Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Pollard's kangaroo ECDLP solver
by
Feron
on 11/01/2022, 17:39:01 UTC
Quote from: CrunchyF on Today at 01:57:25 PM
Quote from: Feron on January 10, 2022, 04:16:30 PM
Quote from: CrunchyF on January 10, 2022, 09:02:09 AM
Hi
I can eventually convert this code using  my own secp256k1 library for CUDA (based on Jean Luc Pons Kangaroo ).

It can achieve up to 70M scalar mult /sec on a rtx 3070.

A python implementation with pycuda can be do easily

But sorry for this trivial question :
What the purpose of this script?

Regards

Fanch

using 120 puzzles public key to generate a lot of keys and use that script random the more keys the better the chance to hit one
I just don't know if it can be generated with 1 public key more keys if so, it can be useful

I've redesigned it a bit now, I should , 2x faster for python


Hi

I already think about this method of searching for a collision between a temporary key (for example every intermediate wild kangaroo jump) and a lookup in a  hashtable of precomputed  random key in the range of puzzle 120.

Let-s do some math to show if it is realistic or not...

Imagine that you will precompute an huge hashtable (or a bloom filter) of 256 Gigas entries (or 256Giga  keys picked up at random in the puzzle 120 interval)

Forget the fact that this table will occupe several TerraBytes of RAM and that the lookup time will increases with the size of the hashtable (less true for a bloom filter look up).

The formula which defines the probability of finding a particular piece among N pieces at the end of n draw without replacement, is as follows:

P=1-(1-1/N)^n

we can replace 1/N by (number_entries_in_hashtable/interval_of_puzzle_120) =  256*10^9/(2^120-2^119) = 3.85e-25


We fixed  for example P=0.5 (means a probability of having an hit of 50%)

Let's calculate n for such P=0.5

0.5=(1-1/N)^n

a=b^n => n=ln(a)/ln(b)

n=ln(0.5)/ln(1-3.85e-25) = 1.8e24
if your GPU can do 1 billion  jumps (and lookup at the same time) per second (typically the speed of Jean-Luc pons program with a good GPU)

You will have to wait 1.8e24/1e9 = 1.8e15 seconds or  57 Millions of years before having 50% of having an hit...

Hopeless..., even if you uses a bigger hashtable or a powerfull GPU cloud.


The main problem of this approach is that you don't  profite of the birthday paradox used in the kangaroo solver because you look for in a predefined list.

Regards

Fanch

The birthday paradox works on a similar principle Huh d i don't know now i have pasted this code for fun

from bit import Key
for xx in range(1):
 q = 1
 for x in range(200):
  for y in range(170,200):
   probability = x / y
   q *= (1 - probability)
   p = 1 - q
   for cc in range(922,1845):
    x0 = ''.join(str(cc))
    x1 = ''.join(str(p))[2:]
    ke = Key.from_int(int(x0+x1))
    if (str(ke)).endswith("QN>"): # this print all bitcoin address they end big N> use this XQN> code run faster
     print(x0+x1,ke,x,y)
    if (str(ke)) == "<PrivateKey: 16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN>":
     f=open("win.txt","a")
     f.write(str(x0+x1)+(str(ke))+"\n")
     f.close()