Topic: Pollard's kangaroo ECDLP solver - page 16. (Read 58537 times)

Just use "report to moderator" button that's under the post, mods will find it much quicker than when you post it in a thread.

It's pretty lame plagiarism though, links and emoticons were not copied.

Thanks for spotting, I've reported it here. So many post thieves lately, hopefully this one gets banned! [update: user has been banned]

I hate being so suspicious, but your very first post on this forum being a plagiarism spot feels off to me. Are you stealing posts with one account and then "reporting" it with another to try and get some merit?

He is stealing the post

I wouldn't say that with 100% confidence .. any address that starts with the number "1" (i mean a p2pkh address) is prone to 160 bit range attack using private key cracking tools .. it is well known that this entire first 160 bit range has all addresses (including the 40+ millions with balance) .. this is the problem with hashing public keys .. coz you basically reduced cracking difficulty down from 256 bits to 160 bits .. however, this doesn't mean that bitcoin security got any loopholes .. just watch how only 64 bits are beating the hell out of all crackers trying to solve one address within it .. trying to go through the entire 64 bits, you would have to traverse 18 million trillion private keys .. this number is so huge that the average person will never hear about it in their lifetime coz most likely they will never need to .. ok going forward, getting out of this range and moving up one bit to 65 bit range .. is double that number .. keep doubling on every bit until you reach 160 bits and you would have to crack one quindecillion private keys .. in case you wonder, one quindecillion is a number consisting of 49 digits (1 followed by 48 zeros) .. no machine in our world is known to be able to even count through this whole range within like what, a million generations lifetime?  let alone trying to convert each pvt key to public key hash .. in simple words: practically impossible

Update: edited some wrong calcs.

Yeah I get it thanks. Still the odds of finding one remain almost the same if you scan through 2^255

You simply got it backwards ..

 One private key does NOT open 2^96 addresses
instead,
 One address can be opened by 2^96 private keys

See the difference?

Thanks for the reply!

I'm missing something...So these addresses will have different public keys or not?

Can one private key control 2^96 different wallets?

For example when I import some random private key in Electrum wallet and click on "sweep funds" am I sweeping one wallet or 2^96 different wallets?

For the public address (p2pkh) you perform the following two nested hash functions RIPEMD160(SHA256(public_key)) as far as I remember.

It doesn't spoil your further calculation too much, but the valid range for private keys is any 256-bit number from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140. Anyway, you're in the correct ballpark.  

Couldn't have said it better .. in theory, there are enormous amount of private keys that open one single wallet .. i read somewhere that they found some collisions but were empty wallets .. however, there have been no claims about finding any UTOX with collisions .. although i tend to expect that even when found, it will never be announced .. it would hurt the technology and hurt bitcoin specifically

Yes exactly and for a simple fact :

16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN (and every other wallet address of this type) is encoded on 160 bits (and not on 256 bits like the majority of other crypto parameters in bitcoin protocol)
16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN is base58 encoded and is 3ee4133d991f52fdf6a25c9834e0745ac74248a4 (20*8bytes = 160bits) in hexadecimal
(
Unlike public keys that are encoded on 256 bits

a simple wallet address (p2pkh) is simply obtained by the function hash160(public_key)

So if you have the possibility to browse the entire 1-2^256 space and to compute the hash160 function for every hash160(public_key)  derived from 1-2^256 private keys you will find an average of 2^(256-160) = 2^96 public key with hash160=16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN .


But even if 2^96 seems big its far away smaller from 2^256. And it's pretty impossible to have a collision between two random public key in the using age of bitcoin.

But theoretically if you find any public key derived from a private key with hash160(public_key)=  '16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN' or = to any other non zero wallet address you will able to unlock the coins.

Because the verification in the bitcoin protocol to prove that you are the owner of the private key is simply "have you signed the transaction with the private key associated to a public key that gives 16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN (or any other target address) with hash160 function

So there are 2^96 different private keys in the entire 2^256 space that can "unlock" for example this address: 16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN (Puzzle 64)? Can anyone confirm this?

Did you use this Kangaroo tool? Because when I use it with multiple keys it doesn't pass to the next one if the previous key is not in the specified range. I don't know if it's only my problem or I should use a command or something.

I know all that ..for multi keys i never use kangaroo i use keyhunt BSGS mode .. it can search millions of pubkeys at a time but .. and that's a big but .. every single pubkey you add to the list, is gonna cut your speed greatly.. so it's a tradeoff .. but still, result is it would take eternity for you to calculate even a single key out of this .. like i said, tried for several months uninterrupted and got nothing .. nil .. zilch .. the 2^256 range is unimaginably large that even quantum computers would look like an infant trying to squeeze a mountain with its palm

kangaroo can search only one public key each time if have multiple pubkey setups first pubkey will be search
kangaroo can not search multiple keys in the same time because it is use pubkey that search to calculate multiply number for the search
if search multiple pubkey at the same time that means your kangaroo program or script will be worked by calculating multiply many key in the same time
JeanLucPons Kangaroo and another kangaroo in Github work by searching one key

first time I looking for kangaroo or other program that can search multiple pubkey in same time too but not have one becuase it is work by one pubkey search

You was searching 45k public keys at the same time with kangaroo?

Got it .. thanks 👍

I tried with more than 45k public keys of top btc wallets but as i expected, months and months passed without a single private key retrieved .. because in such case you are searching the entire range of private keys using your public keys with kangaroo .. and no animal in the world could ever jump that high 😉

Can anyone explain, there is any chance to use it in btc mainnet?
There is any vulnerability addresses in blockchain that can be hacked with kangaroo ecdlp solver?
Or it's nearly impossible to retrieve private key only from public key and outgoing transactions?

you need to know how it works
I am not an expert but I understand basic and overview (not sure I understand clear all)

kangaroo and BSGS both have some different technic and some parts same technic
kangaroo work like blind two people walk to hits each other if both walks hit your found key but if not never found a key kangaroo is a technic walk to hit spot it fast when using GPU but if blind walk in a small room with hit easy but both blind walking in a football field or in sea, kangaroo not use much memory on PC but using fast speed to walk that is calculated point to jump by use GPU make blind  walk faster until hits
if kangaroo use wrong jump it will take time a lot and never hit mostly is still have a problem when walk in space

BSGS uses store million/billion points in memory that it is made to use more memory
babystep gientstep,  babystep is small point quantity million point start if choose babystep large size will using large memory on PC, and then giant step is babystep to move next position next and next until cover your spot
point quantity 1 million lines using storage save on disk 70MB and point 10 million using space 700MB and 100 million use 7GB storage save on harddisk so, on memory it same if boomfile is large will use on memory large
if use a small size babystep will using time compare using 1 million and use 2.5 hundred thousand 4 time
maybe imagine using table in excel spredsheet first table is babastep and change the table to giantstep
or maybe imagine like raining in a small area and clouds move to hit your spot if large could rain in a wide area using large memory

gtx 1070 has 8GB memory
kangaroo uses GPU and use 8GB on the card
but BSGS use memory on PC if have 32GB or 64GB will be can use large size of babystep

first time I doubt why not make BSGS use on GPU for faster
try BSGS solver for Cuda ( Purebasic v5.31)
understand try iceland2k14/bsgs/v1_fastecdsa

That's basically what's going on.

GPUs have about as much on-board memory as a small computer has RAM. CUDA can only use the onboard memory, because there is a large performance penalty in moving data between host and device that will neutralize any "hacks" and "tricks" the code does.