Topic: Pollard's kangaroo ECDLP solver - page 101. (Read 58630 times)

Sure.

The inverse of 789 mod n = 90549707299650307447836879278023370272751301850683416988678562304583910826370

Multiply your public key by that and you get:

035776B3684B6A5E9A6307AA53C3D484AABB90244E6371405C114CF8910A9A3BD0

Multiplying that point by 789 will result in the original public key. In otherwords, 789 * 90549707299650307447836879278023370272751301850683416988678562304583910826370 = 1 (mod n).

Are you guys still discussing the off-topic things?

It was said several times, that there is no division for public points. Our brains want to visualize the division process and we only imagine integers. But group field works under different principles.

The only thing we can do - is to multiply by the inverse scalar. That's it. But we still just multiplying a public point by the integer number, and divide it.

For every integer x we can find inverse y which is such a number where x*y%order = 1, where order if the order of the group.
No inverse exist for 0, and for order itself.

Easy explanation for the group of 7 elements (let's say week days from Monday to Sunday):
If you multiply Wednesday by 4, you will receive Friday (3*4%7 = 12%7 = 5)
For division, we also make multiplication by the inverse scalar. Here is the list of inverse scalars for every number:
inverse(1) = 1
inverse(2) = 4
inverse(3) = 5
inverse(4) = 2
inverse(5) = 3
inverse(6) = 6
inverse(7) does not exist

Now if you want to "divide" Friday by 4, you should multiply it by inverse(4) = 2. So, we have 5*2%7 = 10%7 = 3
You can see that equation is correct as it was in the 1st example (where we multiplied Wednesday by 4).

You should never divide 5 by 4 and imagine number 1.25, and so on. It is not correct.

All the elements in the group is a wheel, and repeating after reaching the order.
So, if we divide some number x by k within the group with finite order, we are searching such a number y, which will give us x if we multiply it by k: y * k = x
In order to find it, we calculate inverse k'=(1/k), and make the multiplication: y = x * (1/k)

Кaк двa пaльцa oб acфaльт  
Like two fingers on the asphalt.
K * 1000 = NK
f(NK / 1000) = MK

each representation K like positive or negative or fraction is allways positive integer from 1 to n.
if you say me positive integer representation of 789.789 i can easy devide any pub key by this valus. Here no problem to do this.

Good day. Do you know how get wright range for kangaroo search ? And how maybe manipulate pubkey for  so range ?

Thx

btw let me say,
highest value in ecc is 1
1 = 115792089237316195423570985008687907852837564279074904382605163141518161494337. 0
and above to 0 is
0.11579208923731619542357098500868790785283756427907490438260516314151816149433 7

so each and every digit have value, and i can div them in integar and float too actual low then 1 is called is fractional point,and i can play with each and every point

Can`t and nobody can`t. devider must be integer not float. all pubkeys Q=k*G, where k - integer.

mean 789.789 is value can u div pubkey by above value ?

what you mean? you can devide point only by integer.

if need div 789.789 then ?

035776b3684b6a5e9a6307aa53c3d484aabb90244e6371405c114cf8910a9a3bd0
And what is problem in division pub by 789?

BitCrack
apply your algo and show me pubkey div by 789 for
03D041CF467F485A96AB21EC0E1E1E26A344B28A12244320C4BDE48C123653D88F

mrxtraf is saying they can "divide" the public key by 10 by multiplying the public key by the multiplicative inverse of 10 mod n.

The multiplication (and division, which is multiplication with the inverse) is by scalar only. You cannot multiply two public keys without solving ECDLP first. And if you somehow can, then all coins are belong to you.

That is, you can’t divide the public key by 10?
Give me any public key from which you know the private key, I will divide it by 10. And I will give in return the result in the form of a public key. And you yourself divide the private key by 10, get the public key from it and compare.

@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).

Jean_Luc

Can you insert this function in the code ?




Please

Big thank you.

Simple model. Divided at 2 key and key-1, and paralled other key.

Interesting thing...
For first experiment I took a public key 03f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8  pk=13
Then i made fake Tame file with DP=2 and with only one DP and very small range in DEC 0:17
Small range selected specifically to check if overlap affects.
X-coordinate was 5c778e4b8cef3ca7abac09b95c709ee5 and distance 00000000000000000000000000000002
So DP is c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
After that i make fake Wild file:
X-coordinate was 5c778e4b8cef3ca7abac09b95c709ee5 and distance 0000000000000000000000000000000B sign -
then i merge this 2 file and solve key. Ok it is correct and expected because the pub key is above "zero"


The second experiment was with almost the same key with only a minus sign 02f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8
That mean that pub key is under "zero" and -N/2+pub+N/2 do not overlap tame range..

Fake Tame file was almost the same i just change pub key y-coordinate in header

Fake Wild file the same was changed pub  key y-coordinate in header and change sign in distance to +
So we have Wild DP -2 and Tame DP +2
And after merge key was solved:
Range width: 2^5
Key# 0 [0S]Pub:  0x02F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8
       Priv: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364134

Those my theory is correct and we can reduce the range by half due to symmetry.

And here is question to @JeanLuc why  app can solve this config:
80000000000000000000
ffffffffffffffffffff
0304b504a5122bfa6d4d3c7283b1c42f732f2e68ae129a8e6eea7671aeb6fe075f

but  can`t solve this:
0
3fffffffffffffffffff
023389617b48186abe570e27966546775feaff36037a932b655c10d0c6994d7bf3

Yesterday i was wait 8h when expected time was 15minutes, so i can say that this config was impossible to solve. But what reason is?

EDIT: And one more trick, if the program showed not only just dead kangaroos, but also their type.
From the number of dead wild kangaroos, one can judge indirectly that the public key is close to the beginning of the range.
Due to symmetry, negative steps will be mirrored with positives causing a greater number of dead wild kangaroos.

I was try deduct many times Basis point from pubkey

and get this result in decimal:


Why if pubkey=G*x so many different result ?

What is algorithm multiply G on x ?

Does a algorithm for get Pubkey is Q=G * x * ?