I have a newbie question.
If I need to find just one private key somewhere in 256bit space does it have a meaning to use gpu? Or cpu is enough?
When gpu is used either for bsgs or kangaroo how many % of gpu power is used? Because if I am not wrong common gpu has got hundrets to thousands cores but over here in forum I could see examples running just a few threads on gpu? How is it? What is the principle for gpu usage? Each core mskes exactly the same task just for different interval?
Topic: Pollard's kangaroo ECDLP solver - page 27. (Read 60037 times)
Do you put a private key or public key in the input.txt because I used 1 public key. When I ran the script it gave me just 1 public key.
Oh you just use public keys.
Just change the nkeys variable at the top to be the number of keys you want to receive (and make sure bits_toinspect is greater than or equal to log2(nkeys).)
Does it have any REAL value other than purely statistical?
Do you put a private key or public key in the input.txt because I used 1 public key. When I ran the script it gave me just 1 public key.
Oh you just use public keys.
Just change the nkeys variable at the top to be the number of keys you want to receive (and make sure bits_toinspect is greater than or equal to log2(nkeys).)
What does Std. Deviation: 1.1902380714238083 mean?
That it's likely a human-generated private key.
The standard deviations start from 0 to just over +-1, where +-1 (and above) mean that the key is definitely human-generated and 0 means it's definitely computer-generated.
None of the keys have std. deviation = 0 because you can never be quite sure whether a computer really did generate a key. But at low std. deviations you can be sure that the private key resembles as much as a random private key as possible.
Do you put a private key or public key in the input.txt because I used 1 public key. When I ran the script it gave me just 1 public key.
What does Std. Deviation: 1.1902380714238083 mean?
That it's likely a human-generated private key.
The standard deviations start from 0 to just over +-1, where +-1 (and above) mean that the key is definitely human-generated and 0 means it's definitely computer-generated.
None of the keys have std. deviation = 0 because you can never be quite sure whether a computer really did generate a key. But at low std. deviations you can be sure that the private key resembles as much as a random private key as possible.
Anyway, this is the script I promised I'd show you guys in my previous post: https://gist.github.com/ZenulAbidin/cbe69f8a2496514773140516e3666519
You give it any public key in the file input.txt, adjust the script values such as the number of trailing bits, number of results etc. and it will print you the list of most likely public keys.
Warning: bit numbers >20 will cause you to run out of memory fast. Also it might take about an hour or so to complete depending on the bit size. I am working on a fix for both of these.
What does Std. Deviation: 1.1902380714238083 mean?
PureBasic executables get false positives by AV heuristic cause some ransomware used PureBasic. You can search it with google.
Hmm.
One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
What do you think, why there are no sources attached?
How do you know what that program does?
I create new topic for BSGS cuda https://bitcointalk.org/index.php?topic=5364845.new#new
Because i don`t want to make offtop on this thread.
Because i don`t want to make offtop on this thread.
Why no linux version ?
I think Etar only does Windows releases.
Anyway, this is the script I promised I'd show you guys in my previous post: https://gist.github.com/ZenulAbidin/cbe69f8a2496514773140516e3666519
You give it any public key in the file input.txt, adjust the script values such as the number of trailing bits, number of results etc. and it will print you the list of most likely public keys.
Warning: bit numbers >20 will cause you to run out of memory fast. Also it might take about an hour or so to complete depending on the bit size. I am working on a fix for both of these.
-snip-
One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
Can`t say. I use PBv5.31 to compile app. It is licensed version(not cracked or so.) But I think if the other more well-known antiviruses did not find anything, then this is a false alarm. And so decide for yourself.One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
I wouldn't worry about it given that only 3 obscure AV vendors flagged it. Perhaps they don't like CPU-intensive loops with multiple threads.
I put source files to the github, so anybody can compile by self.
-snip-
One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
Can`t say. I use PBv5.31 to compile app. It is licensed version(not cracked or so.) But I think if the other more well-known antiviruses did not find anything, then this is a false alarm. And so decide for yourself.One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
Trojan:Win32/Sabsik.FT.A!ml , this one is found by windows,
etayson love your software man, the previous server software great.
now this one greatest, thanks a lot, hope false positive obviously.
etayson love your software man, the previous server software great.
now this one greatest, thanks a lot, hope false positive obviously.
-snip-
One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
Can`t say. I use PBv5.31 to compile app. It is licensed version(not cracked or so.) But I think if the other more well-known antiviruses did not find anything, then this is a false alarm. And so decide for yourself. One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
--snip--
If you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
Ready for testing https://github.com/Etayson/BSGS-cuda/releasesIf you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
Source code will be available after testing and fix bugs.
Hmm.
One of the anti-viruses found a trojan: TrojanSpy.Carberp.eut
I have no complaints. Just wondering why.
https://www.virustotal.com/gui/file/d92bd6d9ff7f2f6239b731d3529dfd6827e9d6ce853a115a768d0f16fc799126
--snip--
If you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
Ready for testing https://github.com/Etayson/BSGS-cuda/releasesIf you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
Source code will be available after testing and fix bugs.
Why no linux version ?
Br.
~snip
By the position of the publickey in the list, I can determine according to the method of NotATether the privatekey (did not unterstand it actually... lol). Or I just bit shift the input and output 16 times by 2 getting actually generate a "decision tree". Then I only need to follow the decision tree and get the correct private key.
~
By the position of the publickey in the list, I can determine according to the method of NotATether the privatekey (did not unterstand it actually... lol). Or I just bit shift the input and output 16 times by 2 getting actually generate a "decision tree". Then I only need to follow the decision tree and get the correct private key.
~
Isn't this just a more complicated meet in the middle attack? Another alternative method that also works:
Generate public keys p - 0 .... p - 65535
One of those public keys is guaranteed to have a private key with the lower 16 bits all zeroed out, thus divisible by 65536
Then just calculate private keys with stride 65536: 1 * 65536, 2 * 65536 ..... up until 2^24 * 65536 and match against your generated keys
The issue here is: 1. you need a known public key (not just an address) and 2. as you move up in key size, you need insane storage requirements, like for a 120 bit key the most optimal solution is to generate 2^60 public keys and match those against 2^60 private keys
....which is comparable to what kangaroo already does, but kangaroo doesn't have that large memory requirement.
Except you don't need to calculate all keys with stride 65536 - we know that RNG software will (practically) never generate predictable keys that look like 11111100000 and like that so we measure how "random" a public key looks, by calculating the mean number of sequences (2 1-bits, 3 0-bits, and others) and store them in a vector, then for any PK we want to check we place it as another vector next to that one like this:
[mean sample]
And compute the avg. std. deviation of that by computing column-wise variance to get 1-column vector [ variance ], then take the mean of all values of that vector, then compute the square root.
The result is a coefficient that tells us how "random-looking" the PK is.
Now if we sort by coefficient, we can eliminate a bunch of stride amounts that give us absurd private keys like the one above. The question is now what is the function that will increment the stride to the next one based on random-looking coefficient?
I have a script for the coefficient calculation and it's working, but I'm on mobile right now so I have to wait to share it later.
--snip--
If you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
Ready for testing https://github.com/Etayson/BSGS-cuda/releasesIf you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
Source code will be available after testing and fix bugs.
Have a some progress in BSGS for cuda.
Binary search replace with hashtable and after this results is:
With single 2080ti, 570Mgiantstep with 2^26 babysteps HT find key in 338 seconds (start from 49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000)
With 6x660super, 270Mgiantstep per card with 2^26 babysteps HT find key in 117 seconds (start from 49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000)
Much better than before.
Binary search replace with hashtable and after this results is:
With single 2080ti, 570Mgiantstep with 2^26 babysteps HT find key in 338 seconds (start from 49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000)
Code:
GPU #0 Cnt:000000000000000000000000000000000000000000000000bac8c00000000001 570MKey/s x67108864 2^29.16 x2^26=2^55.16
***********GPU#0************
Total solutions: 2
KEY!!>49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5ebb3ef3883c1866d4
Pub: 59a3bfdad718c9d3fac7c187f1139f0815ac5d923910d516e186afda28b221dc994327554ced887aae5d211a2407cdd025cfc3779ecb9c9d7f2f1a1ddf3e9ff8
****************************
Found in 338 seconds
GPU #0 finished
cuda finished ok
With 6x660super, 270Mgiantstep per card with 2^26 babysteps HT find key in 117 seconds (start from 49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000)
Code:
GPU #3 Cnt:000000000000000000000000000000000000000000000000b96a000000000001 272MKey/s x67108864 2^28.09 x2^26=2^54.09
GPU #0 Cnt:000000000000000000000000000000000000000000000000b340000000000001 259MKey/s x67108864 2^28.02 x2^26=2^54.02
GPU #1 Cnt:000000000000000000000000000000000000000000000000ba6e000000000001 274MKey/s x67108864 2^28.10 x2^26=2^54.10
GPU #2 Cnt:000000000000000000000000000000000000000000000000b398000000000001 270MKey/s x67108864 2^28.08 x2^26=2^54.08
***********GPU#3************
Total solutions: 2
GPU #4 Cnt:000000000000000000000000000000000000000000000000bcf0000000000001 269MKey/s x67108864 2^28.08 x2^26=2^54.08
GPU #5 Cnt:000000000000000000000000000000000000000000000000c3fa000000000001 284MKey/s x67108864 2^28.15 x2^26=2^54.15
GPU #0 Cnt:000000000000000000000000000000000000000000000000b658000000000001 261MKey/s x67108864 2^28.03 x2^26=2^54.03
KEY!!>49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5ebb3ef3883c1866d4
Pub: 59a3bfdad718c9d3fac7c187f1139f0815ac5d923910d516e186afda28b221dc994327554ced887aae5d211a2407cdd025cfc3779ecb9c9d7f2f1a1ddf3e9ff8
****************************
Found in 117 seconds
If you need help testing I am sure there are 70+ people WANTING to test
additionally if you do want to test speeds I have an RTX 3070
You could give me your 40 bit public key. But cracking it is kind of waste of time, as I would need to do alot manually, you know...
But how to crack it:
I would bit shift your public key by 65536 ( 2 ^ 16). I will then have 65536 pubkeys and one of them is in range 2 ^ 24. I will run it on BitCrack and get the key in 2 ^24. By the position of the publickey in the list, I can determine according to the method of NotATether the privatekey (did not unterstand it actually... lol). Or I just bit shift the input and output 16 times by 2 getting actually generate a "decision tree". Then I only need to follow the decision tree and get the correct private key.
So instead of having to crack a 2^40 key (1,099511628×10¹² possibilities), i only need to crack a 2^24 key (16777216 possibilities). So with my Vega 56 and 300 MKey/s I would need for the 2 ^ 40 about an hour and for the 2 ^24 keys only 1 second. So if my programm is doing everything automatically, it would take about 1 second to crack a 2^40 key.
But how to crack it:
I would bit shift your public key by 65536 ( 2 ^ 16). I will then have 65536 pubkeys and one of them is in range 2 ^ 24. I will run it on BitCrack and get the key in 2 ^24. By the position of the publickey in the list, I can determine according to the method of NotATether the privatekey (did not unterstand it actually... lol). Or I just bit shift the input and output 16 times by 2 getting actually generate a "decision tree". Then I only need to follow the decision tree and get the correct private key.
So instead of having to crack a 2^40 key (1,099511628×10¹² possibilities), i only need to crack a 2^24 key (16777216 possibilities). So with my Vega 56 and 300 MKey/s I would need for the 2 ^ 40 about an hour and for the 2 ^24 keys only 1 second. So if my programm is doing everything automatically, it would take about 1 second to crack a 2^40 key.
Isn't this just a more complicated meet in the middle attack? Another alternative method that also works:
Generate public keys p - 0 .... p - 65535
One of those public keys is guaranteed to have a private key with the lower 16 bits all zeroed out, thus divisible by 65536
Then just calculate private keys with stride 65536: 1 * 65536, 2 * 65536 ..... up until 2^24 * 65536 and match against your generated keys
The issue here is: 1. you need a known public key (not just an address) and 2. as you move up in key size, you need insane storage requirements, like for a 120 bit key the most optimal solution is to generate 2^60 public keys and match those against 2^60 private keys
....which is comparable to what kangaroo already does, but kangaroo doesn't have that large memory requirement.
Jump to: