Author

Topic: who guarantees that a puzzle is really such a puzzle (Read 302 times)

member
Activity: 196
Merit: 67
I am the creator.
You seriously believe a newly registered forum user (who has no other post except this one, means he only registered a new user name to make his post) that he is the creator of the puzzle, just because he writes it down like that? And on top of that has chosen the nickname "saatoshi_rising", which obviously abuses the fact of the fake that Satoshi could be related. Another user then asked him to confirm his identity by signing a message. This ensures that he really is who he says he is.
saatoshi_rising proved it:

In his post he says, that he will move the rewards for > 160 bit puzzles to the lower ones and add more funds.

I am the creator.

You are quite right, 161-256 are silly.  I honestly just did not think of this.  What is especially embarrassing, is this did not occur to me once, in two years.  By way of excuse, I was not really thinking much about the puzzle at all.

I will make up for two years of stupidity.  I will spend from 161-256 to the unsolved parts, as you suggest.  In addition, I intend to add further funds.  My aim is to boost the density by a factor of 10, from 0.001*length(key) to 0.01*length(key).  Probably in the next few weeks.  At any rate, when I next have an extended period of quiet and calm, to construct the new transaction carefully.

A few words about the puzzle.  There is no pattern.  It is just consecutive keys from a deterministic wallet (masked with leading 000...0001 to set difficulty).  It is simply a crude measuring instrument, of the cracking strength of the community.

Finally, I wish to express appreciation of the efforts of all developers of new cracking tools and technology.  The "large bitcoin collider" is especially innovative and interesting!

Then he did:

https://www.blockchain.com/btc/tx/5d45587cfd1d5b0fb826805541da7d94c61fe432259e68ee26f4a04544384164

If he were not the creator & owner of the puzzle, he couldn't move the older puzzle coins.

He is the creator.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
message signing does work and does prove it for legacy addresses '1' prefix (p2pk/p2pkh)
[...]

12 months later someone (Bulista) figured out that this transaction is unusual https://bitcointalksearch.org/topic/bitcoin-puzzle-transaction-32-btc-prize-to-who-solves-it-1306983 and called it "puzzle transaction" and people tried to solve the puzzle.
Bulista is not the creator. If he were to call the moon the "sun," it does not mean that it is so. The moon continues to be the moon and the sun continues to be the sun. He can call things as he wants but it doesn't change the facts. As long as the creator of a puzzle cannot prove that HE is the creator, everything other say remains only simple speculation which is based on no facts but on pure fantasy.

2 years later, in April 2017, the creator of the puzzle posted a message:
still the same, you don't know the creator. You just think it is the creator. That's a huge difference.

I am the creator.
You seriously believe a newly registered forum user (who has no other post except this one, means he only registered a new user name to make his post) that he is the creator of the puzzle, just because he writes it down like that? And on top of that has chosen the nickname "saatoshi_rising", which obviously abuses the fact of the fake that Satoshi could be related. Another user then asked him to confirm his identity by signing a message. This ensures that he really is who he says he is.

That's very nice to hear, but please prove yourself by signing a message with the last address (256) from the transaction, which hasn't been cracked yet.

But he never did that. That the money July 2017 was deducted from the higher address and transferred to the lower addresses we see, yes. Despite this is not proof that the user "saatoshi_rising" did this and whether the person is Satoshi or just a Wannabe-Satoshi. Fact is at that time: the private keys of this puzzle are known and available to the owner. Nothing more is proven, that's all. No one knows who is behind the puzzle because he never proved it and made it known.

Whoever made those Patoshi outputs (Satoshi's early mined coins) wanted that people figure out there is a pattern[...]
Can you prove that it is? If not, then this is only an imagination, wish, thought, hope, ... or something else illusory of you.

First, I want to make it categorically clear that a puzzle without a clear and definite direction or clues to solving it is not a puzzle.
Correct.
Secondly, for the clues to be truly clear and definite, the private key to the address that holds the coins should belong to the user who started the puzzle game.
Absolutely correct.

...you can not create a clue from a private key you don't own, else the clue will be fake.
True!

And yes, I agree that every user creating a puzzle to sign a message from the address that is staked in the puzzle, to really prove they own the address and coins in it, this will stand as a guarantee or assurance to the participants of the puzzle, that they are not wasting their time on a puzzle that is fake.
Correct. But let's extend your sentence with "... or which exploits the purpose of a puzzle to maliciously attack an address or address space to which you (= puzzle creator) do not have the private keys and thus are not the true owner, but which you negligently pretend to be.

The following is a freely imagined story.

Alice is an employee of the company BigBob Ltd. and manages the finance department. However, after many years of service, disagreements arose and the management decided to terminate Alice, under the pretext XYZ. Alice was bullied and her life was made difficult until her notice period arrived and she left the company. Alice could not prove otherwise, she knows it was unfair but the verdict was in, the termination was effective and she will have to leave the company in less than 6 months. She knows from her last active project that the company BigBob Ltd. had settled a special contract with a future startup company for a high amount of Bitcoin. For various obfuscation reasons, BigBob Ltd. and its future startup company had decided to split the payment based on a certain pattern. The high amount of XXXXXXX $ was thereby transferred to 255 individual payments split to different Bitcoin addresses, which show a linear progression and thus a clear pattern. The reasons for this do not matter any further, this only concerns BigBob Ltd. and its future startup company. Alice, however, knows the individual addresses and also can access the password-protected private keys to the addresses used in that particular transaction but only on a dedicated computer within the company. Alice is enraged and spiteful because she was treated so badly by her former employer BigBob Ltd. She is vengeful and registers on various forums on the Internet, stating that the known 32BTC transaction is a "puzzle" and everyone is encouraged to try cracking those addresses. She never explicitly mentions that the finder can keep the coins. In the last weeks of her employment, Alice decides according some forum talks to make a transfer. She programs a logic bomb on one of the related computers in the company to transfer the balance of addresses 161-256 to certain other addresses below 160 exactly 7 days after she is fired. The puzzle was opened long before. By announcing the transfer of amounts from the high address ranges to the lower ones, it reinforces her credibility in the Internet forum community. In reality, however, she is not the owner of the addresses and the private keys. She is happy to read in the future how the prize money will be taken from the respective addresses of strangers around the world and enjoys the feeling because her former employer and its subcontractor will suffer a loss. In fact what happens is: some people stealing money from BigBob Ltd. and think they're just taking the puzzle bonus. While on the other end BigBob Ltd. recognizing someone's stealing money from their addresses.

legendary
Activity: 3472
Merit: 10611
Online Sleuths Believe Satoshi Nakamoto’s Bitcoin Stash Is a Blockchain Treasure Hunt Meant to Be Found
Idiots making up stories for themselves is not the same as someone actually publishing a puzzle and calling it a puzzle. There are a lot of idiots out there, many are still trying to break cryptography they don't even understand like those creating random mnemonics and checking the derived addresses' balance!

With that said I think what OP posted should be considered more of a proof than a puzzle. A proof of the fact that ECDLP is not possible to solve. We have another one of this about hash collisions using SHA256, RIPEMD160 and SHA1 and only the SHA1 was solved after Googles SHATERED was released. https://bitcointalksearch.org/topic/reward-offered-for-hash-collisions-for-sha1-sha256-ripemd160-and-other-293382
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform

Glad about your feedback and looking forward to read your comments.
First, I want to make it categorically clear that a puzzle without a clear and definite direction or clues to solving it is not a puzzle.
Secondly, for the clues to be truly clear and definite, the private key to the address that holds the coins should belong to the user who started the puzzle game.

So to start a puzzle, first, you need to create a clue , like a pointer to the answer of the question being asked, this will help participants of the puzzle have a foundation to build their search from, and like I said before , you can not create a clue from a private key you don't own, else the clue will be fake.

And yes, I agree that every user creating a puzzle to sign a message from the address that is staked in the puzzle, to really prove they own the address and coins in it, this will stand as a guarantee or assurance to the participants of the puzzle, that they are not wasting their time on a puzzle that is fake.
member
Activity: 196
Merit: 67
The fact that the puzzle transaction has 256 outputs each in a very specific pattern implies that somebody designed it that way intentionally. So, if they had any intention of personal security they would've used a 256-bit strong private key, but since one output uses 1-bit private key, the next a 2-bit key, and so on, one thing can definitely be concluded: Whoever made those outputs wanted to see how quickly people would figure out there is a pattern.
Exactly.

Whoever made those Patoshi outputs (Satoshi's early mined coins) wanted that people figure out there is a pattern (Sergio Demian Lerner discovered it in 2013 - https://bitslog.com/2013/04/17/the-well-deserved-fortune-of-satoshi-nakamoto/ ). But in this case the pattern doesn't tell you something about the private key. It is just to let you know which Coinbase transactions belong to him. Some think that this is important for further steps.

Did Satoshi say "This is a puzzle"?

For example the creator of the "Bitcoin puzzle ~32 BTC" transferred the prize in January 2015 https://www.blockchain.com/btc/tx/08389f34c98c606322740c0be6a7125d9860bb8d5cb182c02f98461e5fa6cd15 and didn't tell that this is a puzzle.

12 months later someone (Bulista) figured out that this transaction is unusual https://bitcointalksearch.org/topic/bitcoin-puzzle-transaction-32-btc-prize-to-who-solves-it-1306983 and called it "puzzle transaction" and people tried to solve the puzzle.

2 years later, in April 2017, the creator of the puzzle posted a message:

This puzzle is very strange. If it's for measuring the world's brute forcing capacity, 161-256 are just a waste (RIPEMD160 entropy is filled by 160, and by all of P2PKH Bitcoin). The puzzle creator could improve the puzzle's utility without bringing in any extra funds from outside - just spend 161-256 across to the unsolved portion 51-160, and roughly treble the puzzle's content density.

If on the other hand there's a pattern to find... well... that's awfully open-ended... can we have a hint or two? Cheesy

I am the creator.

You are quite right, 161-256 are silly.  I honestly just did not think of this.  What is especially embarrassing, is this did not occur to me once, in two years.  By way of excuse, I was not really thinking much about the puzzle at all.

I will make up for two years of stupidity.  I will spend from 161-256 to the unsolved parts, as you suggest.  In addition, I intend to add further funds.  My aim is to boost the density by a factor of 10, from 0.001*length(key) to 0.01*length(key).  Probably in the next few weeks.  At any rate, when I next have an extended period of quiet and calm, to construct the new transaction carefully.

A few words about the puzzle.  There is no pattern.  It is just consecutive keys from a deterministic wallet (masked with leading 000...0001 to set difficulty).  It is simply a crude measuring instrument, of the cracking strength of the community.

Finally, I wish to express appreciation of the efforts of all developers of new cracking tools and technology.  The "large bitcoin collider" is especially innovative and interesting!

Why did he not make public that he created a puzzle back in 2015?

btw: cool user name saatoshi_rising
legendary
Activity: 4424
Merit: 4794
If you want near-certain proof then look for a signed message from the private key saying so. (although technically, messages do not prove that you can spend the output, that is something that the BIP322 draft is trying to solve - but that's a whole different story).

message signing does work and does prove it for legacy addresses '1' prefix (p2pk/p2pkh)
but signatures can be more variable, iffy, abused.. if used with other address formats(segwit/taproot) and for years they have been trying to solve this.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I would therefore like to know: is there any puzzle that has been explicitly declared as such by the creator and the author of the puzzles has proven its authenticity and in which it has also been explicitly declared that the finder may deduct and keep the amount found in the address as a bonus?

The only puzzle that comes to mind would be nullius' puzzle here:
Goodbye, world!

If you solve the puzzle, I would appreciate if you would post here with appropriate proofs that youre the one who got it, and contact me to let me know how you figured it out; but please keep the solution private.  Be cruel.  Leave everyone in suspense.  [...] If the puzzle is unsolved for a very long time [...] I reserve the right to end this by sweeping away the prize.  However, I do not want to do that.  The search for the private key controlling this 0.001 BTC is good to [...] I wish that I could give more than 0.001 BTC for this, but I cannot afford to.

But nowhere here is it explicitly described that the finder could just take this 0.001 BTC if he knows the private key to it. Although it was obviously declared as a puzzle by nullius, unfortunately it doesn't explicitly proof that this address is really nullius' address and it doesn't say that you can grab the money if you succeed in knowing the appropriate private key.

So simply said: what does the finder of the private key handle this ?  Grin

If you want near-certain proof then look for a signed message from the private key saying so. (although technically, messages do not prove that you can spend the output, that is something that the BIP322 draft is trying to solve - but that's a whole different story).

The reality is that most people are not going to bother to sign a message just to declare a puzzle.

Furthermore, we don't know the identity of the owner who'd declare such a challenge either.

The fact that the puzzle transaction has 256 outputs each in a very specific pattern implies that somebody designed it that way intentionally. So, if they had any intention of personal security they would've used a 256-bit strong private key, but since one output uses 1-bit private key, the next a 2-bit key, and so on, one thing can definitely be concluded: Whoever made those outputs wanted to see how quickly people would figure out there is a pattern.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
@franky1: I think you have not understood my question and my concern correctly. But probably I just didn't express it well so that my concern was misunderstood, excuse me please. It is not about "why was a puzzle made" or "what purpose does the puzzle creator actually have". Also, let's leave the technical details completely out of the discussion, the puzzle mentioned was only meant as an example.

Let's also not look at the motives of crackers, hackers, whitehats, blackhats, that's not the point. Nor are we interested in the probability of solving such a puzzle.

If you solve the puzzle, I would appreciate if you would post here with appropriate proofs that you’re the one who got it, and contact me to let me know how you figured it out; but please keep the solution private.  Be cruel.  Leave everyone in suspense.  [...] If the puzzle is unsolved for a very long time [...] I reserve the right to end this by sweeping away the prize.  However, I do not want to do that.  The search for the private key controlling this 0.001 BTC is good to [...] I wish that I could give more than 0.001 BTC for this, but I cannot afford to.

But nowhere here is it explicitly described that the finder could just take this 0.001 BTC if he knows the private key to it. Although it was obviously declared as a puzzle by nullius, unfortunately it doesn't explicitly proof that this address is really nullius' address and it doesn't say that you can grab the money if you succeed in knowing the appropriate private key.

So simply said: what does the finder of the private key handle this ?  Grin
legendary
Activity: 4424
Merit: 4794
about the satoshi stash where silly people think its a puzzle
the nonce and extra nonce of block solves of known satoshi blockrewards is not a puzzle

blocks get solved by all miners by standard of incrementing a nonce/extra nonce..
finding which blocks were satohi's was not a puzzle he implemented on purpose to be found. it was simply a lack of users that made it easy to see satoshi's nonce sequence.

however
the creation of a public key from a private key is a whole different system

trying to infer that because a pattern is found in the mining(well yea obviously!!) means there must be a pattern in random number generators of a keypair. is just silly. (they are completely different things)

its like saying because all car wheels circumferences are based on 2*pi*radius
then it must mean(stupidly) that the cars door lock keys can be solved by looking at the wheels
member
Activity: 196
Merit: 67
Here is an example:

Online Sleuths Believe Satoshi Nakamoto’s Bitcoin Stash Is a Blockchain Treasure Hunt Meant to Be Found
https://news.bitcoin.com/online-sleuths-believe-satoshi-nakamotos-bitcoin-stash-is-a-blockchain-treasure-hunt-meant-to-be-found/

Satoshi never told us that he created a puzzle. But some people have discovered something (read above link) and try to get the coins.

If he did not create a puzzle, then it is impossible to get the coins.

If these early mined coins move one day, then there was a way to do it and Satoshi must have known it/implemented it.

If coins move and it was not Satoshi's intention, then he can react and let us know that it was not his intention. But then people will ask, how it was possible.
staff
Activity: 3304
Merit: 4115
though i dont condone people stealing funds. .. people wil try anyway. and showing that its not that easy/possible. is a good result to talk about.
EG 5000 people try to break X. years later still not broke
To expand on that, the thought process or the automated processes people are using to try, and crack things are usually similar, and therefore becomes wasted effort. If 5000 people united, and worked together it would take much less time, than having 5000 individuals attempt something. Obviously, even if you had 5000 people or devices working together it would still be deemed impossible, but I do think it's important to make that point. Only cutting edge solutions usually break something, and even then that's pretty much unheard of these days, especially when it comes to encryption.

The Turning machine was a good example of a lot of people working together can achieve what was thought to be a impossible task by many, so I wouldn't rule out these solutions to sometimes break things unexpectedly.
legendary
Activity: 4424
Merit: 4794
whether its a puzzle or not.. you will always find people trying to bruteforce or find ways to take coin.

its more of a experiment to show how easy/hard bitcoin is to steal for some. a test to see the security tolerances of keys and how much effort things need to break.

take the FUD of "p2pk is weak" "re-used addresses(sends)" are weak.. then look at satoshi's block 9 reward address that sent out a few transactions 13 years ago. yet 13 years later no one has been able to brute force it.
even when random number generators for that key back then were not using the best RNG algo back then. no one has stolen those funds. which shows how strong bitcoin is at preserving someones value.

though i dont condone people stealing funds. .. people wil try anyway. and showing that its not that easy/possible. is a good result to talk about.
EG 5000 people try to break X. years later still not broke

..
as for actual puzzles. most puzzle makers do it in stages, with prizes that are released when solving each level. to keep it interesting. and they do provide hints, tips, and some entertainy wordplay that elude to the solution. .. rather than just pasting an address and telling people to try and break it, with no hints or levels on the way.

to spot the difference between a puzzle and a scammy brute attempt game.
one provides hints and prizes along the way at multiple levels. the other jsut tries to get people to bruteforce a address without any entertainy hints, tips, level prizes or easy->difficult stage of levels
hero member
Activity: 630
Merit: 731
Bitcoin g33k
Hello Bitcoin followers,

I have the following question. From what I know and read there are some Bitcoin puzzles out there, e.g. the well-known 32 BTC prize puzzle which is explained in detail on this thread
--> Bitcoin puzzle transaction ~32 BTC prize to who solves it
--> corresponding TXID 08389f34c98c606322740c0be6a7125d9860bb8d5cb182c02f98461e5fa6cd15

My following statements in the example of this puzzle are not explicitly directed to this puzzle but serve the general freedom of such puzzle types.

We obviously see in that puzzle example that this is an unusual transaction and suspect a puzzle based on any recognized patterns. We define that as a puzzle and set out on a journey to solve that puzzle. Those who have found out the private key to one of these addresses deduct the prize money, it is something like their "earnings".

But is that really the case? Is there any information and statements from the real owner of this address, who owns the coins? Has the owner allowed and released that the finder of the private key can withdraw the money from the respective address? If not, then it would still be theft. You own the key - you own the money?

Another deliberately exaggerated example. Imagine: I recognize a pattern in a transaction from Binance, in which the exchange sent different amounts to 128 recipients in a single transaction (nothing unusual). Now I spread the info here in the forum, on Reddit and other channels that it is a puzzle. I may contribute some more details about the detected pattern and possible attack vectors. Just because I see it as a "puzzle" does not make it a puzzle. Imagine further that someone succeeds in cracking the private key of one or more of these recipient addresses and simply withdraws the coins. The cracker would see himself as the "winner", he has solved the puzzle and collects the puzzle prize. But in reality he has stolen the entire coins from the person who knew nothing about it. And this only because his address was declared as "puzzle" somewhere on the Internet by someone.

So how do you know for sure who the puzzle operator is? Shouldn't the person show proof that he really is the owner of these addresses, e.g. by signing and publishing a message, when publishing his puzzle? How can we have confidence that the puzzle publisher = address owner ? If I should solve such a puzzle, I would like to be "sure" that I can really deduct the "prize money". I don't want to harm or even steal from anyone ignorant.

Glad about your feedback and looking forward to read your comments.
citb0in
Jump to: