Author

Topic: Pollard's kangaroo ECDLP solver - page 102. (Read 59389 times)

sr. member
Activity: 642
Merit: 316
June 14, 2020, 12:01:51 PM
-snip-
mean 789.789 is value can u div pubkey by above value ?

Can`t and nobody can`t. devider must be integer not float. all pubkeys Q=k*G, where k - integer.
member
Activity: 330
Merit: 34
June 14, 2020, 12:00:04 PM
-snip-
if need div 789.789 then ?
what you mean? you can devide point only by integer.
mean 789.789 is value can u div pubkey by above value ?
sr. member
Activity: 642
Merit: 316
June 14, 2020, 11:57:29 AM
-snip-
if need div 789.789 then ?
what you mean? you can devide point only by integer.
member
Activity: 330
Merit: 34
June 14, 2020, 11:54:07 AM
-snip-
BitCrack
apply your algo and show me pubkey div by 789 for
03D041CF467F485A96AB21EC0E1E1E26A344B28A12244320C4BDE48C123653D88F

035776b3684b6a5e9a6307aa53c3d484aabb90244e6371405c114cf8910a9a3bd0
if need div 789.789 then ?
sr. member
Activity: 642
Merit: 316
June 14, 2020, 11:48:21 AM
-snip-
BitCrack
apply your algo and show me pubkey div by 789 for
03D041CF467F485A96AB21EC0E1E1E26A344B28A12244320C4BDE48C123653D88F

035776b3684b6a5e9a6307aa53c3d484aabb90244e6371405c114cf8910a9a3bd0
And what is problem in division pub by 789?
member
Activity: 330
Merit: 34
June 14, 2020, 11:32:35 AM
@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).
That is, you can’t divide the public key by 10?
Give me any public key from which you know the private key, I will divide it by 10. And I will give in return the result in the form of a public key. And you yourself divide the private key by 10, get the public key from it and compare.

The multiplication (and division, which is multiplication with the inverse) is by scalar only. You cannot multiply two public keys without solving ECDLP first. And if you somehow can, then all coins are belong to you.

mrxtraf is saying they can "divide" the public key by 10 by multiplying the public key by the multiplicative inverse of 10 mod n.
BitCrack
apply your algo and show me pubkey div by 789 for
03D041CF467F485A96AB21EC0E1E1E26A344B28A12244320C4BDE48C123653D88F
jr. member
Activity: 30
Merit: 122
June 14, 2020, 07:56:06 AM
@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).
That is, you can’t divide the public key by 10?
Give me any public key from which you know the private key, I will divide it by 10. And I will give in return the result in the form of a public key. And you yourself divide the private key by 10, get the public key from it and compare.

The multiplication (and division, which is multiplication with the inverse) is by scalar only. You cannot multiply two public keys without solving ECDLP first. And if you somehow can, then all coins are belong to you.

mrxtraf is saying they can "divide" the public key by 10 by multiplying the public key by the multiplicative inverse of 10 mod n.
full member
Activity: 206
Merit: 447
June 14, 2020, 07:47:38 AM
@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).
That is, you can’t divide the public key by 10?
Give me any public key from which you know the private key, I will divide it by 10. And I will give in return the result in the form of a public key. And you yourself divide the private key by 10, get the public key from it and compare.

The multiplication (and division, which is multiplication with the inverse) is by scalar only. You cannot multiply two public keys without solving ECDLP first. And if you somehow can, then all coins are belong to you.
member
Activity: 255
Merit: 27
June 14, 2020, 05:49:14 AM
@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).
That is, you can’t divide the public key by 10?
Give me any public key from which you know the private key, I will divide it by 10. And I will give in return the result in the form of a public key. And you yourself divide the private key by 10, get the public key from it and compare.
full member
Activity: 206
Merit: 447
June 14, 2020, 05:37:21 AM
@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
June 13, 2020, 05:21:16 PM
Jean_Luc

Can you insert this function in the code ?


Code:
And one more trick, if the program showed not only just dead kangaroos, but also their type.



Please

Big thank you.
member
Activity: 255
Merit: 27
June 13, 2020, 12:57:00 PM

Simple model. Divided at 2 key and key-1, and paralled other key.
sr. member
Activity: 642
Merit: 316
June 13, 2020, 12:39:16 PM
Interesting thing...
For first experiment I took a public key 03f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8  pk=13
Then i made fake Tame file with DP=2 and with only one DP and very small range in DEC 0:17
Small range selected specifically to check if overlap affects.
X-coordinate was 5c778e4b8cef3ca7abac09b95c709ee5 and distance 00000000000000000000000000000002
So DP is c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
After that i make fake Wild file:
X-coordinate was 5c778e4b8cef3ca7abac09b95c709ee5 and distance 0000000000000000000000000000000B sign -
then i merge this 2 file and solve key. Ok it is correct and expected because the pub key is above "zero"


The second experiment was with almost the same key with only a minus sign 02f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8
That mean that pub key is under "zero" and -N/2+pub+N/2 do not overlap tame range..

Fake Tame file was almost the same i just change pub key y-coordinate in header

Fake Wild file the same was changed pub  key y-coordinate in header and change sign in distance to +
So we have Wild DP -2 and Tame DP +2
And after merge key was solved:
Range width: 2^5
Key# 0 [0S]Pub:  0x02F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8
       Priv: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364134

Those my theory is correct and we can reduce the range by half due to symmetry.

And here is question to @JeanLuc why  app can solve this config:
80000000000000000000
ffffffffffffffffffff
0304b504a5122bfa6d4d3c7283b1c42f732f2e68ae129a8e6eea7671aeb6fe075f

but  can`t solve this:
0
3fffffffffffffffffff
023389617b48186abe570e27966546775feaff36037a932b655c10d0c6994d7bf3

Yesterday i was wait 8h when expected time was 15minutes, so i can say that this config was impossible to solve. But what reason is?

EDIT: And one more trick, if the program showed not only just dead kangaroos, but also their type.
From the number of dead wild kangaroos, one can judge indirectly that the public key is close to the beginning of the range.
Due to symmetry, negative steps will be mirrored with positives causing a greater number of dead wild kangaroos.
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
June 13, 2020, 12:36:03 PM
I was try deduct many times Basis point from pubkey

and get this result in decimal:

Code:

55066263022277343669578718895168534326250603453777594175500187360389116729240

80461206456126903936648321769588210263641381518345730725024477625603510475367

114350281152090415002914225360680879723439364201547916387065294902806089470701

51013628197151087321576517601027944519980487992320239741969820950564947154728

81858063707046191459386939009866976545571746100767742618686877552464701474279

91885386504538144991569604282776563056639230987209343782016348535025109416865

105949401804278716591078498274389076439291177336075085569965846810479473186009

41459912523433373843361567769935953701779569108932744302847774650924271071067

92405715801833063648780028028777895808671753827946407669234064272887784157724

54418341959535059209523319322208425784424076816816028811932505061370156780655

5126047978605685512005484045416997952858866417284486515665253490591400058134

52490963540812138089050326573359765290153157657886160007707578869545978541959


32802036335507597593529078709567273036524674888099370753687496987450852461118


27863773688718935131660845784469550803460621553574213006074163405651052167161


36645545354186924026635864492819248964849682741741028893139627006539149133774

27476149675778769341425383353707820487777155825885410693677584163936411230079


54129827521380745567621263337017653354620280013802747340066967768376390656637


80638523013064036412041871548943079184689297859131619072201660923512812171502

112723772262242031666753037233989715114592529792673293658551104097788592972230

110958129610584237331452391111361457709268353430315048828827348860484327374055

50693572800016527537751387017277354813007969227988932973757409794810631509905

17856908775349033022202533859010614530493029893325487811243073805696696942498


Why if pubkey=G*x so many different result ?

What is algorithm multiply G on x Huh?

Does a algorithm for get Pubkey is Q=G * x * ?


member
Activity: 255
Merit: 27
June 13, 2020, 11:16:41 AM

interesting solution, but it won’t work if only public keys are known, let's say there is a public key theoretically with private key 1, how to divide the public key by 10 to get public key with 0.1 without knowing the private keys?

You can't.

Let P be a public key with unknown private key k (that means P = k*G)
 
By definition, you can get a public key Q such that 10*Q = P in this way:

Q = inv(10)*P = inv(10)*k*G

that's all you can have (if you don't know k, you don't know inv(10)*k neither)
But it’s really possible to divide any public key into 10 without knowing the private one. But to divide by 3, 6, 7, 9, 14 .... is already more difficult.

It is the same thing. Inv(10) or inv(3), where is the difference?
Therefore, when dividing the public key Q, other methods are used and there is no inv (10). You can give a public key from which you know the private one and I will divide it by 10. And you will check using the private key.


So, PrivKey from 160 bytes = privkey 80 bytes*2 ?
No. if simple prikey from 160 bytes = privkey 159 bytes * 2.
But what does dividing and multiplying by 2 have to dividing by 10?
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
June 13, 2020, 11:07:43 AM

interesting solution, but it won’t work if only public keys are known, let's say there is a public key theoretically with private key 1, how to divide the public key by 10 to get public key with 0.1 without knowing the private keys?

You can't.

Let P be a public key with unknown private key k (that means P = k*G)
 
By definition, you can get a public key Q such that 10*Q = P in this way:

Q = inv(10)*P = inv(10)*k*G

that's all you can have (if you don't know k, you don't know inv(10)*k neither)
But it’s really possible to divide any public key into 10 without knowing the private one. But to divide by 3, 6, 7, 9, 14 .... is already more difficult.

It is the same thing. Inv(10) or inv(3), where is the difference?
Therefore, when dividing the public key Q, other methods are used and there is no inv (10). You can give a public key from which you know the private one and I will divide it by 10. And you will check using the private key.


So, PrivKey from 160 bytes = privkey 80 bytes*2 ?
member
Activity: 255
Merit: 27
June 13, 2020, 10:42:48 AM

interesting solution, but it won’t work if only public keys are known, let's say there is a public key theoretically with private key 1, how to divide the public key by 10 to get public key with 0.1 without knowing the private keys?

You can't.

Let P be a public key with unknown private key k (that means P = k*G)
 
By definition, you can get a public key Q such that 10*Q = P in this way:

Q = inv(10)*P = inv(10)*k*G

that's all you can have (if you don't know k, you don't know inv(10)*k neither)
But it’s really possible to divide any public key into 10 without knowing the private one. But to divide by 3, 6, 7, 9, 14 .... is already more difficult.

It is the same thing. Inv(10) or inv(3), where is the difference?
Therefore, when dividing the public key Q, other methods are used and there is no inv (10). You can give a public key from which you know the private one and I will divide it by 10. And you will check using the private key.
sr. member
Activity: 642
Merit: 316
June 13, 2020, 10:12:56 AM

What you think about deduct G from PubKey many times ? Because of no ":" function on EC and we can't get x from pubkey with divide. I thin is idea to get pubkey ready for hack what have no G's component.

Huh
Look to the python code, function to devide point is called ptdiv(pt,a,p,n)
where pt is point and a is integer devider
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
June 13, 2020, 10:00:02 AM
Becouse above code not exact work. Please, someone make a scrypt for automatic shifting pubkey to "zero" ?
python code worked like sharm..

@Jeanluc can you explaine this, please.



Cool. So not need enother code.

What you think about deduct G from PubKey many times ? Because of no ":" function on EC and we can't get x from pubkey with divide. I thin is idea to get pubkey ready for hack what have no G's component.

Huh
sr. member
Activity: 642
Merit: 316
June 13, 2020, 09:56:35 AM
Becouse above code not exact work. Please, someone make a scrypt for automatic shifting pubkey to "zero" ?
python code worked like sharm..

@Jeanluc can you explaine this, please.


Jump to: