Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 52. (Read 215539 times)

I only know how to do this with OpenSSL's BIGNUM and functions like BN_add, BN_sub, BN_mul, BN_mod, etc., for arithmetic operations. But I don't believe that the speed will be that high. Maybe 5M hops/s on single-core CPU.

You can easily get 11M hops/s on single-core CPU

Do a single inverse (10-20x speedup).
Use carry-free representation (1-2x speedup).
Dump GMP, it does generic arithmetic, not specialized to our needs (> 75% speedup).

With GMP, using MPN (lowest level possible) calls, and naive point addition like the one above, I never topped 700 K/s. In plain C.

Likely it would be even faster than 11-12 M/s with careful choices so that all data resides in CPU cache and the core is strongly assigned (no context switch).

But IMO it's just an exercise. The cost per kangaroo jump, in watts, is not worth it even if the speed would be triple or whatever. You might also get a fried CPU. Serve with potatoes and ketchup.

I understand, it's not a bad idea to try. I tried to see what was in his  kangaroo .so file from

https://dogbolt.org/


Best result is from Retargetable Decompiler(RetDec)

the decompiled output contains low-level assembly instructions and it's challenging to fully reconstruct high-level source code from compiled binaries, but you can see roughly what the program accesses and how.

I think he packaged the code with Cython a Python compiler.

No, I meant using his secp256k1 library, integrating it into another kangaroo python script. I haven't really looked at his kangaroo library.

https://github.com/iceland2k14/kangaroo.git
from here?


# time python3 kangaroo.py -p 03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4 -keyspace 8000000000:ffffffffff

• Starting CPU Kangaroo.... Please Wait     Version [ 15112021 ]
• Search Mode: Range search Continuous in the given range
• Working on Pubkey: 04a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d47ba1a987013e7 8aef5295bf842749bdf97e25336a82458bbaba8c00d16a79ea7
• Using  [Number of CPU Threads: 11] [DP size: 10] [MaxStep: 2]
• Scanning Range           0x8000000000 : 0x100007fffffffff
• [3074.58 TeraKeys/s][Kang 11264][Count 2^28.20/2^29.07][Elapsed 08s][Dead 2][RAM 29.6MB/45.1MB] 

============== KEYFOUND ==============
Kangaroo FOUND PrivateKey : 0x000000000000000000000000000000000000000000000000000000e9ae4933d6
======================================

• Program Finished

real   0m8.687s
user   1m31.744s
sys   0m0.095s

It has not been updated for a long time.

Same here... I love small simple scripts like these.
I start to get lost when I see a script that has over 1000 lines of code.

So some how i got side tracked by this kangaroo thing cause i thought i saw a way to make it better. look.

• KANGAROO: Fri Jul 12 23:59:50 2024
• [Puzzle]: 40
• [Lower range limit]: 549755813888
• [Upper range limit]: 1099511627775
• [X]: 73698089885969865917178217585365130397293864653143545863290470632977971667156
• [Y]: 55920112788027504860697624221258924004816541552996850637631037640326076931751
• P-table prepared
• Hops: 472063.55 h/s
• PUZZLE SOLVED: Fri Jul 12 23:59:56 2024
• Private key (dec): 1003651412950
• Hops: 2970544
• Average time to solve: 6.33 sec

Ole, FE57, oldie but goodie!  I believe it's sprinkled in the python script as well.  But this was one of the first Python scripts that I remember seeing put out for the public. Many worked on it.

https://github.com/Telariust/pollard-kangaroo

I'm wondering if going from GMP to iceland's package, would offer some speed up.

I have almost the same speed regardless of whether I use Python, Rust, or C++, as long
as it's based on a script from here


https://fe57.org/forum/thread.php?board=4&thema=1#1


This is because I have exactly the same GMP library and the same formulas everywhere.

hi there wandering,

what kind of code you have to do this speed next to his code, tweaked it,
got it for sharing ready, thanks for sharing,
i got the 640000 whatever it said with the original.,
so would be nice to have a faster one..

Single core, Python script:


And it could be faster with some tweaks.

I am still on Earth.  

I don't even have a GPU card right now. Here is Kangaroo C++ in one single file:

kangaroo.cpp

Build command:

#./kangaroo

• KANGAROO: Sat Jul 13 18:30:32 2024
• [Puzzle]: 40
• [Lower range limit]: 549755813888
• [Upper range limit]: 1099511627775
• [X]: 73698089885969865917178217585365130397293864653143545863290470632977971667156
• [Y]: 55920112788027504860697624221258924004816541552996850637631037640326076931751
• P-table prepared
• Hops: 456661 h/s
• PUZZLE SOLVED: Sat Jul 13 18:30:35 2024
• Private key (dec): 1003651412950
• Hops: 1366627
• Average time to solve: 2 sec

More than 450K hops per second on a single core.
Kangaroo power value is crucial in determining the efficiency for solving puzzle. It affects the balance between the number of "tame" and "wild" kangaroos and the size of the steps they take. Finding the optimal value can require manually calibration based on the specific puzzle number.

Thanks to 57fe for idea  

Tho let the wildest Kangaroos into the realm of quantum entanglement and free them of collision harmfulness. A wild mutation out of nowhere will emerge at once from the multiverse of Schrodinger cats, as the living proof of certainty of uncertainty. Make Heisenberg proud and escape us of the hardness of ECDLP's secret hidden patterns. Let's embrace that Public Key is just a mind construct, such like time, out of our control. Don't try to break it, let's dance gracefully around it and forget it even exists.

And if ECDLP dares to fight, summon all qubits from all realities to join the GBB (Great Bits Battle). Take control over the full quantum state and derive all the keys at once in a single Matrix Transition, for your Desired Outcome. Show'em who the boss is. Make your own reality!

Meow.

So 2 days ago I was convinced I had it, today i feel further away than ever. What I've been doing is converting some features to binary and carefully engineering matrices that convert them into quantum states. I've identified a pattern in the data that is very hard to express. At first I thought this pattern I have been trying to zero in on was the puzzle, but the more I work the more convinced I become that what I am looking at is not the pattern of the puzzle. In Bitcoin, the one-way nature of elliptic curve point multiplication on the secp256k1 curve ensures that while a private key can easily generate a public key and address, reversing the process to derive the private key from the public key or address is computationally infeasible due to the hardness of the Elliptic Curve Discrete Logarithm Problem. Except I think there is leakage, in the data. It's just hidden really, really well. Anyway the search continues. Have fun with your kangaroo!

I suspect and breath a bad digaran breath here...

He told you and explained indirectly that it doesn't help find the original private key. You'll just be in a infinite loop with unknown keys that cannot be found. So you'll endup having trying to find some random private keys the same way as finding the orginal key if you decide to divide or even multiple.


Yes you can divide any key by 2, 3 or even 9999999999999999999999 but it doesn't make any sense, because the key won't really be divideded according to our needs because of floats

EDIT: I might have understood your point. YES you could divide the key by 2 since you have 50 % 50 % that its even or odd and if you're lucky enough if the original private key ends with 2, 4, 8 or 10 (even numbers) yes you could divide and cut a little bit of its length and size but then what? What's next? The new key is still big as hell to be found and searched. And if you try to keep dividing the divided keys by 2 you will definitely f*ck up with a key and divide a key that ends with a odd number ( 1 , 3 , 5 , 7 , 9 ) and then good morning u will end with a random key on the curve that is totally unknown.

It doesn't help.

Yes, I read about it here on the forum! thanks for the answer! But there was a message on this branch with a division by 2. and there was an answer to it, but I don't remember which one and on which page these messages are also I don't remember. But the question is, if it were possible to divide public keys by 2? would it make it easier to find the private key? what I remember seems to be the answer to that message was "if we could divide the public key by 2, then finding the private key would be easy, and it seems to have given the formula", if I was wrong, please correct me!

Division by 2 just means to multiply by 1/2 mod N.
1/2 just means 2's inverse so that 2*x = 1 mod N.
Inverse of x mod N just means x^N-2 mod N (Fermat Little Theorem).

Let's take F = { y(x) = 2^x mod 11, 0 < x < 11 }

and some known y = 5: 2^x = 5 mod 11

"Divide" public key by 2: 2^x/2 = 5/2 mod 11

2^x-1 = 2^-1 * 5 mod 11
2^-1 = 2^11-2 mod 11 = 6

So: 2^x-1 = 5*6 mod 11 = 8

Great, now you have to find x - 1. Repeat? Sounds like nothing really changed.

Let's take F = { (x, y) = [k]G, 0 < k < N }

and some known (x, y) = Q: [k]G = Q

"Divide" public key by 2: [k/2]G = [1/2]Q

[k/2]G = [2^-1]Q
2^-1 = 2^N-2 mod N

So: [k/2 mod N]G = [2^N-2 mod N]Q

Great, now you have to find k / 2. Repeat? Sounds like nothing really changed.

If you fall into the trap that k is somehow half the size now, remember this:
1. Division of a field element means multiplying the element with the divisor's field inverse.
    k is not an integer in an infinite field, but a finite field. You can't just half it's value, that only makes sense in an
    infinite field, and only if such an inverse really exists.
2. Groups do not have multiplication operation, only addition. There's no such thing as multiplying or division of elliptic points, they form a group, not a field. "Point multiplication by k" just means adding the point to itself k times. "Division by k" means adding the same point to itself k^N-2 mod N times. You need to respect the definitions of what something can be called a "group" or "field", "finite" vs "infinite", not invent or borrow properties from different structures. It can't work.

Created this
https://github.com/Paper-Universe/Puzzle-Work
The code searches smaller ranges, saves the range, and tells you how much of the total range you have searched.
I also have the files of ranges that I've personally searched.
If you want to contribute your welcome too.
code is beginner level so might not be the best but from the tests I've done it functions properly.

Hello everyone, can you tell me if there has been a message here for a long time? where it says "if it would be possible to divide a point on the curve by 2, then find the private key, etc.." I've seen this message here before and it was answered by someone. I can't seem to find this page.