Author

Topic: Pollard's kangaroo ECDLP solver - page 109. (Read 59389 times)

full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 03:53:53 PM

Where on that page do you go, and what do you enter exactly?

Put tame "distance" in Secret Exponent, and select compressed to view only X coord in Pubkey (after 02/03)
Code:
0000000000000000f862dc916dfc4479 -> 02:000002af00818a0d3e8923d211901f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46

I see there is a match in the LSBs:
Code:
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46
So I take it this was a solved key?


Code:
TAME: 01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000f862dc916dfc4479
WILD: 01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000502a2b5c6849dc12

SECRET_PRIV_KEY = TAME_DIST - WILD_DIST + START
0xf862dc916dfc4479 - 0x502a2b5c6849dc12 + 2**64 = 0x1a838b13505b26867
Thank you! Is there another way to calculate private key?
Any how, I was able to calculate, correctly, the formula you two have provided.
How do you calculate when you have to add say a 2^115? Or do you have/know of a calculator that autocalculates everything once you enter Tt - Tw + 2^x ?
newbie
Activity: 17
Merit: 0
June 04, 2020, 01:59:29 PM

Where on that page do you go, and what do you enter exactly?

Put tame "distance" in Secret Exponent, and select compressed to view only X coord in Pubkey (after 02/03)
Code:
0000000000000000f862dc916dfc4479 -> 02:000002af00818a0d3e8923d211901f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46

I see there is a match in the LSBs:
Code:
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46
So I take it this was a solved key?


Code:
TAME: 01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000f862dc916dfc4479
WILD: 01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000502a2b5c6849dc12

SECRET_PRIV_KEY = TAME_DIST - WILD_DIST + START
0xf862dc916dfc4479 - 0x502a2b5c6849dc12 + 2**64 = 0x1a838b13505b26867
member
Activity: 144
Merit: 10
June 04, 2020, 11:09:58 AM
@WanderingPhilospher

Let G = secp256k1_generator_point

Edit:
Let LSB = 128 lower bits of the x-coordinate

(0x0000000024a2b6bb0000000026dd90e3)*G = 0x1bfbfb9e55b617f03ad44aabe7545c1aad8ac86776cf2b3ba9bc5d0eb1002f99

Doesn’t match the LSB of the x-coordinate from your tame line data, maybe try a few more random points from the file. I was able to validate 10,000 points from my file without any errors.

Yes, you should be able to solve the key when there is a match from the files. But you will also need the beginning range that was used to solve for the original key. We only need to find out if there’s a match of the LSB of the x-coordinates from both types of kangaroos, then we can use the distances and the beginning range to calculate the private key.

So, if you have matching LSBs, then you may have a solution? In your estimate, how many times can LSBs match up but do not solve the key, guesstimate.

If you have 128-bit matching LSB, then with very high probability that you will find a solution. The probability for not finding a solution with 128-bit matching LSB is very small:

[number of entries in your hash table] divided by [2^128]
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 11:01:20 AM
Some examples from 65bits address.
You can use https://brainwalletx.github.io/ to check G**p tame points.

Code:
TAME
01f57df72a208ecb0dff27e1836f190850728 0000000000000000c6b916f827ecc764
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000f862dc916dfc4479
01f84404e1bbaf74e5e86ddf86fa2e96f165a 0000000000000000d190f29c6c0596f6
34f64327b6e6129a2af1cc6a106f2cec5fcf0 00000000000000001f9e0d582f7942fd
f6889b8abd66be32f13ebe2cf24d5ab6b62 00000000000000009b0984d32bf64396
34f6fdd77d4d6a532866be4fdfa5923a09ead 0000000000000000bc3de9e206c157db
--
WILD
34f44f024c8997abff6b5f1ee364c414c3016 0000000000000000344f3351ce019232
34f6889b8abd66be32f13ebe2cf24d5ab6b62 -00000000000000000d2f2c61d9bc24d1
34f738fed0a483f198a7a44d04e073c45b962 -0000000000000000602f88bbfaa6b336
01f7a2ae1656a659818a81f9a87204c29f1e8 -000000000000000048ea5f42dfb5bcc4
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000502a2b5c6849dc12
01f8143c41d86963bf9df718f9d0ba2e80cd7 00000000000000000a350d95bb55cb79


Where on that page do you go, and what do you enter exactly?

I see there is a match in the LSBs:
Code:
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46
So I take it this was a solved key?
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 10:52:56 AM
@WanderingPhilospher

Let G = secp256k1_generator_point

Edit:
Let LSB = 128 lower bits of the x-coordinate

(0x0000000024a2b6bb0000000026dd90e3)*G = 0x1bfbfb9e55b617f03ad44aabe7545c1aad8ac86776cf2b3ba9bc5d0eb1002f99

Doesn’t match the LSB of the x-coordinate from your tame line data, maybe try a few more random points from the file. I was able to validate 10,000 points from my file without any errors.

Yes, you should be able to solve the key when there is a match from the files. But you will also need the beginning range that was used to solve for the original key. We only need to find out if there’s a match of the LSB of the x-coordinates from both types of kangaroos, then we can use the distances and the beginning range to calculate the private key.

So, if you have matching LSBs, then you may have a solution? In your estimate, how many times can LSBs match up but do not solve the key, guesstimate.
newbie
Activity: 17
Merit: 0
June 04, 2020, 10:40:31 AM
Some examples from 65bits address.
You can use https://brainwalletx.github.io/ to check G**p tame points.

Code:
TAME
01f57df72a208ecb0dff27e1836f190850728 0000000000000000c6b916f827ecc764
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000f862dc916dfc4479
01f84404e1bbaf74e5e86ddf86fa2e96f165a 0000000000000000d190f29c6c0596f6
34f64327b6e6129a2af1cc6a106f2cec5fcf0 00000000000000001f9e0d582f7942fd
34f6889b8abd66be32f13ebe2cf24d5ab6b62 00000000000000009b0984d32bf64396
34f6fdd77d4d6a532866be4fdfa5923a09ead 0000000000000000bc3de9e206c157db
--
WILD
34f44f024c8997abff6b5f1ee364c414c3016 0000000000000000344f3351ce019232
34f6889b8abd66be32f13ebe2cf24d5ab6b62 -00000000000000000d2f2c61d9bc24d1
34f738fed0a483f198a7a44d04e073c45b962 -0000000000000000602f88bbfaa6b336
01f7a2ae1656a659818a81f9a87204c29f1e8 -000000000000000048ea5f42dfb5bcc4
01f7fe7bfd3dc4c604b3e708c2fb4bdd2ed46 0000000000000000502a2b5c6849dc12
01f8143c41d86963bf9df718f9d0ba2e80cd7 00000000000000000a350d95bb55cb79

member
Activity: 144
Merit: 10
June 04, 2020, 10:11:29 AM
@WanderingPhilospher

Let G = secp256k1_generator_point

Edit:
Let LSB = 128 lower bits of the x-coordinate

(0x0000000024a2b6bb0000000026dd90e3)*G = 0x1bfbfb9e55b617f03ad44aabe7545c1aad8ac86776cf2b3ba9bc5d0eb1002f99

Doesn’t match the LSB of the x-coordinate from your tame line data, maybe try a few more random points from the file. I was able to validate 10,000 points from my file without any errors.

Yes, you should be able to solve the key when there is a match from the files. But you will also need the beginning range that was used to solve for the original key. We only need to find out if there’s a match of the LSB of the x-coordinates from both types of kangaroos, then we can use the distances and the beginning range to calculate the private key.
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 09:57:52 AM
Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Without knowing how the data is encoded/decoded, the lines by themselves are not very useful. A link to the source code would be very useful in this case.
was the export done by patatasfritas where he stated:
Quote
The X-coord is 128+18 bits and distance 126bits. The X-coordinate could be re-generated from the distance if necessary.

source code:
Code:
// Read DP
  for(uint32_t h = 0; h < HASH_SIZE; h++) {

    fread(&items,sizeof(uint32_t),1,f1);
    fread(&maxItems,sizeof(uint32_t),1,f1);

    for(uint32_t i = 0; i < items; i++) {
      fread(&x,16,1,f1);
      fread(&d,16,1,f1);
      sign = (d.i64[1] & 0x8000000000000000);
      htype = (d.i64[1] & 0x4000000000000000);

      if(htype==0) {
          ::fprintf(ft,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          ::fprintf(ft,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numTame++;
      } else {
          ::fprintf(fw,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          if(sign)
            ::fprintf(fw,"-");
          ::fprintf(fw,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numWild++;

ft = tame; fw= wild.



I found and compiled the above source code and my exported data validates while yours do not.

The first column is the least significant bits (LSB) of the x-coordinate, and the second column is the traveled_distance to multiply secp256k1_generator_point with.

Tame:
[distinguished_point] = (tame_traveled_distance)*(secp256k1_generator_point)

Wild:
[working_public_key] = [(original_public_key) - (beginning_range)*(secp256k1_generator_point)].
[distinguished_point] = [(+-wild_traveled_distance)*(secp256k1_generator_point)] + [working_public key]
[private_key] = (beginning_range) + (tame_traveled_distance) +- (wild_traveled_distance)

Thank you!  Great explanation.

When you say your export data validates while mine did not, what do you mean? I just copied and pasted the first two lines from each file that were generated from the export option.

For the private key; can it be solved via the data you get from the export source code I listed above? Sounds like it's missing a piece of data?

So, in order for the server to solve the private key, all it needs is x coord and distance?
Code:
// Send DP to server
      for(int g = 0; g < CPU_GRP_SIZE; g++) {
        if(IsDP(ph->px[g].bits64[3])) {
          ITEM it;
          it.x.Set(&ph->px[g]);
          it.d.Set(&ph->distance[g]);
          it.kIdx = g;
          dps.push_back(it);
The server takes in all the DPs, compares all the x coords and distances, to see if a collision has been made/the key is solved?
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 09:46:47 AM
Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Without knowing how the data is encoded/decoded, the lines by themselves are not very useful. A link to the source code would be very useful in this case.
was the export done by patatasfritas where he stated:
Quote
The X-coord is 128+18 bits and distance 126bits. The X-coordinate could be re-generated from the distance if necessary.

source code:
Code:
// Read DP
  for(uint32_t h = 0; h < HASH_SIZE; h++) {

    fread(&items,sizeof(uint32_t),1,f1);
    fread(&maxItems,sizeof(uint32_t),1,f1);

    for(uint32_t i = 0; i < items; i++) {
      fread(&x,16,1,f1);
      fread(&d,16,1,f1);
      sign = (d.i64[1] & 0x8000000000000000);
      htype = (d.i64[1] & 0x4000000000000000);

      if(htype==0) {
          ::fprintf(ft,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          ::fprintf(ft,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numTame++;
      } else {
          ::fprintf(fw,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          if(sign)
            ::fprintf(fw,"-");
          ::fprintf(fw,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numWild++;

ft = tame; fw= wild.



I found and compiled the above source code and my exported data validates while yours do not.

The first column is the least significant bits (LSB) of the x-coordinate, and the second column is the traveled_distance to multiply secp256k1_generator_point with.

Tame:
[distinguished_point] = (tame_traveled_distance)*(secp256k1_generator_point)

Wild:
[working_public_key] = [(original_public_key) - (beginning_range)*(secp256k1_generator_point)].
[distinguished_point] = [(+-wild_traveled_distance)*(secp256k1_generator_point)] + [working_public key]
[private_key] = (beginning_range) + (tame_traveled_distance) +- (wild_traveled_distance)

Thank you!  Great explanation.

When you say your export data validates while mine did not, what do you mean? I just copied and pasted the first two lines from each file that were generated from the export option.

For the private key; can it be solved via the data you get from the export source code I listed above? Sounds like it's missing a piece of data?
member
Activity: 144
Merit: 10
June 04, 2020, 09:25:41 AM
Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Without knowing how the data is encoded/decoded, the lines by themselves are not very useful. A link to the source code would be very useful in this case.
was the export done by patatasfritas where he stated:
Quote
The X-coord is 128+18 bits and distance 126bits. The X-coordinate could be re-generated from the distance if necessary.

source code:
Code:
// Read DP
  for(uint32_t h = 0; h < HASH_SIZE; h++) {

    fread(&items,sizeof(uint32_t),1,f1);
    fread(&maxItems,sizeof(uint32_t),1,f1);

    for(uint32_t i = 0; i < items; i++) {
      fread(&x,16,1,f1);
      fread(&d,16,1,f1);
      sign = (d.i64[1] & 0x8000000000000000);
      htype = (d.i64[1] & 0x4000000000000000);

      if(htype==0) {
          ::fprintf(ft,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          ::fprintf(ft,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numTame++;
      } else {
          ::fprintf(fw,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          if(sign)
            ::fprintf(fw,"-");
          ::fprintf(fw,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numWild++;

ft = tame; fw= wild.



I found and compiled the above source code and my exported data validates while yours do not.

The first column is the least significant bits (LSB) of the x-coordinate, and the second column is the traveled_distance to multiply secp256k1_generator_point with.

Tame:
[distinguished_point] = (tame_traveled_distance)*(secp256k1_generator_point)

Wild:
[working_public_key] = [(original_public_key) - (beginning_range)*(secp256k1_generator_point)].
[distinguished_point] = [(+-wild_traveled_distance)*(secp256k1_generator_point)] + [working_public key]
[private_key] = (beginning_range) + (tame_traveled_distance) +- (wild_traveled_distance)
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 08:38:44 AM
Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Without knowing how the data is encoded/decoded, the lines by themselves are not very useful. A link to the source code would be very useful in this case.
was the export done by patatasfritas where he stated:
Quote
The X-coord is 128+18 bits and distance 126bits. The X-coordinate could be re-generated from the distance if necessary.

source code:
Code:
// Read DP
  for(uint32_t h = 0; h < HASH_SIZE; h++) {

    fread(&items,sizeof(uint32_t),1,f1);
    fread(&maxItems,sizeof(uint32_t),1,f1);

    for(uint32_t i = 0; i < items; i++) {
      fread(&x,16,1,f1);
      fread(&d,16,1,f1);
      sign = (d.i64[1] & 0x8000000000000000);
      htype = (d.i64[1] & 0x4000000000000000);

      if(htype==0) {
          ::fprintf(ft,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          ::fprintf(ft,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numTame++;
      } else {
          ::fprintf(fw,"%05x%016lx%016lx ", h & 0x3ffff, (uint64_t) (x.i64[1]), (uint64_t) (x.i64[0]));
          if(sign)
            ::fprintf(fw,"-");
          ::fprintf(fw,"%016lx%016lx\n", (uint64_t) (d.i64[1] & 0x3fffffffffffffff), (uint64_t) (d.i64[0]));
          numWild++;

ft = tame; fw= wild.

member
Activity: 144
Merit: 10
June 04, 2020, 08:24:57 AM
Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Without knowing how the data is encoded/decoded, the lines by themselves are not very useful. A link to the source code would be very useful in this case.
sr. member
Activity: 462
Merit: 701
June 04, 2020, 07:22:45 AM
I'm sorry but I can't help you as I'm not the author of this mods.
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 06:36:35 AM
What does program compare to result in a solved key/solution?

(Tame,Wild) = Collision
k = k1 + Tame.dist - Wild.dist

Tame File:
Code:
000000000000054e3f71000000000a250208a 0000000024a2b6bb0000000026dd90e3

Wild File:
Code:
00003000000007666967d0000000093b5394a 000000008dc1e960000000002be62262

Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Anyone?
i do not know what wild and tame file you have, but work file has Dp points like tame and wild.
Each dp have 2 128bit word distance and x-coordinate.
There will be collision if x-coordinate of tame and wild Dp the same.
to chech what type of Dp need test 126 bit of distance if it zero then it is tame dp, if it is one then dp is wild.
Thank you.
The above tame and wild files, were from some random search I did. These tame and wild were exported from a workfile using this program.
So for the above tame and wild, the first part of each line needs to match; the x coord? The second part is the distance and it just tells us what kind of kangaroo it is?
sr. member
Activity: 642
Merit: 316
June 04, 2020, 04:23:59 AM
What does program compare to result in a solved key/solution?

(Tame,Wild) = Collision
k = k1 + Tame.dist - Wild.dist

Tame File:
Code:
000000000000054e3f71000000000a250208a 0000000024a2b6bb0000000026dd90e3

Wild File:
Code:
00003000000007666967d0000000093b5394a 000000008dc1e960000000002be62262

Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Anyone?
i do not know what wild and tame file you have, but work file has Dp points like tame and wild.
Each dp have 2 128bit word distance and x-coordinate.
There will be collision if x-coordinate of tame and wild Dp the same.
to chech what type of Dp need test 126 bit of distance if it zero then it is tame dp, if it is one then dp is wild.
jr. member
Activity: 43
Merit: 1
June 04, 2020, 03:52:25 AM
What does program compare to result in a solved key/solution?

(Tame,Wild) = Collision
k = k1 + Tame.dist - Wild.dist

Tame File:
Code:
000000000000054e3f71000000000a250208a 0000000024a2b6bb0000000026dd90e3

Wild File:
Code:
00003000000007666967d0000000093b5394a 000000008dc1e960000000002be62262

Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Anyone?
Ask Etar he know
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 04, 2020, 01:13:39 AM
What does program compare to result in a solved key/solution?

(Tame,Wild) = Collision
k = k1 + Tame.dist - Wild.dist

Tame File:
Code:
000000000000054e3f71000000000a250208a 0000000024a2b6bb0000000026dd90e3

Wild File:
Code:
00003000000007666967d0000000093b5394a 000000008dc1e960000000002be62262

Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Anyone?
sr. member
Activity: 462
Merit: 701
June 03, 2020, 11:27:37 AM
6*sqrt(N) => 99.752% chance that you found the key so ~0.25% chance that the key is well in the range.
This value assume that your setup is well tuned with a negligible DP overhead.
member
Activity: 170
Merit: 58
June 03, 2020, 10:22:05 AM
What is the earliest moment to be sure that range is wrong and result is outside? 6N?
full member
Activity: 1162
Merit: 237
Shooters Shoot...
June 03, 2020, 10:14:48 AM
What does program compare to result in a solved key/solution?

(Tame,Wild) = Collision
k = k1 + Tame.dist - Wild.dist

Tame File:
Code:
000000000000054e3f71000000000a250208a 0000000024a2b6bb0000000026dd90e3

Wild File:
Code:
00003000000007666967d0000000093b5394a 000000008dc1e960000000002be62262

Those are from Tame and Wild files. What exactly does the program look for in those 2 lines above to result in solved key? Can anyone break it down by line and what the line/characters represent?  Thanks.
Jump to: