe I'm understanding this wrong and everybody is using version 1 addresses, but I would rather know for sure I'm using the safest keys possible.

justspare

hero member

Activity: 1022

Merit: 538

Quote from: unamis76 on December 28, 2015, 01:16:45 PM

Any info on who published this puzzle and what's their goal? Also, how would one go on about calculating those pvk decimal values and covert them to the private keys?

Quote from: Erkallys on December 28, 2015, 01:12:52 PM

I don't know why but I'm smelling a big scam. Because a newbie that offer more than 12 000€ to solve a following of numbers this is strange...

The OP is not offering anything

Why would anyone pay such a high amount for this? They must have some kind of goal behind it, no one just does that for no reason.
Of course the OP is not offering anything. Why would he? He probably doesn't even know what to do with it when someone cracks it. I don't either.
This will take a very long time to crack, thats probably the reason why the reward is so high.

DannyHamilton

legendary

Activity: 3528

Merit: 4945

Quote from: Bulista on December 28, 2015, 05:49:22 PM

- snip -
it may take decades and decades or centuries but eventually it will be possible to crack 2^256 pvks.
- snip -

It's impossible to say whether or not any future mathematicians will be able to discover any weaknesses in the ECDSA algorithm with the secp256k1 curve.

It will not, however, ever be possible to brute-force attempt 2²⁵⁶ possibilities.

Quote from: Bulista on December 28, 2015, 05:49:22 PM

2^160 1461501637330900000000000000000000000000000000000

2¹⁶⁰ is the security level of version 1 bitcoin addresses.

Quote from: Bulista on December 28, 2015, 05:49:22 PM

2^256 115792089237316000000000000000000000000000000000000000000000000000000000000000 <- And this is how safe bitcoin is.

Nope.

That's how secure an ECDSA public key is, but version 1 bitcoin addresses use a 160 bit hash of that public key, so the security is reduced to 2¹⁶⁰.

Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 366. (Read 253308 times)