Topic: Pollard's kangaroo ECDLP solver - page 15. (Read 56355 times)

I tried with more than 45k public keys of top btc wallets but as i expected, months and months passed without a single private key retrieved .. because in such case you are searching the entire range of private keys using your public keys with kangaroo .. and no animal in the world could ever jump that high 😉

Can anyone explain, there is any chance to use it in btc mainnet?
There is any vulnerability addresses in blockchain that can be hacked with kangaroo ecdlp solver?
Or it's nearly impossible to retrieve private key only from public key and outgoing transactions?

you need to know how it works
I am not an expert but I understand basic and overview (not sure I understand clear all)

kangaroo and BSGS both have some different technic and some parts same technic
kangaroo work like blind two people walk to hits each other if both walks hit your found key but if not never found a key kangaroo is a technic walk to hit spot it fast when using GPU but if blind walk in a small room with hit easy but both blind walking in a football field or in sea, kangaroo not use much memory on PC but using fast speed to walk that is calculated point to jump by use GPU make blind  walk faster until hits
if kangaroo use wrong jump it will take time a lot and never hit mostly is still have a problem when walk in space

BSGS uses store million/billion points in memory that it is made to use more memory
babystep gientstep,  babystep is small point quantity million point start if choose babystep large size will using large memory on PC, and then giant step is babystep to move next position next and next until cover your spot
point quantity 1 million lines using storage save on disk 70MB and point 10 million using space 700MB and 100 million use 7GB storage save on harddisk so, on memory it same if boomfile is large will use on memory large
if use a small size babystep will using time compare using 1 million and use 2.5 hundred thousand 4 time
maybe imagine using table in excel spredsheet first table is babastep and change the table to giantstep
or maybe imagine like raining in a small area and clouds move to hit your spot if large could rain in a wide area using large memory

gtx 1070 has 8GB memory
kangaroo uses GPU and use 8GB on the card
but BSGS use memory on PC if have 32GB or 64GB will be can use large size of babystep

first time I doubt why not make BSGS use on GPU for faster
try BSGS solver for Cuda ( Purebasic v5.31)
understand try iceland2k14/bsgs/v1_fastecdsa

That's basically what's going on.

GPUs have about as much on-board memory as a small computer has RAM. CUDA can only use the onboard memory, because there is a large performance penalty in moving data between host and device that will neutralize any "hacks" and "tricks" the code does.

Speaking of faster .. i have a question that is bugging me ..common sense would suggest that gpu is always faster by many folds than cpu .. but how in the hell is my cpu faster?! Here is what i did..
Tried kangaroo on gtx 1070 : GREAT speed
Tried keyhunt BSGS mode: just way faster?!?!
What gives? How come a gpu program would yield test results in more time than a cpu one? Am i doing something wrong concerning the gpu part? I only stick to default commands on both .. except that keyhunt BSGS uses as much memory as you want it to as long as you have enough for it .. which gives you a speed pump with every increase in memory allocation!

If anyone tried both too and got the same thing please enlighten me. Thnx

I haven't tried the command version.
but the last time I checked, there was a cuda-based large number library. development continued.

https://github.com/NVlabs/CGBN

I've been searching the Elliptic Curve Arithmetic library to experiment on cuda.

had any cuda dev  worked on these commnand based some scripts ?

Good idea .. due to things like this, i once spent 2 hours trying to fully install a library .. a lot of searching and navigating through stackexchange and quora.. such a waste of time and energy

Lol Yess!

Guys, do you think I should convert these [my] python scripts into a library, with it's own PIP page and docs? So that people no longer make fundamental errors when using them and then calling me for tech support...

You can't divide a point by a point. A point can only be multiplied by a number. In this case we are multiplying by an inverse number, thus imitating the division of a point by a number.

from fastecdsa import curve
from fastecdsa.point import Point
import bit

G = curve.secp256k1.G
N = curve.secp256k1.q
DIV = '02AE3482B19E840288CC9B302AD9F5DC017AB796D3690CC8029017A8AF3503BE8E'
pubkey = '03ec0f4d728d248698a59d3a50a0469da06fdb8019700dfc5de9eae2dd93fc2bc8'

def pub2point(pub_hex):
    x = int(pub_hex[2:66], 16)
    if len(pub_hex) < 70:
        y = bit.format.x_to_y(x, int(pub_hex[:2], 16) % 2)
    else:
        y = int(pub_hex[66:], 16)
    return Point(x, y, curve=curve.secp256k1)


Q = pub2point(pubkey)
R = pub2point(DIV)
z= Q / R

print(z)


-----------------------------------------
>>>    z= Q / R
TypeError: unsupported operand type(s) for /: 'Point' and 'Point'




CAN ANYONE HELP,HOW TO CORRECT THIS

THANKS

So basically the biggest barriers are knowledge of cryptography, extensive Math, and gpu-specific programming 🤔

As a C++ dev, I can tell you that the language is not the obsticle to designing these programs, but it's the knowledge required for curves, finite fields, groups, etc AND implementing all that in C++ or even JS, I'm sure I left out a ton of number theory topics from this list that are required studying as well [not to mention that GPU programming is done in a completely different language that is extremely difficult to debug].

I think if it was that easy to crack 64, someone would have tweaked the version to become 64bit .. but looks like it's already been done in secret but still unsolvable, or no one has the knowledge to do it yet .. tools like bitcrack and keyhunt makes me regret not taking cpp seriously back in my enthusiastic days .. but overall, devs like these taught me a lot more than i thought i know about bitcoin

115 bits is the ceiling, actually, when you have the public key - as Pollard's Kangaroo uses a faster iterative algorithm to guess the private key.

63 when you only have the address. But then again, Bitcrack's linear search is not optimized, and I suspect that a GPU farm could solve #64 if only it had a 64-bit version of Bitcrack (the current version uses only 32-bit words) and an optional bit pattern filter to filter out long sequences of zeros and ones.

Or maybe 120 and 64 are the roofs in current technology .. it really seems so hard to crack those two .. been trying it for months now using multiple workarounds and tweaks but they're still out there unsolvable .. not to mention that the more resources you put into this, the more you realize you need even more resources .. hats off to Satoshi, this puzzle proved that best case scenario is you can only crack a private key of 119 bits out of the PRACTICAL staggering 256 bits .. cracking bitcoin is simply impossible, at least for this generation and under current tech

Well, if zeilar managed to clear 20% of the keyspace for #120, it should not be too hard for someone to construct a DC and put an end to that key.

Or maybe puzzle solving is becoming more like mining, where it's only done when BTC price is profitable, only without those pesky ASICs and difficulty levels, hmmmm....

Did everyone gave up on the challenges/puzzles?   

To increase the upper range, you must either supply a public key with a larger value private key, or you can tweak the "divisor" constant in the code and make it lower, because divisor makes the upper range smaller:


PS. I totally forgot about that drama on that page of this thread Time flies, doesn't it? In fact, most of the people on this thread aren't around anymore.