Topic: Pollard's kangaroo ECDLP solver - page 69. (Read 60698 times)

Is there actually a cracking tool with that name (by yourself?) or am I missing the pun? 

Don't say like that

it is no right no wrong

this is challenge not any brainless

Reverse I think is great to make people think hard and fine the way smarter

many smart people still do same  but they not say loud until success
PhD, Hacker, Research, Bug Bounty Program, Security, AI. research, Quantum, and more , fake satohi

still can possible because can calculate how long time need to solve success million years, world still nonstop running may be future bitcoin may be a toy for kiddy garden for calculate in future you next life million year

human do a lot crazy thing every days

while pandemic is not brainless

address => bitcrack ==> private key

public key ==> Pollard-kangaroo ==>  private key

public key hash ==> public key ==> Pollard-kangaroo ==>  private key

address/public key ==> brainless ==>  private key

I had all of that outlined in BSGS...I've already ran over 20k ranges. But to answer your question, whatever you are willing to wait on. If you need your computer to do other tasks every hour or two or three, then pick a range that your CPU/GPU can run under that time frame or else you will have to stop the process when and restart it if you need your PC before the range is checked.

You can't derive the public key from a public key hash.


I get you now, but it looks like the birthday paradox calculations are the only method we have remaining. In a way, this is what Bitcrack does: generating a bunch of points in a range, except it generates them linearly and in order, not sampling random points which would be the ideal case.

For an extremely small range, one could implement such a function that makes up to sqrt(n) points, but for arbitrary addresses that haven't been spent from we have a 2^255 range to look at.

You cannot run wild kangaroos without public key, because you don't know starting point for them.

If you know some address (or RIPEMD hash), you cannot calculate "next" or "previous" addresses. Every EC calculations requires point coordinates, which can be obtained from public or private keys only.

Without public key the only possible use of birthday paradox, which is used in kangaroo method, it is to generate random points in range, then calculate distances between them. According to the birthday paradox, you will require sqrt(range) points to solve the key. But, since calculating the distances between random points requires the same amount of computation as brute force, this makes such an algorithm inapplicable in this case.

Thank

I think for address not show public key (full) use bitcrack brute force directly may be easy than

address => bitcrack ==> private key

public key ==> Pollard-kangaroo ==>  private key

public key hash ==> public key ==> Pollard-kangaroo ==>  private key

problem bitcrack don't know scope of keyspace
if can possible get public key hash to public key may be can use kangaroo other option fine more use bitcrack

random public key => ripemd160 => public key

My bad, you are right. I mistakenly gave you the HASH160 of the public key instead of the key itself.

It is theoretically possible that during a tame and wild kangaroo collision test that the public key is hashed with SHA256d followed by RIPEMD160 to check these kind of hashes while still using the kangaroo method, however these would most certainly have to be GPU accelerated (will slow down the MKeys/s rate too much on CPU).

This is an incoming transaction, it contains a RIPEMD160 of the public key, which can be calculated from the address even without transactions.
Only outgoing transactions reveal the public key.

Its is double hashed (sha256 and ripemd160), so that is impossible in practice, even if an algorithm for finding collisions in one of the hashes will be invented.

Can possible brute force public key hash to public key?

Your particular address has one transaction https://www.blockchain.com/btc/tx/6abc9aca979647341389ca9ef69314fc1c01985d9c49574a2dfb83e867292798 where it is listed as an output. Blockchain.com shows the script used for each output and that script has the public key.

In this case:


In this case your public key is aceb7b66651b4ba5d371223582efdc39968402c5.

Thank you

I try to split large keyspace to small size and scan and random keyspace 

may be key space too small 100,000,000,000

now I use 2**56 = 72057594037927936

What recommend minimum for 2**120 =1329227995784915872903807060280344576 ?

2**32 = 4294967296
2**36 = 68719476736
2**40 = 1099511627776
2**50 = 1125899906842624
2**56 = 72057594037927936
2**64 = 18446744073709551616
2**72 = 4722366482869645213696
2**80 = 1208925819614629174706176
2**120 =1329227995784915872903807060280344576

2**120 and 2**160 is too high

Without seeing your start command I would guess you were searching a very small small range with a very low dp where a key did not exist.
The signals are the very low GOU speed, the low count, and the high dead kangaroos.  The dead kangaroos mean that either tames were colliding with tames, wilds colliding with wilds, or probably both.

for testing right
40 bit far from private key very fast to found easy


40bit
23D4A09295BE678B21A5F1DCEAE1F634A69C1B41775F680EBF8164266471401B
23D4A09295BE678B21A5F1DCEAE1F634A69C1B41775F680EBF8166266471401B
03CA5606A1E820E7A2F6BB3AB090E8ADE7B04A7E0B5909A68DDA2744AE3B8ECBFA

40bit
B09C765FA3DC6AD138A8D0DA17CD94306FBC32ACB3D67BC093936761CCC48769
B09C765FA3DC6AD138A8D0DA17CD94306FBC32ACB3D67BC093936961CCC48769
0294FF933DA0498859959225ED6A50D709A4D9C678705D72E9202A4852C8084D85

40bit
6B29781E725708AE4D94E13730A2718EE3383EA5D911E77D4C2A2ED0C99C1232
6B29781E725708AE4D94E13730A2718EE3383EA5D911E77D4C2A30D0C99C1232
03E87E83F871DF1439B7873B4AE449D15306CAFC53E03A06FFFB534B3BF25B58D8


64bit
6B29781E725708AE4D94E13730A2718EE3383EA5D911E77E4C2A2FD0C99C1232
6B29781E725708AE4D94E13730A2718EE3383EA5D911E77C4C2A2FD0C99C1232
03E87E83F871DF1439B7873B4AE449D15306CAFC53E03A06FFFB534B3BF25B58D8

my scan yesterday

SaveWork: save.work..............................done [300.4 MB] [05s] Wed Mar 17 09:03:32 2021
[0.14 MK/s][GPU 0.13 MK/s][Count 2^29.30][Dead 8862934][26:01 (Avg 00s)][270.7/346.2MB]

What mean Dead 8862934 ?

what do you want to do?

if you want to testing this software with you own bitcoin no transaction
yes, you can do it if you know private key , you own bitcoin you have private key and check you pub key like this website

https://learnmeabitcoin.com/technical/public-key
put you privatekey will show public key


how to show public key
A. have  private key

A.1
bitcoin core use command
listaddressgroupings or  validateaddress

A.2
Electrum
click right show DETAIL  (show public key)

A.3 online tools more
https://learnmeabitcoin.com/technical/public-key
https://brainwalletx.github.io/
https://iancoleman.io/bitcoin-key-compression/
(search google)

A.4
other wallet client have option show public key on you own

B. no privatekey
check in transaction search
https://www.blockchain.com/explorer?utm_campaign=expnav_explorer


example case

1. bitcoin address you generate and have privatekey  blank bitcoin address
just use private key check publickey
can use this software test scan
try
https://www.bitaddress.org/

2. you own bitcoin have money , you have private key
can use this software test scan

3. you own bitcoin have transaction send money someone and still have balance  (public key explode)
other people can scan you bitcoin
can use this software test scan

4. Some bitcoin on found address have balance have money on bitcoin but not have transaction public key not yet show
you can not use this software because no pubkey to search no pubkey to reference this case you need to use bitcrack to scan it
can not use
check bitcrack

5. many bitcoin on internet have both balance  and transaction still have money  (public key explode)
can use this software test scan

6. used bitcoin on internet have transaction and zero balance (public key explode)
yes, you can use it
can use this software test scan

I have a coin in my address. No coins were sent to anyone from this address. My public key was not published by the blockchain because it was not sent.

My public address was not published by the blockchain because no coins were sent to another address.

For example ; https://www.blockchain.com/btc/address/1GmKKaFEP4omAA9uKh1zoRCAb7caJB863k

I am sorry for my English.

Quick someone give me sample start and end range with public keys, I think my 256-bit extension mod is done but I need to test it.

Ok thanks i' don't know that, (amazon EC2 F1 on AWS)

I made some search about FPGA performance on secp256k1 operations.

https://github.com/ZcashFoundation/zcash-fpga/blob/master/zcash_fpga_design_doc_v1.4.2.pdf

this paper (from Zcash fondation) presents some benchmarks of a well optimised group operation on secp256k1 implementating on an AWS FPGA (Zcash has the same curve than bitcoin).

Point addition is "only" about (1.9M op/s).
maybe it is possible to optimise it for the kangaroo algorithm but we are far away from the Giga op / s with the latest GPU.

 

If any transaction has been made to the address then it's public key will be exposed on the blockchain and you can inspect it's value inside the public script using a block explorer.

If not, which is the case here, then it means that you're trying to solve an address with no bitcoins inside (a purely academic problem) and you need to use BitCrack instead, which does work with RIPEMD160.

---

AWS has some rentable FPGAs, but it'll be incredibly hard finding an FPGA developer.

---

Fortunately the jump distance can be reduced to, well, as low as you want.

Part of the costly addition is deriving Y from X, which slows down the number of keys that can be solved. Given that nobody fills up their DP table it makes sense to cache Y as well in the DP table (which btw can be reduced to a vector if we stop using the entire lower qword of X as the dp  and also test its NOT in collision tests )