Pages:
Author

Topic: Pollard's kangaroo ECDLP solver - page 26. (Read 60037 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 18, 2021, 11:31:58 PM
Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.

Link to resource?

on Kangaroo.cpp
void Kangaroo::CreateJumpTable() {

Wrong function.

The code for jumping is in SolveKeyGPU and SolveKeyCPU.

You can just make a for loop between 1 to 3 or 10 that computes 3 or 10 consecutive jumps but only store the last one in the hashtable. It won't improve speed but it will slow down your hashtable from ballooning to a large memory footprint.
member
Activity: 406
Merit: 47
October 18, 2021, 07:56:16 PM

Can anyonel help to advice code on c++?

I know may be possible 99% not working and fail
I would like to test modify jump of Pollard's kangaroo
refer from kangaroo illustration JeanLucPons github
DP is foot of kangaroo right but jump is up to high right
I think 120 bit is to high  may be make jump to long will be help

yes, it possible to missing some point to found
Just would like to try

on Kangaroo.cpp
void Kangaroo::CreateJumpTable() {

this function right?

may be I change up 2 to  3-10
just testing a little
jr. member
Activity: 81
Merit: 2
October 18, 2021, 08:50:03 AM
Deny it again if you can.

Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates. In comparison, using Shor's algorithm to break the RSA algorithm requires 4098 qubits and 5.2 trillion Toffoli gates for a 2048-bit RSA key, suggesting that ECC is an easier target for quantum computers than RSA. All of these figures vastly exceed any quantum computer that has ever been built, and estimates place the creation of such computers at a decade or more away.

Supersingular Isogeny Diffie–Hellman Key Exchange provides a post-quantum secure form of elliptic curve cryptography by using isogenies to implement Diffie–Hellman key exchanges. This key exchange uses much of the same field arithmetic as existing elliptic curve cryptography and requires computational and transmission overhead similar to many currently used public key systems.

In August 2015, the NSA announced that it planned to transition "in the not distant future" to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy."


 Grin
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 18, 2021, 03:51:11 AM
i know python scripts, already have it too, but for asking about c script, it will faster then python

Most likely you will have to pay someone to make such a program for you as almost all of us are too busy with side projects and/or our personal lives and matters to work on something as complex as a C program (they'd also have to make the makefile too).
newbie
Activity: 9
Merit: 0
October 17, 2021, 04:42:10 AM
There is already a small python script for your needs here in this thread.
i know python scripts, already have it too, but for asking about c script, it will faster then python
a.a
member
Activity: 126
Merit: 36
October 17, 2021, 03:25:59 AM
There is already a small python script for your needs here in this thread.
newbie
Activity: 9
Merit: 0
October 17, 2021, 01:38:49 AM
Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.
any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt


So halve -i input.txt divide by 2 = -o output.txt ?
yes
i think all cuda developers here, maybe no one have time for write small script in c for halve pubkeys by file ?
newbie
Activity: 9
Merit: 0
October 16, 2021, 01:20:18 AM
Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.
any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt


So halve -i input.txt divide by 2 = -o output.txt ?
yes
full member
Activity: 1232
Merit: 242
Shooters Shoot...
October 15, 2021, 11:23:09 PM
Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.
any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt


So halve -i input.txt divide by 2 = -o output.txt ?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 15, 2021, 09:57:07 PM
notatTether posted a python Script some time ago. But i also have a Javascript Version of it, which can be made to be an standalone executable. interested?

Definitely. Compiled Node is much faster than any Python script I can throw at here.

How did you make it?
a.a
member
Activity: 126
Merit: 36
October 15, 2021, 03:20:20 PM
notatTether posted a python Script some time ago. But i also have a Javascript Version of it, which can be made to be an standalone executable. interested?
newbie
Activity: 9
Merit: 0
October 15, 2021, 05:46:32 AM
Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.
any c language script for halve pubkeys with input file ( pubkeys) and output file ( pubkwys) ( for linux )

example
./halve -i inputfile.txt -o output.txt
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 14, 2021, 01:39:56 PM
Do you put a private key or public key in the input.txt because I used 1 public key. When I ran the script it gave me just 1 public key.

Oh you just use public keys.

Just change the nkeys variable at the top to be the number of keys you want to receive (and make sure bits_toinspect is greater than or equal to log2(nkeys).)

That's equivalent to knowing the very lowest bit of the private key so you've effectively reduced your search range by a power of 2 e.g. 2^60 --- 2^59. It's not useful enough in a practical setting though. Not to mention there isn't a foolproof way to guess the private key's parity in the first place.

Do you have an example of that?

Example of which one? You are quoting two different problems here. The latter one is "how to guess the lowest bit of all PKs with 100% confidence" which is impossible to do.
a.a
member
Activity: 126
Merit: 36
October 14, 2021, 12:56:23 PM
Take the privatekey of 4. Half it, you get 2. Take the privatekey of 5 you get 2.5. 2.5 means, 2 + N/2. To get the "half" you subtract 1 and then halve it and get 2.

So if you can determine if the lowest bit is 0 or 1 you can half it properly. But there is no method to determine 0 or 1. Thats why you can theoretically halve multiple times but have to use the false keys. Like you take a big number with 2^120 bit, and can halve it and get two keys were you know one is 2^119 and one is "wrong". Use both keys and halve them. You know one is 2^118 and three are false. Take those four keys and halve them again, one is 2^117 and 7 are false.

So you get exponentially more keys each halving. Which is useful for e.g. 2^60 as you can get 2^45 with 2^15 (15 times halved, you can do more halvings if you like) potential keys to check in very few minutes. But you can not do it with 2^120 as you still get 2^105 range with 2^15 keys, which takes still a long time to crack. Doing 2^120 halvings is basically bruteforcing the key.
full member
Activity: 706
Merit: 111
October 14, 2021, 10:05:08 AM
Do you put a private key or public key in the input.txt because I used 1 public key. When I ran the script it gave me just 1 public key.

Oh you just use public keys.

Just change the nkeys variable at the top to be the number of keys you want to receive (and make sure bits_toinspect is greater than or equal to log2(nkeys).)

That's equivalent to knowing the very lowest bit of the private key so you've effectively reduced your search range by a power of 2 e.g. 2^60 --- 2^59. It's not useful enough in a practical setting though. Not to mention there isn't a foolproof way to guess the private key's parity in the first place.

Do you have an example of that?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 14, 2021, 03:02:11 AM
~

Bro, Hello.

How to check only 1,2,3 pubkeys with this scrypt ? Without random ganeration, and without many publick keys ?

Thx

By placing just the 3 public keys in input.txt file and adjusting the "nsamples" (or maybe it was called "nkeys") parameter in the script to be just 1,2,3 or like that, to print that many divisions per key.
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
October 14, 2021, 01:22:44 AM
full member
Activity: 162
Merit: 230
October 12, 2021, 07:14:31 AM
If I need to find just one private key somewhere in 256bit space does it have a meaning to use gpu? Or cpu is enough?

At the moment it is impossible to find a 256 bit private key, it takes thousands of the most powerful GPUs and a lot of time.

That's not even close. It takes more than a quintillion of the most powerful GPUs running for 1000 YEARS to find a single 256 bit private key. And that is with Kangaroo/BSGS methods.
member
Activity: 174
Merit: 12
October 12, 2021, 01:15:35 AM
If I need to find just one private key somewhere in 256bit space does it have a meaning to use gpu? Or cpu is enough?

At the moment it is impossible to find a 256 bit private key, it takes thousands of the most powerful GPUs and a lot of time.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 12, 2021, 12:28:05 AM
Do you put a private key or public key in the input.txt because I used 1 public key. When I ran the script it gave me just 1 public key.

Oh you just use public keys.

Just change the nkeys variable at the top to be the number of keys you want to receive (and make sure bits_toinspect is greater than or equal to log2(nkeys).)

Does it have any REAL value other than purely statistical?

Yes, provided I can figure out how to jump from one low std. deviation key to the next without pregenerating them all. [and without too much computational increase from addition].

I have a newbie question.
If I need to find just one private key somewhere in 256bit space does it have a meaning to use gpu? Or cpu is enough?
When gpu is used either for bsgs or kangaroo how many % of gpu power is used? Because if I am not wrong common gpu has got hundrets to thousands cores but over here in forum I could see examples running just a few threads on gpu? How is it? What is the principle for gpu usage? Each core mskes exactly the same task just for different interval?

GPU cores get dozens of smaller ranges loaded in them at once, these get searched quickly so that they can be loaded again, that's why GPUs are much faster than CPU.
Pages:
Jump to: