Pollard's kangaroo ECDLP solver - page 39.

wedom

jr. member

Activity: 48

Merit: 11

Quote from: NotATether on September 07, 2021, 07:27:30 AM

...
Here's the thing about multiplication. It does not work between two public keys, which means you cannot multiply a public key by another public key, and that causes the whole method to fall apart. Sure, you end up with a lot of keys, but there is little to nothing else you can do with them.

I've been helping someone about this (trying to do exactly what you are saying is possible) by email for days before we reached this conclusion and try to use another attack method.
...

Until the moment we multiply the number by the point, we work with numbers. Perhaps he first generates all keys 1024^2 and 1024^3 in numbers and this allows him to multiply them. Only at the last step does he multiply by a point and get the public keys

wedom

jr. member

Activity: 48

Merit: 11

Quote from: ssxb on September 07, 2021, 06:38:08 AM

guys good news today i find 2 more ranges and where they are on the curve , today is celebration day for me , as i know total 3 ranges inside divisor , need to figure out other 29 ranges Grin

math is beautiful Kiss

Is this what you are looking for?

N=115792089237316195423570985008687907852837564279074904382605163141518161494337
for i in range(32):
print(i, hex((((N-1)//32)*i+1)%N))

Code:

0 0x1
1 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20b
2 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036415
3 0x17ffffffffffffffffffffffffffffffe18064b5a06ecf0599fbb8dd3385161f
4 0x1fffffffffffffffffffffffffffffffd755db9cd5e9140777fa4bd19a06c829
5 0x27ffffffffffffffffffffffffffffffcd2b52840b63590955f8dec600887a33
6 0x2fffffffffffffffffffffffffffffffc300c96b40dd9e0b33f771ba670a2c3d
7 0x37ffffffffffffffffffffffffffffffb8d640527657e30d11f604aecd8bde47
8 0x3fffffffffffffffffffffffffffffffaeabb739abd2280eeff497a3340d9051
9 0x47ffffffffffffffffffffffffffffffa4812e20e14c6d10cdf32a979a8f425b
10 0x4fffffffffffffffffffffffffffffff9a56a50816c6b212abf1bd8c0110f465
11 0x57ffffffffffffffffffffffffffffff902c1bef4c40f71489f050806792a66f
12 0x5fffffffffffffffffffffffffffffff860192d681bb3c1667eee374ce145879
13 0x67ffffffffffffffffffffffffffffff7bd709bdb735811845ed766934960a83
14 0x6fffffffffffffffffffffffffffffff71ac80a4ecafc61a23ec095d9b17bc8d
15 0x77ffffffffffffffffffffffffffffff6781f78c222a0b1c01ea9c5201996e97
16 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1
17 0x87ffffffffffffffffffffffffffffff532ce55a8d1e951fbde7c23ace9cd2ab
18 0x8fffffffffffffffffffffffffffffff49025c41c298da219be6552f351e84b5
19 0x97ffffffffffffffffffffffffffffff3ed7d328f8131f2379e4e8239ba036bf
20 0x9fffffffffffffffffffffffffffffff34ad4a102d8d642557e37b180221e8c9
21 0xa7ffffffffffffffffffffffffffffff2a82c0f76307a92735e20e0c68a39ad3
22 0xafffffffffffffffffffffffffffffff205837de9881ee2913e0a100cf254cdd
23 0xb7ffffffffffffffffffffffffffffff162daec5cdfc332af1df33f535a6fee7
24 0xbfffffffffffffffffffffffffffffff0c0325ad0376782ccfddc6e99c28b0f1
25 0xc7ffffffffffffffffffffffffffffff01d89c9438f0bd2eaddc59de02aa62fb
26 0xcffffffffffffffffffffffffffffffef7ae137b6e6b02308bdaecd2692c1505
27 0xd7fffffffffffffffffffffffffffffeed838a62a3e5473269d97fc6cfadc70f
28 0xdffffffffffffffffffffffffffffffee3590149d95f8c3447d812bb362f7919
29 0xe7fffffffffffffffffffffffffffffed92e78310ed9d13625d6a5af9cb12b23
30 0xeffffffffffffffffffffffffffffffecf03ef184454163803d538a40332dd2d
31 0xf7fffffffffffffffffffffffffffffec4d965ff79ce5b39e1d3cb9869b48f37

a.a

member

Activity: 126

Merit: 36

This is "just" a memory - cpu tradeoff.

Its like: If you generate all privatekeys and the corresponding public key to a lookup table, which would be a database with 2^256 entries, than you have a runtime of O(x) = 1.

Here you halve the potential processing time by 2 per bitshift. So yeah... bit shifting 10x results in 10 times (2^10 times?) faster pollard rho. But you need 2^10 more memory. Like you need 1kb ram for 1 pubkey, but need 2^10 kb = 1024 kb for shifting 10 bits.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: ssxb on September 07, 2021, 07:10:50 AM

i guess not useless , as he told

use 1024 divisor = A
than 1024*1024 divisor =B

than addition , multiplication of A and B with each other will give you significantly low number of keys , i guess this make sense but he need to explain more or perhaps some script

Here's the thing about multiplication. It does not work between two public keys, which means you cannot multiply a public key by another public key, and that causes the whole method to fall apart. Sure, you end up with a lot of keys, but there is little to nothing else you can do with them.

I've been helping someone about this (trying to do exactly what you are saying is possible) by email for days before we reached this conclusion and try to use another attack method.

ssxb

jr. member

Activity: 81

Merit: 2

Quote from: NotATether on September 07, 2021, 06:48:17 AM

Quote from: ssxb on September 07, 2021, 06:27:16 AM

brainless talked about reducing the number of keys but he never shared how can we (working script) , perhaps i will figure out something better soon Grin

IA

As I wrote earlier, that method is useless, because it increases the range of the generated keys.

i guess not useless , as he told

use 1024 divisor = A
than 1024*1024 divisor =B

than addition , multiplication of A and B with each other will give you significantly low number of keys , i guess this make sense but he need to explain more or perhaps some script

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: ssxb on September 07, 2021, 06:27:16 AM

brainless talked about reducing the number of keys but he never shared how can we (working script) , perhaps i will figure out something better soon Grin

IA

As I wrote earlier, that method is useless, because it increases the range of the generated keys.

dextronomous

full member

Activity: 431

Merit: 105

Quote from: ssxb on September 07, 2021, 06:27:16 AM

Quote from: NotATether on September 07, 2021, 03:05:51 AM

Quote from: dextronomous on September 06, 2021, 08:52:32 PM

NotAThether, was thinking, not a programmer.

but can someone make pollard kangaroo, with thinking about the manually inputted lesser divisor, like 32 bits less, or whatever bit,
"range" so this would require user input, then start the kangaroo search, while this lower point found fast, beep, notification whatsoever,
directly calculate the higher divised pubkey without user input, putting those correct pk's inside file found, and on screen,
sound great doesn't it.
guessing would require some work, but seeing what you guys calculate for fun here, guess would be possible.

Yeah this is definitely possible. Hell, the division-splitting can even be integrated right into JLP Kangaroo (and then you can just use Birthday paradox to search for a handful of public keys at once), eliminating the need for another script.

dont forget you will have only one key in 5 bit below range Grin

other all keys will be on the curve but not below of 5 bit Grin

, in this case you need to load all 33 keys in the program and start searching but expect only one key to be hit. chances to hit one key in big range is fool idea, so my suggestion is

if loading multiple keys will not impact speed of your program do the divisor for 30 (33554432) bit down and load all keys , still one key will be below 30 bit but you will have less total keys in range as compared to original target range ~~~ perhaps this will increase the chance.

brainless talked about reducing the number of keys but he never shared how can we (working script) , perhaps i will figure out something better soon Grin

IA

can use all coders, ssxb, got system with tons of memory, and nice gpu settings here, will bsgs on that one in a minute all the way up to 80 bits, or use jlp kangs. or kangrand from iceland, to find all keys at one go.

ssxb

jr. member

Activity: 81

Merit: 2

guys good news today i find 2 more ranges and where they are on the curve , today is celebration day for me , as i know total 3 ranges inside divisor , need to figure out other 29 ranges Grin

math is beautiful Kiss

ssxb

jr. member

Activity: 81

Merit: 2

Quote from: NotATether on September 07, 2021, 03:05:51 AM

Quote from: dextronomous on September 06, 2021, 08:52:32 PM

NotAThether, was thinking, not a programmer.

but can someone make pollard kangaroo, with thinking about the manually inputted lesser divisor, like 32 bits less, or whatever bit,
"range" so this would require user input, then start the kangaroo search, while this lower point found fast, beep, notification whatsoever,
directly calculate the higher divised pubkey without user input, putting those correct pk's inside file found, and on screen,
sound great doesn't it.
guessing would require some work, but seeing what you guys calculate for fun here, guess would be possible.

Yeah this is definitely possible. Hell, the division-splitting can even be integrated right into JLP Kangaroo (and then you can just use Birthday paradox to search for a handful of public keys at once), eliminating the need for another script.

dont forget you will have only one key in 5 bit below range Grin

other all keys will be on the curve but not below of 5 bit Grin

, in this case you need to load all 33 keys in the program and start searching but expect only one key to be hit. chances to hit one key in big range is fool idea, so my suggestion is

if loading multiple keys will not impact speed of your program do the divisor for 30 (33554432) bit down and load all keys , still one key will be below 30 bit but you will have less total keys in range as compared to original target range ~~~ perhaps this will increase the chance.

brainless talked about reducing the number of keys but he never shared how can we (working script) , perhaps i will figure out something better soon Grin

IA

dextronomous

full member

Activity: 431

Merit: 105

Quote from: NotATether on September 07, 2021, 03:05:51 AM

Quote from: dextronomous on September 06, 2021, 08:52:32 PM

NotAThether, was thinking, not a programmer.

but can someone make pollard kangaroo, with thinking about the manually inputted lesser divisor, like 32 bits less, or whatever bit,
"range" so this would require user input, then start the kangaroo search, while this lower point found fast, beep, notification whatsoever,
directly calculate the higher divised pubkey without user input, putting those correct pk's inside file found, and on screen,
sound great doesn't it.
guessing would require some work, but seeing what you guys calculate for fun here, guess would be possible.

Yeah this is definitely possible. Hell, the division-splitting can even be integrated right into JLP Kangaroo (and then you can just use Birthday paradox to search for a handful of public keys at once), eliminating the need for another script.

How can i help test, add, can help will test 2day starting now

a.a

member

Activity: 126

Merit: 36

Actually... I dont trust the numbers. It happened to me multiple times too. I had broken code, which resulted basically in an empty for loop. Then I got fictive numbers like those, showing me 1 TH/s, despite there was actually no cracking in process except incrementing the processed key counter.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: dextronomous on September 06, 2021, 08:52:32 PM

NotAThether, was thinking, not a programmer.

but can someone make pollard kangaroo, with thinking about the manually inputted lesser divisor, like 32 bits less, or whatever bit,
"range" so this would require user input, then start the kangaroo search, while this lower point found fast, beep, notification whatsoever,
directly calculate the higher divised pubkey without user input, putting those correct pk's inside file found, and on screen,
sound great doesn't it.
guessing would require some work, but seeing what you guys calculate for fun here, guess would be possible.

Yeah this is definitely possible. Hell, the division-splitting can even be integrated right into JLP Kangaroo (and then you can just use Birthday paradox to search for a handful of public keys at once), eliminating the need for another script.

dextronomous

full member

Activity: 431

Merit: 105

NotAThether, was thinking, not a programmer.

but can someone make pollard kangaroo, with thinking about the manually inputted lesser divisor, like 32 bits less, or whatever bit,
"range" so this would require user input, then start the kangaroo search, while this lower point found fast, beep, notification whatsoever,
directly calculate the higher divised pubkey without user input, putting those correct pk's inside file found, and on screen,
sound great doesn't it.
guessing would require some work, but seeing what you guys calculate for fun here, guess would be possible.

BitcoinADAB

copper member

Activity: 76

Merit: 11

Quote from: NotATether on September 06, 2021, 05:47:01 AM

Quote from: COBRAS on September 06, 2021, 05:29:17 AM

Why ? JeanLuck kangaroo keyrate is 1 Giga, I use kangaroo what 55 terra, and I was try BSGS what 500 Peta(but I no so like BSGS, kangaroo I like more), so WanderingPhilospher make his own soft what has exakeys... If you use dead software this not meant what other uses so software 2.

Well you might be right about BSGS (but I have never used that software before so take this with a grain of salt), but I don't think you can hit 55 terakeys per second on kangaroo without a GPU farm and leverage the kangaroo server feature.

Maybe they have ...

Quote from: BitcoinADAB on July 08, 2021, 01:02:00 PM

Do you know, if there are already asics like these

not to mine coins but for point addition?

Alpaste

jr. member

Activity: 37

Merit: 1

Yes, ok but could you share us the program? which program is this..

COBRAS

member

Activity: 873

Merit: 22

$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk

Quote from: NotATether on September 06, 2021, 05:47:01 AM

Quote from: COBRAS on September 06, 2021, 05:29:17 AM

Why ? JeanLuck kangaroo keyrate is 1 Giga, I use kangaroo what 55 terra, and I was try BSGS what 500 Peta(but I no so like BSGS, kangaroo I like more), so WanderingPhilospher make his own soft what has exakeys... If you use dead software this not meant what other uses so software 2.

Well you might be right about BSGS (but I have never used that software before so take this with a grain of salt), but I don't think you can hit 55 terakeys per second on kangaroo without a GPU farm and leverage the kangaroo server feature.

see this again:

[55.22 TeraKeys/s][Kang 3072][Count 2^27.92/2^29.06][Elapsed 48s][Dead 0][RAM 25.8MB/44.7MB] This is absolute normal keyrate, but not comfortable for work. Yes, I hope wanderPhilisopher will help and we share with him 1.2 BTC 50/50%.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: COBRAS on September 06, 2021, 05:29:17 AM

Why ? JeanLuck kangaroo keyrate is 1 Giga, I use kangaroo what 55 terra, and I was try BSGS what 500 Peta(but I no so like BSGS, kangaroo I like more), so WanderingPhilospher make his own soft what has exakeys... If you use dead software this not meant what other uses so software 2.

Well you might be right about BSGS (but I have never used that software before so take this with a grain of salt), but I don't think you can hit 55 terakeys per second on kangaroo without a GPU farm and leverage the kangaroo server feature.

COBRAS

member

Activity: 873

Merit: 22

$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk

Quote from: NotATether on September 06, 2021, 05:05:14 AM

Quote from: WanderingPhilospher on September 05, 2021, 10:13:53 PM

I will find it...for the team...for the win!! With my new program that does not require DPs or RAM. It just searches for xpoint and let's every thread just EAT!

Working on xPoint: c95ba9e6a637e739d13a6d036507ecc37a70c26e68ac7e5f157268311c6c3938
Using [Number of CPU Threads: 0] [DP size: n/a]
Using GPU [GPU Id 0 RTX 3070]
............................................
Scanning Range 0x1 : 0x1124bff742a76f92fa3a76f8f6552f
[2714579271.01 TeraKeys/s] [Elapsed 4:26][RAM n/a]

LOL

, nice try with the speed doctoring WP.

For real though, I think the number of points is much smaller than the number of privkeys, because you can exclude invalid points on the curve when searching for xpoint.

Quote from: Alpaste on September 06, 2021, 05:03:20 AM

Please guys share us the program that does 2714579271.01Tera/s
What kind of program is this? how does it search with such a very huge fast speed?
many thanks

I think it was just a prank, there is no way to make a program that can search

2714.57927101

exakeys per second.

Why ? JeanLuck kangaroo keyrate is 1 Giga, I use kangaroo what 55 terra, and I was try BSGS what 500 Peta(but I no so like BSGS, kangaroo I like more), so WanderingPhilospher make his own soft what has exakeys... If you use dead software this not meant what other uses so software 2.

Alpaste

jr. member

Activity: 37

Merit: 1

Yes i think too it's a prank.
there's no way that a program can search THIS much addreseses/s

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: WanderingPhilospher on September 05, 2021, 10:13:53 PM

I will find it...for the team...for the win!! With my new program that does not require DPs or RAM. It just searches for xpoint and let's every thread just EAT!

Working on xPoint: c95ba9e6a637e739d13a6d036507ecc37a70c26e68ac7e5f157268311c6c3938
Using [Number of CPU Threads: 0] [DP size: n/a]
Using GPU [GPU Id 0 RTX 3070]
............................................
Scanning Range 0x1 : 0x1124bff742a76f92fa3a76f8f6552f
[2714579271.01 TeraKeys/s] [Elapsed 4:26][RAM n/a]

LOL

, nice try with the speed doctoring WP.

For real though, I think the number of points is much smaller than the number of privkeys, because you can exclude invalid points on the curve when searching for xpoint.

Quote from: Alpaste on September 06, 2021, 05:03:20 AM

Please guys share us the program that does 2714579271.01Tera/s
What kind of program is this? how does it search with such a very huge fast speed?
many thanks

I think it was just a prank, there is no way to make a program that can search

2714.57927101

exakeys per second.

Topic: Pollard's kangaroo ECDLP solver - page 39. (Read 60381 times)