Very clever puzzle, but you know, that if someone would solve it, then ECDSA would be broken, right?

More than that: I guess if someone would post the solution, then you would use it just as an offset to some other key, to sweep coins out of it. And I guess the "real" address you want to target, holds much more than just 5 BTC.

Well, they are not "real". All of them are artificially generated. By using "r==s", you closed one way of attacking it, and by picking "z-value" in a way, where "z/r" is producing some small numbers, you closed another way. Which means, that you think, there is a million signatures, where in practice, you could have a single signature, and achieve pretty much the same.

So, if you use ECDSA just as some 256-bit calculator, then you won't get any further, when it comes to breaking any keys.

I also wonder, if you made your puzzle after seeing my transaction, because it touches similar topics: https://mempool.space/testnet4/tx/1c6aa1f6bb20409e0fa3b34e559b55aa05d6ac5506747455d23799cca539546c

If that's the case, then I can tell you, that using "r==s" won't push you any further. You would get only some points, with some fixed offset from the public key, which you would pick as R-value, but that's all. You would have "Q=R-(z/r)", where z-value could be even constant for SIGHASH_SINGLE, but then, you would have just "Q=R-(const/r)". So, you would have just a bunch of points, like "R-offset1", "R-offset2", and so on, but it won't put you any closer into finding R-value or Q-value.

To sum up: if you have low entropy, then you won't get anywhere with just that. And you killed all entropy, first by using "r==s", and second time by using "z/r==1", "z/r==2", and so on. So, there is not enough randomness, to have anything to work with, sorry.