⭐ Merited by LoyceV (2)
Do the weakness #2 (revealed public key) no need to brute all 116 bits (2^116), and only square root of total length is enough --> 58 bits (2^58). However it is still very much to brute force. Assuming that the monster could be symmetric (116/2 = 58bits unknown bits only), it is enough to make only square root from 2^58 operations --> 2^29. This is possible to find very fast.
Exact. I created Giant Step hashtable for 2^29 symmetrical combinations. Then, check Baby Step for second half of picture, also 2^29 symmetrical combinations.Border+one half = Giant Step
second half - public key = Baby step
Memory spent for giant step is about 6Gb, can be safe reduced to 3-4Gb. 20 minutes to build hashtable.
baby step takes about 2 minutes to find key.
BSGS can be used for keys up to 70-75 bits.
Respect to you! Very elegant solution!
You did not use the locked front door to come in, but decided to enter through the side/back door
-snip-
Yes, of course; it was just an example - to see the possible approach.
It means that exposing public key changes really a lot...
Yes, of course; it was just an example - to see the possible approach.
It means that exposing public key changes really a lot...
For 256bit keys nowadays it is not possible to find the private key with these bsgs/pollard methods. The world record at the moment is something like 114bit (and 117bit on FPGA).
But of course for better security it is better never reveal the public key from your address. HD wallets are well designed for this purpose - they generate new wallet after every transaction and transfer the change to new address.