Topic: Pollard's kangaroo ECDLP solver - page 83. (Read 60189 times)

operation at line 5 typically fails in that case (either because
the  square  root  algorithm  fails  on  nonquadratic  residues,  or
because the resulting point fails point validation). This implies
that, for example, secp192k1 and secp256k1 are susceptible to
the SCPD attack, but secp224k1 is not.

EDIT wtere are many different attack for ex chnge curve, change random euation of ecps256k1 to linear form, use more faster then ecps256k1.lib math operation realisation etc.

Q. Did someone know how to modify public key(for ex "split publick key") for get smaler byte range of privkey

Jean_Luc,

Could be of interest to you:

https://github.com/bitcoin-core/secp256k1/pull/767


Not applicable to this thread. It's about fault attacks, where you cause a glitch in a cpu while signing to make it miscompute and leak a key. They demonstrate a particular form of this against several curves.

I don't think their countermeasure advice is all that great.  Sure, storing G as x/y is cheap and stops this particular approach (except in ecdh) so everyone should do that and effectively everything does, but if an attacker can cause skipped instructions there probably are a bunch of other ways to attack.  Better to verify after signing, like bitcoin core does.

Update.


I was find a interesting site http://safecurves.cr.yp.to/ with interesting info.

Degenerate Fault Attacks on Elliptic Curve
Parameters in OpenSSL

https://eprint.iacr.org/2019/400.pdf

Interesting picture form this PDF:

no pub key - no kangaroo

ok, how everyone here use kangaroo for 64? just interest, or for 74,77 and etc?

Pollard Kangaroo algorithm needs as input a public key and an interval for private key.

So... you don't use kangaroo without pub key.

One can get a public key from spent transaction, or early P2PK transaction.

Hello,
I was hoping someone would be kind enough to simplify what the program is doing. What I gathered was that it using the Kangaroo algo which essentially picking 2 random points at set intervals and checking for a collision. I think I started trying to read the start of this thread but was totally lost. I have 1 1080ti that I like to tinker with...have made vanity addresses, messed with Bitcrack for the 32btc puzzle but those were easy to understand. I dont like running things unless I learn something

Also I tried running it but the gpu never really started processing anything and couldnt make heads or tails of the output on the CMD

Any simplified explanation would be greatly appreciated so I can use that to then start learning more and tweaking , etc.

Thanks

Another one question:
I open dos in JeanLuc github at kangaroo, and see a data about 64bit, as he wrote there:
"""
Exemple with a 64bit key:

Kangaroo.exe -d 10 -s -w save.work -wsplit -wi 10 ..\VC_CUDA8\in64.txt
"""

I look at info:

Kangaroo v1.6
Start:5B3F38AF935A3640D158E871CE6E9666DB862636383386EE0000000000000000
Stop :5B3F38AF935A3640D158E871CE6E9666DB862636383386EEFFFFFFFFFFFFFFFF

what??)) is it real range or another decoding i need to do or what is it?

So...how do use a kangaroo without pub key?  What all of you looking for without it?

In case of your example you can't find the pubkey of the address 16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN. That's because it is a Pay 2 Public Key Hash address. What you tried to do I guess is a base58 decode of the address. The tool at http://gobittest.appspot.com/Address might be of help to you fur understanding purposes. Just fill in the address in the last field and you will get the values all the way to the RIPEMD-160 of the hash of the private key. But since RIPEMD and SHA are hashing algorithms that will only work in one direction there is no way you can calculate the public key.

In case of a P2PKH address the public key becomes known when the address is used for an outgoing transaction. In that case for the unlocking script the public key has to be supplied and it will be checked if it hashes to the correct value. But in your case the address doesn't have any outgoing transactions so the public key is not known to anyone but the person who also has the private key.

How we can recieve a pub key?  try to do all without mistakes

i make a from address 16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN a pub 3EE4133D991F52FDF6A25C9834E0745AC74248A4 in hash 160, is it right or or everyone use some online stuff for it?

Yes I mean G as in the generator point which is equal to 1 in decimal but the code should allow for any address to be added I just used 1 for simplicity

[/quote]
Sorry, I had more questions but posted too soon.

Kangaroos...sounds like what you want they aren't necessarily kangaroos, just a 'brute force" type of jump. Start at pubk a, add increment to pubka to create pubk b, rinse and repeat. Each time a new pubk is created and 'visited' you want to convert that pubk to a BTC address and write both to a file. rinse and repeat all until a predesignated address is reached (end of range) or end after so many jumps. Anything I missed?


[/quote]

Thats exactly correct yes, consistently adding a specific key, converting output to address, then writing it to a CSV file. How would that look like in a Python code?

For Windows:

Example of input text document that contains ranges and public key you are searching for, let's call it/save it as input.txt:

1000000 = start of range
1FFFFFF  = end of range
03057... = public key you are searching for

Save the input text document in same folder as Kangaroo.exe

Kangaroo doesn't search for an address but a public key.

Can someone wrote how to start kangaroo in range? i try to make it via doc, but not understand... and not understand how it looking for address, where i must to write it?

when you say
you mean add +1 decimal to previous pubkey? The "G" is throwing me off
[/quote]

Yes I mean G as in the generator point which is equal to 1 in decimal but the code should allow for any address to be added I just used 1 for simplicity

[/quote]
Sorry, I had more questions but posted too soon.

Kangaroos...sounds like what you want they aren't necessarily kangaroos, just a 'brute force" type of jump. Start at pubk a, add increment to pubka to create pubk b, rinse and repeat. Each time a new pubk is created and 'visited' you want to convert that pubk to a BTC address and write both to a file. rinse and repeat all until a predesignated address is reached (end of range) or end after so many jumps. Anything I missed?

[/quote]

when you say
you mean add +1 decimal to previous pubkey? The "G" is throwing me off
[/quote]

Yes I mean G as in the generator point which is equal to 1 in decimal but the code should allow for any address to be added I just used 1 for simplicity

when you say
you mean add +1 decimal to previous pubkey? The "G" is throwing me off

Can someone please help me execute a simple concept in python?

I want to create a herd of wild kangaroos with steady jumps (+G for example or +1 in decimal) then convert it to address, and write the results into a CSV file, with a condition to break if the key at the end of the range is reached.  

I just started learning coding so excuse my ignorance. I'm aware it would take millions of years to solve anything with this and that other programing languages are more effective, I just want to experiment with the idea.  

What I was able to come up with for puzzle 120 for example is as follows
==========================

from cryptos import *
import csv

#The public key we want to solve for
PK ='04ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a26302b195386bea3f 5f002dc033b92cfc2c9e71b586302b09cfe535e1ff290b1b5ac'

#addition factor, in this case its G or +1 decimal
K ='0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c 4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8'

#addition process creating a wild kangaroo (this process needs to be looped to add K to the result over and over again)
X = add_pubkeys(PK, K)

#converting public key to address
addr = pubtoaddr (X)

#writing address to a CSV file
with open('WK.csv', 'w', newline='') as csvfile:

    thewriter = csv.writer(csvfile)

    thewriter.writerow(['address'])
    thewriter.writerow([addr])

#The break condition should be if address result = 1Cyj6SThgWdZWU6w75Rjf8V2bDiZds7AGo (end of puzzle range "ffffffffffffffffffffffffffffff")

=============================================

Any help is much appreciated

Thanks a lot.

If you talk about this wallet: https://www.reddit.com/r/Bitcoin/comments/1sc02w/make_sure_to_secure_your_paperwallet_against/
which image was recently sold on Russian forum here, then you were cheated.

https://bitcointalksearch.org/topic/m.54772780