Topic: Pollard's kangaroo ECDLP solver - page 99. (Read 55599 times)

Good day. Do you know how get wright range for kangaroo search ? And how maybe manipulate pubkey for  so range ?

Thx

btw let me say,
highest value in ecc is 1
1 = 115792089237316195423570985008687907852837564279074904382605163141518161494337. 0
and above to 0 is
0.11579208923731619542357098500868790785283756427907490438260516314151816149433 7

so each and every digit have value, and i can div them in integar and float too actual low then 1 is called is fractional point,and i can play with each and every point

Can`t and nobody can`t. devider must be integer not float. all pubkeys Q=k*G, where k - integer.

mean 789.789 is value can u div pubkey by above value ?

what you mean? you can devide point only by integer.

if need div 789.789 then ?

035776b3684b6a5e9a6307aa53c3d484aabb90244e6371405c114cf8910a9a3bd0
And what is problem in division pub by 789?

BitCrack
apply your algo and show me pubkey div by 789 for
03D041CF467F485A96AB21EC0E1E1E26A344B28A12244320C4BDE48C123653D88F

mrxtraf is saying they can "divide" the public key by 10 by multiplying the public key by the multiplicative inverse of 10 mod n.

The multiplication (and division, which is multiplication with the inverse) is by scalar only. You cannot multiply two public keys without solving ECDLP first. And if you somehow can, then all coins are belong to you.

That is, you can’t divide the public key by 10?
Give me any public key from which you know the private key, I will divide it by 10. And I will give in return the result in the form of a public key. And you yourself divide the private key by 10, get the public key from it and compare.

@mrxtraf
In the private key group (mod n) we can add, negate, and invert - this allows for multiplication and division.

In the public key group (elliptic curve mod p of size n) we can add, negate, and double only. This leads to multiplication by a scalar.

One public key corresponds to exactly one private key, and vice versa. The proof is very easy. Let G is the generator of secp256k1. Let P=k*G is a point on the curve. Let also P=k'*G. Then (k-k')*G=O => (k-k') divides n. But n is prime, hence k=k' (mod n).

Jean_Luc

Can you insert this function in the code ?




Please

Big thank you.

Simple model. Divided at 2 key and key-1, and paralled other key.

Interesting thing...
For first experiment I took a public key 03f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8  pk=13
Then i made fake Tame file with DP=2 and with only one DP and very small range in DEC 0:17
Small range selected specifically to check if overlap affects.
X-coordinate was 5c778e4b8cef3ca7abac09b95c709ee5 and distance 00000000000000000000000000000002
So DP is c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
After that i make fake Wild file:
X-coordinate was 5c778e4b8cef3ca7abac09b95c709ee5 and distance 0000000000000000000000000000000B sign -
then i merge this 2 file and solve key. Ok it is correct and expected because the pub key is above "zero"


The second experiment was with almost the same key with only a minus sign 02f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8
That mean that pub key is under "zero" and -N/2+pub+N/2 do not overlap tame range..

Fake Tame file was almost the same i just change pub key y-coordinate in header

Fake Wild file the same was changed pub  key y-coordinate in header and change sign in distance to +
So we have Wild DP -2 and Tame DP +2
And after merge key was solved:
Range width: 2^5
Key# 0 [0S]Pub:  0x02F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8
       Priv: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364134

Those my theory is correct and we can reduce the range by half due to symmetry.

And here is question to @JeanLuc why  app can solve this config:
80000000000000000000
ffffffffffffffffffff
0304b504a5122bfa6d4d3c7283b1c42f732f2e68ae129a8e6eea7671aeb6fe075f

but  can`t solve this:
0
3fffffffffffffffffff
023389617b48186abe570e27966546775feaff36037a932b655c10d0c6994d7bf3

Yesterday i was wait 8h when expected time was 15minutes, so i can say that this config was impossible to solve. But what reason is?

EDIT: And one more trick, if the program showed not only just dead kangaroos, but also their type.
From the number of dead wild kangaroos, one can judge indirectly that the public key is close to the beginning of the range.
Due to symmetry, negative steps will be mirrored with positives causing a greater number of dead wild kangaroos.

I was try deduct many times Basis point from pubkey

and get this result in decimal:


Why if pubkey=G*x so many different result ?

What is algorithm multiply G on x ?

Does a algorithm for get Pubkey is Q=G * x * ?

No. if simple prikey from 160 bytes = privkey 159 bytes * 2.
But what does dividing and multiplying by 2 have to dividing by 10?

So, PrivKey from 160 bytes = privkey 80 bytes*2 ?

Therefore, when dividing the public key Q, other methods are used and there is no inv (10). You can give a public key from which you know the private one and I will divide it by 10. And you will check using the private key.

Look to the python code, function to devide point is called ptdiv(pt,a,p,n)
where pt is point and a is integer devider