Topic: Pollard's kangaroo ECDLP solver - page 32. (Read 58537 times)

chit chat he is adding and subtracting ~ dont worry he got no working method and by knowing private key and than start doing addition or subtraction is bad idea as you will know each stage where keys are going and you can modify the values to get the desire output to say wooowww to your self "i did it" is some high level shit  

as i told you working blindly on public key is real skill but you will never know where you will land even if you know where you landed still range number will stab you in back so chill and drink soda while BSGS are running hahahaha  

Can somebody please explain what the "brainless"-method is?

What is he adding and subtracting? WTF. Can somebody provide an example?

this is possible but not the way he explained.

which way you got?

it is very difficult to guess specific range where you can start searching your calculated keys. perhaps you will guess 10 keys are in 110 range but they are not there


correct

input:

..d13 is 4 and ...fe4 is 5

output:

02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5 is 2

Because i know 4 is even, i know it has to be the first pubkey. Because i know 5 is odd, I know it has to be the second key.

The problem is, that in bigger numbers, you can not determine if it is odd or even.

See,if I add the pubkey of 3

You see... You can not determine from the halve if it is the correct one.

You can always shift down a public key, aka halving a public key. You get two new public keys. But one is really halving and the other one is moving to the key middle range.

E.g.

You have the public key of 4 (binary represantation is 100). You halve it, and get the public key of 2 (10) and the public key of midrange - 2.
You have the public key of 5 (binary representation is 101). You halve it, and get the public key of public key of midrange - 2 or 3 and 2 (binary 10).

As you dont know the lowest bit, you can not determine which one of the pubkeys is the one you need. So you you have to take both and check them for the correct result.

maybe SSXB can explain this

How does this affect? Please explain in more detail..

ok which part doesn't make sense , if you asking about 1/720 keys part ~ that what brainless said in his previous posts. check his last posts and you will find these comments.

and if you ask me this is possible  or not? , yes this is possible but not the way he explained.

but there is one problem with my yes. it is very difficult to guess specific range where you can start searching your calculated keys. perhaps you will guess 10 keys are in 110 range but they are not there.

is that right ssxb?

ssxb

Your post makes not so much sense to me?!

How does brainless approach reduce the amount of public keys? Did you understand what he meant? Can you elaborate it further?

guys big lol here plus some explanation from my side.

the script shared by NotATether is just doing opposite of divisor it is increasing 5 bit and giving you last key 5 bit uper range. only difference is while doing divisor you will get 1 key from down 5 bit and other all from defined uper bits range on exact same distance from reference value of this formula


lets say we have key 10  and we do divisor of 10 so what we get is like this (just example)

upper reference range
210 ,  200   , 190 , 180 .................. until 10
assume after divisor each key will have 5 bit down from reference ranges based of exact same distance
205  ,  195 ,  185 , 175 .................  until 5

here is problem , position in 32 keys list is not always same so you cant guess which key is in which range at which position. but if you guess one key correctly which range that key is then you can find easily which is correct 5 bit down key at what position as all other keys ranges are always in sequence. if you do increment of one key all the keys will get increment as well and perhaps they will switch position also in divisor output.


now talk about NotATether script,

the script he posted is doing mod inverses and it is just multiplying value until reach 5 uper bit. (no one can get 120 how can they will get 125 lolololo)

exapmle

key is in 120 range and you used his script output will be

120, 121 , 122, 123, 124, 125 thats it . all 32 keys will be from 120 to 125 range and some range will have 2 or more keys. but guaranteed all keys will be between 120 ~ 125 range at known position as 125 bit will be at 32 position and divisor will have only one key from lower 5 bit guaranteed (not known position) and all other keys from exact same distance with upper reference range. hope you get the point.


now talk about brainless theory -


NotATether and brainless are misunderstanding each other brainless maybe joked that he reduced keys 720 by doing multiplication , addition and subtraction bla bla bla until 90 or 100 bit but NotATether  is insisting what he explained inside his posts is not a way & there is also no way to achieve that and perhaps he never achieved that one and just keep lying.

now what i think is brainless have to explain this to community


as how he claimed this one and plus dont forget he claimed before that he found the 120 key but no plan to cash it but same time he asked .75 bitcoin to provide 115 range one key to buy 3090 (WTF)

well i think i got headache now time to drink coffee 

Also dont forget:
The Problem we have is, that we don't know if the last bit is even or odd. If you know if the last bit is even or odd, you can crack any public key in no time.

@WanderingPhilosopher
If you store it in a file, you can lookup the position. But is there a formula for shifting it up by knowing the position of the pubkey?

@fxsniper

Do you read? It is a memory tradeoff! If you bitshift a 256 bit key 128 bit you will have 2^128 keys to check in a range of 1-2^128. 2^128 is how many petabytes???

Please inform yourself about ECDLP. I invested last few weeks in my freetime to understand how it works and what to do.

this is just idea think out of box from "subtracted" methods 

I don't know much about in deep of ECDLP
I know only basic, simple and overview about ECDLP

Did have some video or document description for learning ECDLP  from scratch? (include how to multiply private key to ECDLP step by step, I know how to using function but can not calculate by manual?

Can ECDLP can be scale?
y2=x3+0x+7(mod p)
Y^2 = X^3 + ax + b
(what correct formula of algorithm)

Now ECDLP is 256 bit right?
Can ECDLP scale down to 128 bit?
Can ECDLP scale up to 512 bit?

if can not, please ignore.
Just silly question?

if ECDLP can scale
Can possible to test ECDLP 128 bit for fast found then up scan it
or
Can possible to test ECDLP 512 bit for possible hit one and down scale it

I forget knowledge a lot it like brainwasher myself all about crypto (now like a newbies)

How can test and proof "subtracted" methods  it is work?
I would like to try and testing.

You just plug it back into your script that help you bitshift and you have the private key to the original 65 bit pub key. All that shifting back up, shorter pub key, etc. is over kill.

Sloooooooooooooooooooooooooow....lol

You can use just about any GPU cracking program to speed up the process versus slowed down multi pub python script.

Why would you need a decision tree? Once you find the pubkey/private key in the 24 bit range, you have solved the private key for the original 40 bit public key.

With 300 MKey/s it will be for me 1 hour.

2^40 = 1,099511628×10¹²

1,099511628×10¹² keys / 300000000 keys/s = 3665,038759253 s = 61 minutes


Well. we are cracking this puzzle currently, right . So as I wrote earlier, this bitshifting is a memory/processing performance tradeoff. The more you bitshift the more keys you have to check, till it is not practical anymore. So e.g. you could store 2^30 pubkeys into a bloom filter and need about 4 GB memory or 2 ^31 pubkeys and about 8 GB RAM or 2 ^32 pubkeys and about ....

So if you would have 65 bits, you would bitshift it by the amount of pubkeys you can effectively  store in your bloom filter. Lets say you can store 2 ^ 31 pubkeys in your bloom filter. Now you have only to generate the pubkeys and store them and crack them. Get the privatekey, shiftup and remove the first bits from the 65 bits of the pubkey and get a new shorter pubkey. Crack again like you did with the first bits. Shift up and remove the next bits. small amount of bits left, crack them. Now add privatekeys from the three rounds and voila you have the privatekey of the 65 bit in about an no time.

Maybe not as fast as BSGS or Kangaroo, but still faster then BruteForce. Also BSGS is possible to crack multiple keys, Kangaroo currently can only crack one pubkey at a time, so totally useless for this bitshifting operation.


lets say you want to crack 256 bit publickey. You could bitshift by lets say 30 bits. You would still need to bruteforce 226 bits. 

Thank you.
I translated it incorrectly at first, then I understood what was talking about and deleted my message.

I recently did a little research on private key generation via /dev/urandom. More than 100 million keys were used for the test. The bit allocation was about the same = 0.5
Maybe the old versions of OpenSSL, which were probably used in the puzzle creation, had some vulnerabilities and gave some deviation?