Topic: Pollard's kangaroo ECDLP solver - page 95. (Read 55599 times)

In the search of #64 you will find several points with x-coordinate with the leading 60 bits = 0. You could use them here as jumps to save space (or to use more jumps in the same space).  But in this way you can't reuse the old DPs.



I think that a DP worth is equal to the length of the path you computed to find it.
 
If you find a DP with 25 bits = 0 after 2^27 steps, that point should be worth like 4 points, each with 25 bits = 0 and found after 2^25 steps. It is like a DP with 25 bits = 0 is equal to a DP with 27 bits = 0.

If you reuse only the DPs you found after 2^27 steps, you will have a better ratio "space occupied / chance to find a collision"

Hi,
I don't understand well how this can work ?
If you change G, the path will also differ as jumps are a function of the X value.

You would need to do these changes:

- a parameter 'reuse', to indicate that you want to reuse a DP file generated for a different search task, and the indication of the difference 'xbit'
*** xbit: current bit range -  previous bit range (for example, 119 bit - 114 bit = 5 bit)

- ** recompute all the previous private keys multiplying them by 2^xbit (for example, for all the 2^33.36 DPs found by Zielar,  each single privkey k -> k' = k*(2^5) )

- the point P needs to be converted in P' = inv(2^xbit) * P  (for example, P' = inv(2^5)*P)  

- the point G needs to be converted in G' = inv(2^xbit) * G  (for example, G' = inv(2^5)*G)


** this task is not strictly necessary, it is enough, once you have found a collision, to modify only the private key of the old DP involved in the collision, to retrieve the correct private key for P (remember that the points are the same); you could insert as parameter the public key of the previous search too, in this way you can avoid to transform all the old wild kangaroos in tame kangaroos, again you could do this transformation on the fly at the end, and only for the single wild kangaroo involved in the collision

*** you can use a xbit negative too, if current bit range < previous bit range, for example inv(2^-5) = 2^5; in this case all the old DPs have the new private keys (respect to G' = 32*G) that are 1/32 of the old private keys; on average only 1/32 of the old DPs will be available for the new search in the new interval; in this case you need to compute first the private keys of all old DPs in order to choose the correct ones; but in this case it would be simpler fetching directly the old DPs that lies in the new range too, without change G

@JeanLuc make please option for save all dead kangaroo to .txt file in readable format ? This is needed information for understand mistake with ranges and -d param.


@JeanLuc and make please counting +/- dead kangaroo: [Dead 10] -> [Dead total: 10 ["+" 8, "-" 2 ]]

BR.

Once you know the structure of a workfile it is not difficult to work with this type of file. I have created a small script in python as an example, anyone can modify it to suit their needs

https://gist.github.com/PatatasFritas/a0409df4306fb1bb81f9a53e70151ddc

@JeanLuc can you add G (Generator point) to params in the next release? Thanks.
if someone wants to use the suggested arulbero method, then the parameter G must be changeable. (As i understand correct)

@Etar would you mind sharing the source code ?


Edit: Please disregard, I got it .

Buddy, how to extract dead kangaroo parameters from work file or enower method ?

yes, you can get x and y from pubkey.

Is there any way to get other information from the public key, such as X coordinate?

There is no way to estimate the range. You would have to search range from 000000000000....1 to FFFFFFFFFFF...F (1 to 256)  which would be a really long time.

I have a question, P = kG, k is in the range of [k1, k2], I am now solving for a public key, but I don’t know the range of [k1, k2], how should I use the kangaroo.exe program, or can I explain how Estimate the range of [k1, k2]?

If you or someone who can program can work on sending hashtable to textfiles (like your export option configuration) then there would be no need for save files and merging, etc. If you give user option to export tame and wild files with any amount they wish (example 20 tame and 20 wild files), then no merging or saving. Just compare the different tame and wild files for a collision/solution. This also eliminates any RAM issues.

Congratulations to Jean_Luc and zielar!

I have been thinking for several days about removing the hashtables from the joining process, and when I finally finish it I find that it had already been implemented by JeanLuc

Now I have applied the same method to join several files in one process, reducing the total time quite a bit.
My approach is to read all the files in the directory at the same time in HASH_ENTRY loop.

Although my code works, it is still in testing and it is possible that it has some bug.


https://github.com/PatatasFritas/FriedKangaroo/blob/merge/Merge.cpp

@JeanLuc sorry about little offtop in your thread..
@WanderingPhilospher Here is server/client (source and compiled version) for bitcrack, you also need put cu or cl version of Bitcrack.exe to client folder https://drive.google.com/file/d/1pFTvBLwTDF4GZCyDpJHwnWqfuNeOT6Ik
before using app in big range made few test in small interval to make shure that you correct understand params.(-dp 3 means that the entire range will be divided into 2^3=8 subranges)
[/quote]
@Etar open up PMs please.

@Etar thanks

The 65save.txt is where the kangaroo x and jump distances are located. Nothing really to do with the file. The program uses it to keep track of what your machine has done so far and if a good collision occurs, it will solve the problem you are working on. If you are using -wsplit option you will have to merge the files to check for collision unless collision happens in newer smaller reset hashtable.

Jean Luc, yes sorry, for off topic. Etar - many thanks to you. Will test now!

@JeanLuc sorry about little offtop in your thread..
@WanderingPhilospher Here is server/client (source and compiled version) for bitcrack, you also need put cu or cl version of Bitcrack.exe to client folder https://drive.google.com/file/d/1pFTvBLwTDF4GZCyDpJHwnWqfuNeOT6Ik
before using app in big range made few test in small interval to make shure that you correct understand params.(-dp 3 means that the entire range will be divided into 2^3=8 subranges)

Yeah, I just wanted something where I had a central server that distributes work to clients and keeps track of ranges checked. Nothing fancy. Not for pooling with others so I wouldn't care about fake work, it would just be me. Just need way to keep track of ranges checked among all workers. And a way to set the intervals/ranges to assign to clients (like you did with 2^20)