Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 76. (Read 230409 times)

import time, random
import secp256k1 as ice

modulo = ice.N
Gx = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
PG = Gx, Gy
Z = ice.Zero

def to_bytes(point):
    x_bytes = point[0].to_bytes(32, byteorder='big')
    y_bytes = point[1].to_bytes(32, byteorder='big')
    return b'\x04' + x_bytes + y_bytes

def from_bytes(point_bytes):
    x = int.from_bytes(point_bytes[1:33], byteorder='big')
    y = int.from_bytes(point_bytes[33:65], byteorder='big')
    return x, y

def add(P, Q, p=modulo):
    if P == Z: return Q
    if Q == Z: return P
    Px, Py = P; Qx, Qy = Q
    if Px == Qx and (Py != Qy or Py == 0): return Z
    P_bytes = to_bytes(P)
    Q_bytes = to_bytes(Q)
    result_bytes = ice.point_addition(P_bytes, Q_bytes)
    result = from_bytes(result_bytes)    
    return result

def mul2(P, p=modulo):
    if P == Z: return Z
    P_bytes = to_bytes(P)
    result_bytes = ice.point_doubling(P_bytes)
    result = from_bytes(result_bytes)   
    return result

def mulk(k, P=PG, p=modulo):
    result = Z
    addend = P
    while k > 0:
        if k & 1: result = add(result, addend, p)
        addend = mul2(addend, p)
        k >>= 1
    return result

def X2Y(X, y_parity, p=modulo):
    X_hex = '%064x' % X
    is_even = (y_parity == 0)
    Y_bytes = ice.get_x_to_y(X_hex, is_even)
    Y = int.from_bytes(Y_bytes, byteorder='big')
    if Y >= p:
        Y = p - Y
    return Y

def comparator(P, Pindex, DP_rarity, t, W, w, T):
    if P[0] % DP_rarity == 0:
        T.append(P[0])
        t.append(Pindex)
        common_elements = set(T).intersection(W)
        if common_elements:
            match = common_elements.pop()
            tT = t[T.index(match)]
            wW = w[W.index(match)]
            HEX = '%064x' % abs(tT - wW)
            dec = int(HEX, 16)
            total_time = time.time() - starttime
            print(f"\n[+] total time: {total_time:.2f} sec")
            print_status(time.ctime(), 'PUZZLE SOLVED')
            print(f"\033[32m[+] Private key (hex) : {HEX} \033[0m")
            log_solution(total_time, dec, HEX)
            return True
    return False

def search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper, lower):
    t = [lower + random.randint(0, upper - lower) for _ in range(Nt)]
    T = [mulk(ti) for ti in t]
    w = [random.randint(0, upper - lower) for _ in range(Nw)]
    W = [add(W0, mulk(wi)) for wi in w]
    Hops, Hops_old = 0, 0
    t0 = time.time()
    solved = False
    while not solved:
        for k in range(Nt + Nw):
            Hops += 1
            if k < Nt:
                pw = T[k][0] % hop_modulo
                solved = comparator(T[k], t[k], DP_rarity, T, t, W, w)
                if solved: break
                t[k] += 1 << pw
                T[k] = add(P[pw], T[k])
            else:
                k -= Nw
                pw = W[k][0] % hop_modulo
                solved = comparator(W[k], w[k], DP_rarity, W, w, T, t)
                if solved: break
                w[k] += 1 << pw
                W[k] = add(P[pw], W[k])
        t1 = time.time()
        elapsed_time = t1 - starttime
        if (t1 - t0) > 1:
            hops_per_second = (Hops - Hops_old) / (t1 - t0)
            hours, rem = divmod(elapsed_time, 3600)
            minutes, seconds = divmod(rem, 60)
            elapsed_time_str = f"{int(hours):02d}:{int(minutes):02d}:{int(seconds):02d}"
            print(f'[+] [Hops: {hops_per_second:.0f} h/s] [{elapsed_time_str}]', end='\r', flush=True)
            t0 = t1
            Hops_old = Hops
    print('\r[+] Hops:', Hops)
    print('[+] Average time to solve: %.2f sec' % ((time.time() - starttime)))

def print_status(t, message):
    print(f"\033[?25l\033[01;33m[+]\033[32m KANGAROO: \033[01;33m{t}\033[0m {message}")

def print_puzzle_info(puzzle, lower, upper, X, Y):
    print(f"[+] [Puzzle]: {puzzle}")
    print(f"[+] [Lower range limit]: {hex(lower)}")
    print(f"[+] [Upper range limit]: {hex(upper)}")
    print(f"[+] [EC Point Coordinate X]: {hex(X)}")
    print(f"[+] [EC Point Coordinate Y]: {hex(Y)}")

def log_solution(total_time, dec, HEX):
    t = time.ctime()
    dash_line = '-' * 140
    with open("KEYFOUNDKEYFOUND.txt", "a") as file:
        file.write(f"\n{dash_line}")
        file.write("\n\nSOLVED " + t)
        file.write(f"\nTotal Time: {total_time:.2f} sec")
        file.write("\nPrivate Key (decimal): " + str(dec))
        file.write("\nPrivate Key (hex): " + HEX)
        file.write(f"\n{dash_line}")

t = time.ctime()
print_status(t, "")

puzzle = 40
compressed_public_key = "03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4"
kangaroo_power = 5
lower = 2 ** (puzzle - 1)
upper = (2 ** puzzle) - 1

DP_rarity = 1 << ((puzzle - 2 * kangaroo_power) // 2 - 2)
hop_modulo = (puzzle - 1) // 2 + kangaroo_power

Nt = 2 ** kangaroo_power
Nw = 2 ** kangaroo_power

if len(compressed_public_key) == 66:
    X = int(compressed_public_key[2:66], 16)
    y_parity = int(compressed_public_key[:2]) - 2
    Y = X2Y(X, y_parity)
else:
    print("[error] pubkey len(66/130) invalid!")

W0 = (X, Y)
starttime = time.time()
print_puzzle_info(puzzle, lower, upper, X, Y)

t, W, w, T = [], [], [], []

random.seed()

P = [PG]
for k in range(255):
    P.append(mul2(P[k]))

solved = search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper, lower)

[  0d 00:00:03s ; 386.9K j/s; 1.2Mj 78.6%; dp/kgr=5.0;  0d 00:00:00s ]
[prvkey#40] 0x000000000000000000000000000000000000000000000000000000e9ae4933d6
[i] [2^39.0|-------------------------------------------------K----------|2^40.0]
[i] 386.1K j/s; 1.5Mj of 1.5Mj 100.6%; DP T+W=6+5=11; dp/kgr=5.5
[runtime]  0d 00:00:03s

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

using namespace std;

typedef array Point;

const mpz_class modulo("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16);
const mpz_class Gx("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16);
const mpz_class Gy("483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", 16);
const Point PG = {Gx, Gy};
const Point Z = {0, 0};

auto starttime = chrono::high_resolution_clock::now();

Point add(const Point& P, const Point& Q, const mpz_class& p = modulo) {
    if (P == Z) return Q;
    if (Q == Z) return P;
    const mpz_class& Px = P[0];
    const mpz_class& Py = P[1];
    const mpz_class& Qx = Q[0];
    const mpz_class& Qy = Q[1];
    if (Px == Qx && (Py != Qy || Py == 0)) return Z;
    mpz_class m, num, denom, inv;
    if (Px == Qx) {
        num = 3 * Px * Px;
        denom = 2 * Py;
    } else {
        num = Qy - Py;
        denom = Qx - Px;
    }
    mpz_invert(inv.get_mpz_t(), denom.get_mpz_t(), p.get_mpz_t());
    m = (num * inv) % p;
    mpz_class x = (m * m - Px - Qx) % p;
    if (x < 0) x += p;
    mpz_class y = (m * (Px - x) - Py) % p;
    if (y < 0) y += p;
    return {x, y};
}


Point mul(const mpz_class& k, const Point& P = PG, const mpz_class& p = modulo) {
    Point R = Z;
    Point current = P;
    mpz_class k_copy = k;
    while (k_copy > 0) {
        if (k_copy % 2 == 1) {
            R = add(R, current, p);
        }
        current = add(current, current, p);
        k_copy >>= 1;
    }
    return R;
}

mpz_class X2Y(const mpz_class& X, int y_parity, const mpz_class& p = modulo) {
    mpz_class X_cubed = (X * X * X) % p;
    mpz_class tmp = (X_cubed + mpz_class(7)) % p;
    mpz_class Y;
    mpz_class exp = (p + mpz_class(1)) / mpz_class(4);
    mpz_powm(Y.get_mpz_t(), tmp.get_mpz_t(), exp.get_mpz_t(), p.get_mpz_t());
    if ((Y % 2) != y_parity) {
        Y = p - Y;
    }
    return Y;
}

bool comparator(const Point& P, const mpz_class& Pindex, const mpz_class& DP_rarity,
                std::vector& T, std::vector& t, const std::vector& W,
                const std::vector& w) {
    if (P[0] % DP_rarity == 0) {
        T.push_back(P);
        t.push_back(Pindex);
        std::set T_set;
        for (const auto& tp : T) T_set.insert(tp[0]);
        for (const auto& match : W) {
            auto it = find(T.begin(), T.end(), match);
            if (it != T.end()) {
                int index = distance(T.begin(), it);
                mpz_class tP = t[index];
                mpz_class wP = w[distance(W.begin(), find(W.begin(), W.end(), match))];
                mpz_class dec = abs(tP - wP);
                auto end = chrono::system_clock::now();
                time_t end_time = chrono::system_clock::to_time_t(end);
                cout << "\n\033[01;33m[+]\033[32m PUZZLE SOLVED: \033[32m" << ctime(&end_time)
                     << "\r";
                cout << "\r\033[01;33m[+]\033[32m Private key (dec): \033[32m" << dec << "\033[0m"
                     << endl;
                ofstream file("KEYFOUNDKEYFOUND.txt", ios::app);
                file << "\n" << string(140, '-') << endl;
                file << "SOLVED " << ctime(&end_time);
                file << "Private Key (decimal): " << dec << endl;
                file << "Private Key (hex): " << dec.get_str(16) << endl;
                file << string(140, '-') << endl;
                file.close();
                return true;
            }
        }
    }
    return false;
}

vector generate_powers_of_two(int hop_modulo) {
    vector powers(hop_modulo);
    for (int pw = 0; pw < hop_modulo; ++pw) {
        powers[pw] = mpz_class(1) << pw;
    }
    return powers;
}

string search(const vector& P, const Point& W0, const mpz_class& DP_rarity, int Nw, int Nt, int hop_modulo,
              const mpz_class& upper_range_limit, const mpz_class& lower_range_limit, const vector& powers_of_two) {
    vector T(Nt, Z), W(Nw, Z);
    vector t(Nt), w(Nw);

    gmp_randclass rand(gmp_randinit_default);

    for (int k = 0; k < Nt; ++k) {
        t[k] = lower_range_limit + rand.get_z_range(upper_range_limit - lower_range_limit);
        T[k] = mul(t[k]);
    }

    for (int k = 0; k < Nw; ++k) {
        w[k] = rand.get_z_range(upper_range_limit - lower_range_limit);
        W[k] = add(W0, mul(w[k]));
    }

    long long Hops = 0, Hops_old = 0;
    auto t0 = chrono::high_resolution_clock::now();
    vector memo(hop_modulo);

    for (int pw = 0; pw < hop_modulo; ++pw) {
        memo[pw] = powers_of_two[pw];
    }

    bool solved = false;
    while (!solved) {
        for (int k = 0; k < (Nt + Nw); ++k) {
            ++Hops;
            if (k < Nt) {
                mpz_class pw = T[k][0] % hop_modulo;
                solved = comparator(T[k], t[k], DP_rarity, T, t, W, w);
                if (solved) break;
                t[k] += memo[pw.get_ui()];
                T[k] = add(P[pw.get_ui()], T[k], modulo);
            } else {
                int n = k - Nw;
                mpz_class pw = W[n][0] % hop_modulo;
                solved = comparator(W[n], w[n], DP_rarity, W, w, T, t);
                if (solved) break;
                w[n] += memo[pw.get_ui()];
                W[n] = add(P[pw.get_ui()], W[n], modulo);
            }
        }

        auto t1 = chrono::high_resolution_clock::now();
        double elapsed_seconds = chrono::duration_cast>(t1 - t0).count();
        if (elapsed_seconds > 2.0) {
            cout << "\r[+] Hops: " << ((Hops - Hops_old) / elapsed_seconds) << " h/s" << "\r";
            cout << flush;
            t0 = t1;
            Hops_old = Hops;
        }
    }

    cout << "\r[+] Hops: " << Hops << endl;
    auto end = chrono::high_resolution_clock::now();
    double elapsed_seconds = chrono::duration_cast>(end - starttime).count();
    return "\r[+] Solution time: " + to_string(elapsed_seconds) + " sec";
}

int main() {
    int puzzle = 40;
    string compressed_public_key = 
    "03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4";
    int kangaroo_power = 5;
    mpz_class lower_range_limit = mpz_class(1) << (puzzle - 1);
    mpz_class upper_range_limit = (mpz_class(1) << puzzle) - 1;

    mpz_class DP_rarity = mpz_class(1) << ((puzzle - 2 * kangaroo_power) / 2 - 2);
    int hop_modulo = ((puzzle - 1) / 2) + kangaroo_power;

    int Nt = 1 << kangaroo_power;
    int Nw = 1 << kangaroo_power;

    vector powers_of_two = generate_powers_of_two(hop_modulo);

    mpz_class X, Y;
    if (compressed_public_key.length() == 66) {
        X = mpz_class(compressed_public_key.substr(2), 16);
        Y = X2Y(X, stoi(compressed_public_key.substr(0, 2)) - 2);
    } else {
        cout << "[error] pubkey len(66/130) invalid!" << endl;
        return 1;
    }

    Point W0 = {X, Y};
    auto starttime = chrono::high_resolution_clock::now();
    time_t currentTime = time(nullptr);
    cout << "\r\033[01;33m[+]\033[32m KANGAROO: \033[01;33m" << ctime(¤tTime) << "\033[0m" << "\r";
    cout << "[+] [Puzzle]: " << puzzle << endl;
    cout << "[+] [Lower range limit]: " << lower_range_limit << endl;
    cout << "[+] [Upper range limit]: " << upper_range_limit << endl;
    cout << "[+] [X]: " << X << endl;
    cout << "[+] [Y]: " << Y << endl;

    vector P = {PG};
    P.reserve(256);
    for (int k = 0; k < 255; ++k) {
        P.push_back(add(P[k], P[k]));
    }
    cout << "[+] P-table prepared" << endl;

    unsigned long seed = static_cast(time(nullptr));
    gmp_randclass rand(gmp_randinit_default);
    rand.seed(seed);

    search(P, W0, DP_rarity, Nw, Nt, hop_modulo, upper_range_limit, lower_range_limit, powers_of_two);

    cout << "\r[+] Average time to solve: " << chrono::duration_cast(chrono::high_resolution_clock::now() - starttime).count() << " sec" << endl;

    return 0;
}

g++ -o kangaroo kangaroo.cpp -m64 -march=native -mtune=native -mssse3 -Wall -Wextra -ftree-vectorize -flto -O3 -funroll-loops -lgmp -lgmpxx