Post
Topic
Board Development & Technical Discussion
Merits 10 from 2 users
Re: Pollard's kangaroo ECDLP solver
by
arulbero
on 16/06/2020, 11:44:56 UTC
⭐ Merited by Etar (5) ,RetiredCoder (5)
-snip-
You can (see here -> https://bitcointalk.org/index.php?topic=5244940.msg54546770#msg54546770, it is enough to map the new task [1, 2^119 - 1] to the previous one [1, 2^114 - 1]) but it's not worth it.
-snip-
i think all DPs from previous work will be in the left 1/32 part of interval(in the begining).
If you just multiply DPs by 32 then  they will be just points not DPs becouse they will not have leading zeros.
If i wrong can you explaine in very small range how transform DP by 32 times and do not loose leading zeros? Thanks.

Simply, you don't transform the old DPs, instead of multiplying the old points by 32 you divide (= multiply by inv(32)) the new public point P -> P'=inv(32)*P.

If P lies in [1, 2^119 - 1] interval, then P' lies in

[1/32, ...., 31/32, 1, ....., 2, ......3, .......4, ................., 2^114 -1] interval.

Note that the private keys of DPs are 'integer'.

You can change the private keys changing the generator, G -> G' = inv(32)*G:

[1, .........,31,  32,.........2*32,..........3*32, .............., 4*32,.................32*2^114 - 1]