Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 78. (Read 248927 times)

I don't think so much about this topic anymore. I don't have enough number of GPU cards. Some 500-600 pieces are beyond my reach.

The goal was to find the best parameters to reduce the complexity, as in, the minimum average number of group operations, which does not depend on the problem size. In no way should anyone attempt to use the script as a production executable, even if built in Cython. It is still a naive approach, done in RAM.

So what do you think about the 3-walks kangaroos, what should the correct parameters be to reach 1.7 or 1.8 sqrt(b) ops? The script is broken for that strategy, after some fiddling with the intervals and the way tames and wilds are sampled sometimes it goes at about 1.9 sqrt(b) but it should in theory be a lot lower than that.

I think the wilds and anti-wilds colliding between them is the trick, but they don't do that as often as a tame/wild collision... so it must depend on where they start from.

For DP = 0 the script can solve on average in 1.36 or 1.46 sqrt(N) using the appropriate strategies, but obviously that only makes sense up to a point. We need something that is sub-2 sqrt(b) and also works with DP > 0. And not using 3 kangaroos, but many tens of thousands.

This can be converted to a .so file using Cython. I achieved an acceleration of over 150K hops per second, so it should reach around 550K hops per second.

Here’s an example of what your setup.py might look like:

copy/paste code to puzzle.pyx

setup.py

Build the .so File


This command compiles the .pyx file into a .so file. The --inplace flag tells the compiler to place the resulting .so file in the same directory as your source file.


puzzle.py



Private Key: 0xade6d7ce3b9b
Ops: 11631360 Stored: 11631276
Speed: 449407 ops/s

Optimization flags like -O3, -march=native, -flto will generally improve performance.But it can be worse or it can be buggy.

However, the problem is that the kangaroo algorithm needs to attack Puzzle 130 right away, which is beyond Python's capabilities.

These are such large numbers that you can only get depression from them.

New version of Python Kangaroo!

Using gmpy2 to accelerate a little bit the field math yields around 400k ops/s so please do not use this to search for high-bit puzzles.

I added some different strategies for sampling tames and wilds from the search interval which affects the theoretical complexity. My goal was to validate the following strategies:
- interval [0, b) using van Oorschot parameters for parallel collision should average 2* sqrt(b) ops
- interval [-b/2, b/2] using equivalence classes and birthday paradox should average 1.36 * sqrt(b) ops
- the 3-kangaroo method using negation symmetry should have resulted in 1.72 ... 1.81 * sqrt(b) ops

So what's the catch? After doing around 1000 test runs using random private keys with misc. strategies the average solving complexity (the sqrt(b) factor excluding the DP overhead) doesn't really match expectations:

- when DP = 0 (all points are DP) and we use the negation symmetry we can converge to almost 1.36 * sqrt(b) ops on average, which I think it is close to the minimal possible complexity conjectured by Pollard, e.g. 1.25 sqrt(b)
- when DP > 0, if we only jump forward, symmetry fails for walks, and complexity seems to go back to 2.0 sqrt(b) or worse.

How to fix? Jump side-by-side in deterministic way, so use Y sign to determine if jump goes forward or backward. Now we can end up with cycles in the jump travel. Most of them are 2-cycles (next jump goes to the same element as previous jump) which can easily be detected, and if so, jump again with the previous distance instead of jumping back to the previous point...

THREE kangaroos!

The papers analyse how we can use a third walk and solve the key whenever ANY two of the three walks collide, when only traveling forward. The trick is that we also start with a wild kangaroo that starts from -P plus some offset. Then we have three types of collision:

T / W1: solve for k = tameDist - wildDist
T / W2: solve for k = tameDist + wildDist (e.g. P traveled "backward" since -P walked forward)
W1/W2: if offsets don't sum up to 0, then k = (w1 - w2) * 2**-1

Because we hash DP by X we can easily solve the 4 different cases of each type of collision and check if it's the solution.

Tames should start at around -b/2 + b*8/10 == b*3/10  -this makes average distance to P or -P less than 0.2*b and means we would have to travel shorter walks on average.

Pollard's paper for 3 and 4 kangaroos suggest that the complexity should be 1.81 sqrt(b) or even 1.71 sqrt(b) for 4 kangaroos. I wasn't able to reach this complexity by using the suggested mean jump size (0.375*sqrt(b)). This strategy should in theory keep the same complexity when using DP > 0 and be parallelizable with same van Oorschot methodology. Both of these statements are in the paper, but I didn't manage to have success with them. So if anyone knows more about this 3 or 4 kangaroos, please explain:

- what is the maximum expected/allowed walk distance for a tame and for a wild_1 and wild_2?
- does the parallelization using van Oorschot (e.g. start = idx * v + z) apply or not? has anyone ever actually studied this?

Again - do not search for puzzles using this script. It is 100% just of theoretical interest.

CODE: https://pastebin.com/8Z69sRcU

Couldn't embed in post as it was too long...

If you ask such questions  it's not for you and you have no idea what this whole "puzzle thing" is all about...

Hello friends, I have just registered on this site. I apologize if I am not asking my question in the right place. I have a question for you dears. I was on the site https://frikiscape.com looking for a puzzle solution, but suddenly after I pressed the start button, a few minutes later I was shown a private key address along with two compressed and uncompressed addresses with their private keys. Does this mean that I have achieved an address with balance? Because I checked both addresses and both had zero balance. And my next question is, if I have solved the puzzle, what are the next steps? That is, what should I do in order to be able to withdraw the number of bitcoins that exist?

All of us have it here:

https://privatekeys.pw/puzzles/bitcoin-puzzle-tx

Good idea. And  add a disclaimer that the "32 BTC Puzzle" is not a puzzle at all but rather a bruteforce BenchMark or specific BruteForcing contest. Because there is no error or pattern to be in the puzzle category. 

I think we all need a new topic/reminder - where it will be written how many puzzles have been solved and how many are left - then Q & A for n00b`s about what you use as a puzzle solver(which scripts are useless and why), what is used as a wallet if the puzzle is solved and why, how does the bots work and what is a solution against bots(MARA's Marathon Slipstream)  

Maybe after that close this topic? ... Too much time is wasted on (the same) explanations in this topic.

puzzle-67 is twice as difficult as puzzle-66.
puzzle-68 is twice as difficult as puzzle-67.
and so on.

The best chance to find a key is when you focus on the easiest available puzzle, that is puzzle-66 now.
But after you find a key you may have difficulties claiming it, it even can be stolen as soon as you try to move it. Maybe there is a work-around but that isn't 100% secure either.

What is better probability to find a key? To search 66-puzzle only or search 66-67-68-69-puzzles simultaneously?

Thank you guys for explanation.

Hello there.

The address 34MSicAL7qVGkevFPLwyc9KohGzoUSnu3Q is a 2-of-3 multisig address.

Its public keys are 036c75675da3fdc06a9e6940b4af97a856eb8801ed9b8c77941ac397f0abda5acc, 02502e76bc019532f74e0dad286477ccecacc1fc74695949ff368742fe9a5b4051 and 033960592197eeb6a199804eefc7e5db45c6570cea6e503d8616ccf939c691cd25

The redeem script is 5221036c75675da3fdc06a9e6940b4af97a856eb8801ed9b8c77941ac397f0abda5acc2102502e7 6bc019532f74e0dad286477ccecacc1fc74695949ff368742fe9a5b405121033960592197eeb6a1 99804eefc7e5db45c6570cea6e503d8616ccf939c691cd2553ae

I hope this helps 

These types of addresses(P2SH) do not use public keys. It is a locking and unlocking script. It specifies the conditions under which funds can be spent. It can be a custom script or a standard one, such as multisig.

Guys i confused about this address :

https://www.blockchain.com/explorer/addresses/btc/34MSicAL7qVGkevFPLwyc9KohGzoUSnu3Q

here there are some outgoing transactions but
here say this address has not any public key

https://blockchain.info/q/pubkeyaddr/34MSicAL7qVGkevFPLwyc9KohGzoUSnu3Q


may someone explain this to me please?

With "pool miner" I mean someone with mining gear participating in mining in a public mining pool (which MARA pool isn't) where anybody can mine its shares for the pool to find a block.

Why would a miner in a public pool need the whole block template? He needs only the 80 bytes of the blockheader, not all the block's transactions!

As long as the number and sequence of transactions in the to be mined template block aren't changed by the pool operator the Merkle Tree Root Hash in the blockheader doesn't change and a miner only needs the short blockheader where all transactions are condensed to the Merkle Tree Root Hash.

A pool miner can then hash crunch varying the nonce and maybe also the block time. Actually I'm not sure if a pool miner also fiddles with the extra nonce field of the coinbase transaction. If yes, he would need the whole Merkle Tree branches proofs to properly construct the resulting Merkle Tree Root Hash for the blockheader. Not sure if this is done in public pool mining as you would allow a stranger (pool miner) to construct the Coinbase transaction. The Coinbase transaction isn't signed with a private key as its input isn't a previous transaction output.

I think I know how mining works, maybe not the very inner mechanics of pool mining software for sure, though. Correct me, if I'm wrong, always eager to learn Bitcoin's details properly.

Often, I don't have the necessary concentration to read all the posts carefully. This is especially true when the topics involve unicorns, magic circles, magical math, and looking into a crystal ball to see how the winning transaction will reach its destination.

What is the topic here? Do you even read all the posts here? Do you still think that as soon as you get the puzzle 66 key, the money is yours?

Meanwhile...

https://imgur.com/a/MnXVbn5

How to reduce the off-topic in this thread?