Author

Topic: Help needed : how to restrict the bruteforce key search space using ꜱᴍᴛ solver ? (Read 81 times)

member
Activity: 285
Merit: 27
ASICS IS A POWER!!!


Share result then you try this, please.
Hemm asics is for mining not brute forcing Bitcoin accounts. Also most sat solvers already have fpga ports in addition into being able at least in theory shrinking the number of required computations.

And without help for solving the issues above, this will stay a nice post on Bitcointalk without any implementations
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
ASICS IS A POWER!!!


Share result then you try this, please.
member
Activity: 285
Merit: 27
‎Hi, from puzzles to private keys partially lost, there are a lot of cases where the first bytes from a private key are known but not the public’s key because of ᴘ2ᴘᴋʜ. And there’re software called ꜱᴀᴛ solvers (or ꜱᴍᴛ solver when there’s integers and not just bits) that can find solutions to mathematical equations systems : basically, you unroll all loops from a program and turn all variables as equations they hold (you also try to rewrite the program in order to reverse operations like transforming additions into substations ; divisions into multiplications and so on). So you get equations you study in K‒12 (but with far more variables) and the aim is to find the unknown bits (as such or forming an Integer). The solver attempts to rewrite the equations and then performs a bruteforce search on the possible solutions if there are several possible solutions or sends the result if it can be directly determined. https://doc.sagemath.org/html/en/reference/spkg/cryptominisat.html

A better alternative in this class of attacks is to compute what’s called Gröbner’s bases. But that tends to be a manual process and is complicated enough that it was never attempted on Bitcoin despite Bitcoin’s popularity.

So going back to Bitcoin’s key bruteforce, currently either you have to brute force something like all possible 270 keys which looks economically infeasible or I have to brute force sha256 through an ᴀꜱɪᴄ in order to find a preimage of the public key’s.  
This means either the private key portion or either the partial sha256 is useless to restrict the search space…

Given using sat solvers for Bitcoin mining (so finding pre‑images in a specific case) showed mixed results, my idea would be to use ꜱᴍᴛ/ꜱᴀᴛ solving for restricting the search space using both the partial hash along with the first private key’s bytes. Currently, I’m not looking at making it more efficient than bruteforcing, but just to get it working.

There are 2 ways to do it : either to search for the private key directly or search for the public key which then can be reversed quickly using Pollard’s kangaroo.

  • Incrementing a private key by 1 leads to incrementing the public key by 0xBAAEDCE6AF48A03BBFD25E8CD0364141 (G of secp256k1). This means there’s a range of public keys, but unless the Koblitz curve can be converted to a more useful curve, I fail to see how to use this type of information for formalizing into a useful way for at least an ꜱᴍᴛ solver.
  • As retrieving a private key from a public key is the same as solving the discrete logarithm, I fail to see how to express a formula that would allow a ꜱᴍᴛ/ꜱᴀᴛ solver to restrict the sha256 search space using the restricted private key search space (since the first private key bytes are known).

Of course, a solver will end up performing a bruteforce search but any thoughts on how to mathematically link the 2 informations for an ꜱᴍᴛ solver for shrinking the brute force search space compared to searching all possible private keys irrelevant of the hash ?
Jump to: