Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 79. (Read 230409 times)

Every time you request a random number using functions like random.randint(), random.random(), or others from the random module, it generates the next number in the sequence based on the seed value.

ON the smaller puzzles it is easy to guess what the seed is. You need to restart and restart app and you will find out which is the fastest seed by repetition.


I've tried all possible puzzles from 1 to 50 and iterate over possible seed values, set the seed, generate a random number, and check if it matches target number(WIF in decimal). Solved up to 50.

I tried the same method with #65 and I'm getting an approximate number for now.

Start position is constant_prefix = b''  and  if str(dec).startswith('30568')
with which I came to constant_prefix = b'r\xbd\x83\r\xec}'

the script itself generates the additional number of bytes to the required length

The closest I've come up with 9 to 2 ** 65





30568377314984161259 : b'r\xbd\x83\r\xec}\xfc\xbf\xde'


And need to be:
30568377312064202855

Random seed search? are you doing? What exactly is this and how does it work? Can you share whether it works for puzzle 66?

It can be done in 1 millisecond if you hit the random seed, believe it or not.

You need to crack random.seed for each Puzzle. Here is example:




Puzzle: 30
Bitcoin address Compressed: 1LHtnpd8nU5VHEMkG2TMYYNUjjLc992bps
Private Key (decimal): 1033162084
Private key (wif) Compressed : KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M8diLSC5MyERoW
Random seed: b'yx\xcb\x08\xb70l\xf1'
Execution Time (ms): 1.9545555114746094

Hi @all.

Testing JLP's kangaroo with an RTX 4090 and getting a speed of 2230 MK/s.

What speeds are you getting? eg. for RTX 3080, RTX 3080Ti, RTX 4080

Thanks for your answers.

Any version, but preferably the last of them. You use instead of -b value, for example -r 349B84B64310000000:349B84B6431A6FFFFF

Does anyone know if keyhunt has a version that supports custom range searches? (bsgs mode, without -b parameter, use -range instead)

No.


This topic has been discussed a lot in the past.

Like I said, Keyhunt has that option but the speed gets halved for each extra target.

The same would happen with a Kangaroo implementation that can search for multiple targets simultaneously.

If it can search for one key at 4 Gk/s, two keys would be searched in parallel at 2 Gk/s each. And so on.

Once this patch is installed, can multiple Pubkey scans be performed at the same time in the Kangaroo program?
There are algorithm differences, but multiple scanning is possible with Keyhunt bsgs. I think it can happen with Kangaroo, but it needs to be worked on technically

JLP's kangaroo supports a maximum range width of 125 bits.

So you can split #130 into multiple chunks each with 125 bit width at max.

Chunks with 125 bit width would look like this for #130:

200000000000000000000000000000000:21FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
220000000000000000000000000000000:23FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
240000000000000000000000000000000:25FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
...

Now imagine all the years and decades wasted searching through empty sub-ranges.

---

Only Keyhunt has that option and the speed will halve for each extra key.

I'd like to point out that JLP's kangaroo has a bug regarding multi pubkey.

After saving and reloading the program only the first public key from the input file will be present.

There's a patch to fix that which can be found here:

https://github.com/JeanLucPons/Kangaroo/pull/79/commits/9f92bad8390932e5cd3827608a609b822671ec3a

Yes I believe the range width limit is 2^128 or 2^125 when you run JLP's Kangaroo it will tell you your range width of what your searching for.
so the limit for #130 would be
300000000000000000000000000000000:3ffffffffffffffffffffffffffffffff
if the 2^128 range width is correct else
3E0000000000000000000000000000000:3ffffffffffffffffffffffffffffffff
for range width 2^125.
Why I recommend Etar's if your doing the full range is because their kangaroo has a range width of 2^192.

Searching thousands of pubkeys at the same time with keyhunt bsgs is a great thing. The same thing would be great if it was on the kangaroo show, I wanted to know that. Thanks for your professional answer.

No. You have 500 different problems, not one problem with 500 variables. Each public key means you have to start a new kangaroo algorithm from scratch, you can't check for collisions for multiple public keys at the same time, it just ends up needing to track multiple sorts of wild kangaroos, which just ends up as a separate kangaroo problem to handle, instead of mixing 500 different brands of kangaroos inside the same algorithm.

I have a question
It is for people who know the Kangaroo program well.

Kangaroo program has a multiple pubkey search feature, but it searches sequentially. that is, key1 key2 key3. It does not search for key2 before key1 is found. Likewise, it does not search for key3 unless key2 is found. I AM GIVING AN EXAMPLE. We have created 500 pubkeys. Is it possible to search all of them at the same time? Is there anyone working on this? can you share?

So you're saying that you can still use JLP's code for #130 as long as the range is smaller? smaller by how much? can you give me an example?
You mean like instead of
200000000000000000000000000000000:3ffffffffffffffffffffffffffffffff
you make it like
210000000000000000000000000000000:220000000000000000000000000000000 
or something?

Depends on what puzzle you want to solve if its #130 or above with public keys then Etar's Kangaroo or another modified kangaroo is the way to go
If you want to do puzzles without public keys like #66 or #67 you can join a pool there's a couple that you can find on (https://privatekeys.pw/puzzles/bitcoin-puzzle-tx) but if you want to go solo to get the full reward then the software that a lot of people use you can find here (https://bitcointalksearch.org/topic/--5422375)
I myself use JeanLucPons kangaroo for #130 on cpu and have a python script that I wrote to make each thread search a random smaller range and saves that randomly generated range so I don't search that range again and prints the percent of the total range I have completed.
For the smaller puzzles without public keys I use bitcrack2 for gpu and keyhunt-cuda for cpu running the same python script.
 

I want to play, I just cant figure out a good way to hook up. Anyone have any suggestions? Pools to join?

Thanks in advance

Steps duration more than doubles than the time of the previous depth, at each depth, duh.


I think it's more like "stop using a secp256k1 batch group addition that runs 6x times slower than what the hardware can accomplish".


Challenge accepted. Let's do this, shall we?

1. CPU: speed is faster when using 5 x 52-bit limbs instead of 4 x 64-bit limbs because instructions can now run in parallel (SIMD) instead of limbs being dependent on each other's results (due to carry flag propagation, which is a performance killer on any CPU).
    (this alone gets you a 50% speedup at least)
    NOW... how many tools that have blatantly copied each other's "fast" code assumed "this is the fastest, I won't bother"?
 
2. There's a trick to also compute the batched inverse faster (same idea, get rid of partial products inter-dependency).
    (speedup is around 5%)

There's some secp256k1 ASM code out there that uses 4x64-bit limbs, which is slower than using no ASM and 52-bit limbs, and letting the compiler do the SIMD instruction packaging.

Refs for the above: Bernstein (some 2009 PDF), also "Modern computer arithmetics".

3. GPU: this is way more problematic. Let's start with some facts:

- GPU global & local (stack) memory is very, very slow to access; fastest code will do very few memory loading and storing.
- all threads compute the exact same instruction at every cycle (conditional branches are masked no-ops)
- all instructions are actually executed by 32-bit arithmetic units (64-bit are emulated)
- you have some small amount (48 kB) of fast on-chip shared memory accessible to all threads in a block / SM.
- you have some very small amount (1 KB) of extremely (fastest possible) registers on each thread

Now, if we do the math depending on GPU specs, clock frequency, how many cycles a fused multiply-add instruction takes, etc, we can arrive at some very impressionable numbers, for example of how many secp256k1 field multiplications / s (with modular reduction included et all) the GPU is capable of. These values are indicating to us that "hey, why the hell can we do billions of modular mul/s but when we run JLP's kangaroo the numbers are 10% of the theoretical peak?"

Now... looking at JLP's Kangaroo which you call "the fastest", what do we see?

- kangaroos get copied between global memory and local memory (stack), but if the stack gets too large (which it does, because it wants a large "gpu group size" to theoretically speed up inverse calculus), this just results of copying from global memory to global memory, doubling both the loading/storing, AND the required memory size, and slowing the runtime overall).
   Someone might say: this is done for coalescing reasons, etc. - why the hell is this the GPU kernel's concern, not the host's?
- on-chip shared memory is completely ignored and used as L1 cache (but what is it caching? one-time memory reads? oh no...);
- are all the PTX-base  routines taking notice that the GPU has a multiply-and-add 32-bit HW instruction? answer: no, everything is a 64-bit pointer...;
- kernel logic for batched addition is convoluted and modularized to the point it makes the compiler optimizations close to impossible, increasing the register pressure.
- at the highest possible level, a lot of things can be strategically better thought. Things like "X items were lost because you have no idea what arguments to use, bro" should not exist. The GPU should act as a continuous DP generator, with no lunch breaks between the kernel launches. Separate better the concerns between producing DPs and consuming DPs.

Just are these some of the ideas. There are more which I won't mention, since it's much too technical.

I never got further than 2**50 steps. Somewhere on  2**45 it starts to slow down.

Try to make SECPK1 6x (six times) faster first.

The fastest implementation for secp256k1 code that I ever see and use it is already inside of kangaroo tool.

https://github.com/JeanLucPons/Kangaroo/tree/master/SECPK1

I would like to see some new ideas here.

I think the only way you can truly know is to test it yourself with a bot and a 66 bit private key address

Hypothetically lets say someone where to crack puzzle #66 tomorrow. Are there any practical ways they could sweep the wallet considering how many bots are monitoring the network ready to crack the weak public key as soon as it gets revealed?

It just feels to me like people are wasting there time with 66 as any attempts to take the prize will end in shambles. Would the only feasible way to spend the winnings be to mine a block yourself without broadcasting the transaction? Obviously not very practical for the average joe.

Interested in hearing your thoughts.

pseudospace.