Search content
Sort by
Showing 20 of 70 results by CY4NiDE
Re: Hacker ganha R$ 2 milhões em Bitcoin após resolver enigma e perde tudo
Na verdade quando o Satoshi criou o Bitcoin existia um esquema de pagamento chamado P2PK (Pay-to-Public-Key) implementado no client que era a opção default no pagamento pela mineração.
Ou seja, as recompensas de bloco eram pagas diretamente para chaves publicas. Até hoje muitas moedas dessa época ainda estão nessas chaves publicas, pois nunca foram movidas.
O que acontece é que a maioria dos exploradores de bloco conectam erroneamente esses outputs P2PK ao endereço P2PKH derivado da chave publica.
Vamo usar como exemplo o endereço do bloco Genesis. Os primeiros 50 Bitcoins minerados por Satoshi não estão no famoso endereço P2PKH 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa e sim na chave publica dele:
Mais alguns exemplos desse fenômeno:
Apesar desses endereços nunca terem gasto moedas, as chaves publicas deles são literalmente publicas pois foram elas que receberam as moedas. Fazendo um parsing na blockchain é possível obtê-las.
Existia também uma função chamada Pay-to-IP nos primeiros clients e o default dessa função também era transacionar através do P2PK. Mais tarde ela foi descontinuada.
Várias dessas chaves publicas da era P2PK provavelmente estão associados ao proprio Satoshi.
O interessante é que apesar das chaves privadas de 256 bits, o esquema P2PK fornece uma segurança de 128 bits por causa dos algoritmos como Pollard Kangaroo e BSGS que trabalham diretamente com a chave publica.
Esses algoritmos exploram algumas propriedades da curva elíptica pra resolver o ECDLP em sqrt(O) steps (raiz quadrada do tamanho do problema).
Pra uma chave privada de 256 bits temos sqrt(2^256) = 2^128. O algoritmo precisaria então computar "apenas" 2^128 operações pra derivar uma chave privada de 256 bits através da chave publica.
Vale lembrar que 2^128 operações ainda é um numero astronômico e algo praticamente impossível de alcançar.
A hipótese pode ser testada fazendo um parsing na blockchain pra resgatar todas as chaves publicas usadas nessa época.
Carrega essas chaves publicas num BSGS e aí solta os cachorros. Coloca o algoritmo pra procurar as chaves privadas no espaço 1:FFFFFFFFFFFFFFFFF por exemplo.
Se alguma chave privada desse range foi utilizada o algoritmo vai encontrar.
Mas é claro que o Satoshi não iria cometer esse tipo de gafe.
Ou seja, as recompensas de bloco eram pagas diretamente para chaves publicas. Até hoje muitas moedas dessa época ainda estão nessas chaves publicas, pois nunca foram movidas.
O que acontece é que a maioria dos exploradores de bloco conectam erroneamente esses outputs P2PK ao endereço P2PKH derivado da chave publica.
Vamo usar como exemplo o endereço do bloco Genesis. Os primeiros 50 Bitcoins minerados por Satoshi não estão no famoso endereço P2PKH 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa e sim na chave publica dele:
Code:
04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
Mais alguns exemplos desse fenômeno:
Code:
Address: 12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX Public key: 0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee
Address: 1DsX397veL4cmmjEHzw3Kk28S5pULroeJF Public Key: 04002a795983771b49c0a6e8338e0e1aa299e6fce1071345ab8a310379f3807dd32f48ed6a4df57f0e653d5ff8e5b39a1c1f5e7c4ba2e24926b224cff9b1695931
Address: 1DSXoMQeV4REBL9a9U6pGnSQGwgPh9CM13 Public key: 0405f818748aecbc8c67a4e61a03cee506888f49480cf343363b04908ed51e25b9615f244c38311983fb0f5b99e3fd52f255c5cc47a03ee2d85e78eaf6fa76bb9d
Address: 1DSbWaN2SKFPpHF9pK2bQzNh1vSgaYhdyg Public key: 0431edd848f7d028f147f1764dce6b1932856f566943ca2327768128da53375fbc57ec55c47e76e007811df18d72b6346b50e28848b16a67367150bf35a7b55b43
Address: 1DSbufiriX9LsMHaGnYVAgawk7gx6AdaGD Public key: 04d781601b0b599c8d2a0a1b9cd2c0ccccc7cef100b4c24a82ae8a35d35f0c99fa5f5e178946db623faa432007d32d4b850878f8949cbe5d755006a99b415a1f13
Address: 1DScsihbffMvZsGQ43T1Jd1m4ZTotyCkTs Public key: 04b088481dd943b44ce3107f723e281a109429040faf0060f4a6a0ccaf6108dca6fd82f81022ce2e8ca8bad88e700e5e2d1bbd534adc2fe4e9bb8039b3806e187d
Address: 1DSf5bscaKSLMtmYNhpXCVHQ2CTxtktEfT Public key: 046373cd51e0421f45cb9b48e2079d0baa22aefb2bef39507ef3d83c1b1f5cc164b95d6764d924d14474f1de9f9daf2c396ea5c28d06773a9d372dd66c5b1177f3
Address: 1DSwfBpR1np8ecuDzFX4MfmFWo1Lcwdowo Public key: 04feec1a956c82c23a3402a3904cd0e69ddb696d185e57c710449ad73c21f9410e0548dda0b64d3aa8c2e91d2316d4b8eeaf00d968057e21a7629c1378868a5235
Address: 1v363NX8SzLNcBVht41NJSoRdDfQtwYv9 Public key: 04db06667236c43f0e99d5920b583e2c9c244aac21d7545cf55cd1d92deffc7db7bc8e785f7770069848520c7d87b750fa29fd496c05bf75067299460d31c6fc55
Address: 1DsX397veL4cmmjEHzw3Kk28S5pULroeJF Public Key: 04002a795983771b49c0a6e8338e0e1aa299e6fce1071345ab8a310379f3807dd32f48ed6a4df57f0e653d5ff8e5b39a1c1f5e7c4ba2e24926b224cff9b1695931
Address: 1DSXoMQeV4REBL9a9U6pGnSQGwgPh9CM13 Public key: 0405f818748aecbc8c67a4e61a03cee506888f49480cf343363b04908ed51e25b9615f244c38311983fb0f5b99e3fd52f255c5cc47a03ee2d85e78eaf6fa76bb9d
Address: 1DSbWaN2SKFPpHF9pK2bQzNh1vSgaYhdyg Public key: 0431edd848f7d028f147f1764dce6b1932856f566943ca2327768128da53375fbc57ec55c47e76e007811df18d72b6346b50e28848b16a67367150bf35a7b55b43
Address: 1DSbufiriX9LsMHaGnYVAgawk7gx6AdaGD Public key: 04d781601b0b599c8d2a0a1b9cd2c0ccccc7cef100b4c24a82ae8a35d35f0c99fa5f5e178946db623faa432007d32d4b850878f8949cbe5d755006a99b415a1f13
Address: 1DScsihbffMvZsGQ43T1Jd1m4ZTotyCkTs Public key: 04b088481dd943b44ce3107f723e281a109429040faf0060f4a6a0ccaf6108dca6fd82f81022ce2e8ca8bad88e700e5e2d1bbd534adc2fe4e9bb8039b3806e187d
Address: 1DSf5bscaKSLMtmYNhpXCVHQ2CTxtktEfT Public key: 046373cd51e0421f45cb9b48e2079d0baa22aefb2bef39507ef3d83c1b1f5cc164b95d6764d924d14474f1de9f9daf2c396ea5c28d06773a9d372dd66c5b1177f3
Address: 1DSwfBpR1np8ecuDzFX4MfmFWo1Lcwdowo Public key: 04feec1a956c82c23a3402a3904cd0e69ddb696d185e57c710449ad73c21f9410e0548dda0b64d3aa8c2e91d2316d4b8eeaf00d968057e21a7629c1378868a5235
Address: 1v363NX8SzLNcBVht41NJSoRdDfQtwYv9 Public key: 04db06667236c43f0e99d5920b583e2c9c244aac21d7545cf55cd1d92deffc7db7bc8e785f7770069848520c7d87b750fa29fd496c05bf75067299460d31c6fc55
Apesar desses endereços nunca terem gasto moedas, as chaves publicas deles são literalmente publicas pois foram elas que receberam as moedas. Fazendo um parsing na blockchain é possível obtê-las.
Existia também uma função chamada Pay-to-IP nos primeiros clients e o default dessa função também era transacionar através do P2PK. Mais tarde ela foi descontinuada.
Várias dessas chaves publicas da era P2PK provavelmente estão associados ao proprio Satoshi.
O interessante é que apesar das chaves privadas de 256 bits, o esquema P2PK fornece uma segurança de 128 bits por causa dos algoritmos como Pollard Kangaroo e BSGS que trabalham diretamente com a chave publica.
Esses algoritmos exploram algumas propriedades da curva elíptica pra resolver o ECDLP em sqrt(O) steps (raiz quadrada do tamanho do problema).
Pra uma chave privada de 256 bits temos sqrt(2^256) = 2^128. O algoritmo precisaria então computar "apenas" 2^128 operações pra derivar uma chave privada de 256 bits através da chave publica.
Vale lembrar que 2^128 operações ainda é um numero astronômico e algo praticamente impossível de alcançar.
imagino um cenário catastrófico em que satoshi tenha feito uso desse tipo de chave privada em alguma wallet abandonada com uma pequena fortuna de bitcoins
A hipótese pode ser testada fazendo um parsing na blockchain pra resgatar todas as chaves publicas usadas nessa época.
Carrega essas chaves publicas num BSGS e aí solta os cachorros. Coloca o algoritmo pra procurar as chaves privadas no espaço 1:FFFFFFFFFFFFFFFFF por exemplo.
Se alguma chave privada desse range foi utilizada o algoritmo vai encontrar.
Mas é claro que o Satoshi não iria cometer esse tipo de gafe.
Re: Hacker ganha R$ 2 milhões em Bitcoin após resolver enigma e perde tudo
Isso só é possível se o "atacante" também tem a chave privada.
Imagine o seguinte.
A pessoa solucionou o puzzle e pegou a chave privada.
Daí ele foi e fez uma transação para transferir os fundos do puzzle pra carteira dele.
Mas, ele pagou 5 sat /vB, que iria demorar 10 blocos pra confirmar.
Até aqui você acertou.
Com poucas linhas de Python é possível armar um script que checa a mempool de segundo em segundo através de um node ou API, monitorando um endereço específico, aguardando esse endereço submeter uma transação pela primeira vez e revelar a chave publica, informação que até então (no contexto do puzzle #66) é conhecida apenas pelo detentor da chave privada.
Quando a primeira transação que gasta fundos do endereço #66 chega na mempool, a chave publica daquele endereço é revelada pra rede inteira instantaneamente. O script do atacante recebe retorno em questão de milissegundos e agora o atacante também tem aquela chave publica.
Basta agora iniciar uma instancia de Pollard Kangaroo ou BSGS pra derivar a chave privada. No pior dos cenários essa etapa poderia levar uns 30 segundos (Pra um ECDLP de 66 bits a complexidade é de apenas 2^33 operações usando os algoritmos citados) mas dependendo do hardware e implementação é possível derivar uma chave privada de 66 bits instantaneamente.
Tendo a chave privada o atacante começa a spammar a mempool com novas transações que gastam os mesmos fundos para outro endereço, pagando taxas mais altas do que a transação original e recebendo maior prioridade (Replace By Fee). O processo inteiro é facilmente automatizado do inicio ao fim com um único script em Python que faz tudo em menos de 1 minuto:
*A transação original é enviada a mempool pela pessoa que resolveu a chave privada primeiro e está aguardando confirmação*
- Detectar essa transação na mempool = milissegundos
- Recuperar a chave publica dos metadados = milissegundos
- Derivar chave privada de 66 bits através da chave publica = 1~30 segundos
- Usar a chave privada pra assinar novas transações = milissegundos
- Relay dessas transações através de APIs = milissegundos
Enquanto isso a transação original levaria seus ~10 minutos até ser confirmada. Obviamente não da tempo, pois antes disso acontecer a mempool já foi enxurrada com as transações do atacante, mais atrativas pros mineradores por conta das taxas mais altas sendo oferecidas.
Mesmo que a transação original venha com a bandeira Replace By Fee desabilitada e tenha sido aceita por um node que respeita essa bandeira, o atacante ainda pode submeter as transações dele pra mempool através de outros nodes, já que a grande maioria deles permite full RBF independente da bandeira RBF presente na transação original.
Esse hack só funciona no contexto do puzzle/desafio por conta das chaves privadas mais curtas (66,67,68,69 bits etc). Fora desse contexto é impossível empregar o método pois as chaves privadas usadas na rede possuem todos os 256 bits.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
⭐ Merited by TryNinja (2)
I'm working around the clock to fit 2^160 magic circles into mcdouglasx brain fart db so I can astral project myself in front of it at 3am during a full moon, while Rotor-Cuda runs on the background searching for 1 trillion divided public keys in a smaller range. This is it guys, wish me luck.
Update: Was chased down by some NSA wraith wielding a huge scimitar, am now lost beyond the coordinates 00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, 3f3979bf72ae8202983dc989aec7f2ff2ed91bdd69ce02fc0700ca100e59ddf3. Please send help.
Oh, look! Digirombs is here too, hey dude
Update: Was chased down by some NSA wraith wielding a huge scimitar, am now lost beyond the coordinates 00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, 3f3979bf72ae8202983dc989aec7f2ff2ed91bdd69ce02fc0700ca100e59ddf3. Please send help.
Oh, look! Digirombs is here too, hey dude
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Of course it was a lot of crazy fast kangaroos
My kangaroos, not JLP's.
My kangaroos, not JLP's.
If I might ask, GPU based or is it something else?
Congratulations by the way, we are pleased to finally meet you.
It is basically the same problem as when some guys attempt to divide some public key by 2, 4, 8 etc.
Every time we "divide" we cannot tell if the resulting point lies in the lower half of the interval, or whether it is offset by (groupOrder + 1)/2, because we don't know the parity of the private key.
Regarding this very specific problem, one limited approach I can think of is to subtract G from your initial pubkey and keep them both; the initial and the offset resulting from this subtraction.
Now one of these two is sure to have an even private key, as some pubkey minus G = its private key minus 0x1.
Then you "divide" them both and at least one resulting offset will be within the desired interval.
Idk if this would be a feasible approach for your original problem tho, as the "decision tree" grows exponentially every time we repeat this process.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
I'd like to add here that it was announced from the very beginning that his program was limited to a 125bit interval. lol.
So yeah, for the people that ran it against #130; this stupidity is entirely on you. Instead of complaining that someone else did not hand out to you a perfect implementation go and actually create your own.
Otherwise you will end up with 0 Bitcoins AND 0 knowledge. And knowledge is the only thing that most of us here might ever gain from this challenge.
Code:
Pollard's kangaroo for SECPK1
A Pollard's kangaroo interval ECDLP solver for SECP256K1 (based on VanitySearch engine).
This program is limited to a 125bit interval search.
A Pollard's kangaroo interval ECDLP solver for SECP256K1 (based on VanitySearch engine).
This program is limited to a 125bit interval search.
So yeah, for the people that ran it against #130; this stupidity is entirely on you. Instead of complaining that someone else did not hand out to you a perfect implementation go and actually create your own.
Otherwise you will end up with 0 Bitcoins AND 0 knowledge. And knowledge is the only thing that most of us here might ever gain from this challenge.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Someone has to sit down and write a completely new kangaroo.
Shouldn't we be looking at FPGAs by now?
I'm actually working on a little project to get me started with Verilog.
It is a simple xpoint-only bruteforcer for now. The design works fine, but I couldn't fit it on the target chip yet.
The main goal is to get to the level where I can create a HDL Kangaroo implementation.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
No, I don't have enough XP to meddle with the Wheel of Fortune. This thing is just too powerful.
Just by making this simple edit it took me so much mana and HP that will take me weeks to recover.
Just by making this simple edit it took me so much mana and HP that will take me weeks to recover.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Also to note you need the specific Purebasic v.5.31 other versions to my knowledge do not work
That's right. But once you buy it you gain access to any version, I think.
I'm not going to tell you guys that you could get it from some torrent cause it might be against forum rules/country laws.
And since I'm not telling anyone that, I don't even need to say to be careful with potentially backdoored software provenient from torrents.
Re: == Bitcoin challenge transaction: ~1000 BTC total bounty to solvers! ==UPDATED==
⭐ Merited by Cricktor (1)
Well, the public key was known anyway for puzzle #130 and other puzzles of multiples of 5. So, those higher bitcount puzzles are apparently of limits for bots.
Yes, that's correct. Otherwise you could just straight up solve #130 as the public key was available from the beginning.
Most bots can steal from puzzle #67 up to the 75-80ish bits, depending on the rig's capabilities.
Any key that takes less than ~10 minutes to crack is not safe. (~10m avg block time, not always the case).
I personally would only feel safe above 110 bits, just to be sure, as we cannot really know what is out there regarding other people's cracking capabilities.
Anything less then 110 bits I would send through MARA's slipstream.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
⭐ Merited by TryNinja (1)
Any other Kangaroo version known that is known to be usable for >128bit ranges ?
This has been answered 10 thousand times in this same thread some pages back.
The only public available Kangaroo that works beyond 125 bits is Etar's.
It's based on JLP's but it can go up to 192 bits.
It has an edge on the speed too, yielding +-1Gk/s more than JLP's (at least on my setup).
https://github.com/Etayson/Etarkangaroo
Note that its Windows only and if you want to compile it yourself you need PureBasic, which is paid.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Me too, I thought whoever found the private key would go through Mara's slipstream, that no one would dare go through mempool directly but how wrong I was.
The thief who stole the coins must have a nice setup, it took his bot 45 seconds to replace the transaction, I assume whether he used BSGS or Kangaroo, it took 30 seconds to find the private key and the remaining 15 seconds for opening and shutting down apps.
The thief who stole the coins must have a nice setup, it took his bot 45 seconds to replace the transaction, I assume whether he used BSGS or Kangaroo, it took 30 seconds to find the private key and the remaining 15 seconds for opening and shutting down apps.
kTimesG bragged about having a very fast setup and also started precalculating tames for 66bit, 67bit... Preparations you would only need if you plan to steal the transaction sitting in the mempool.
Every other user that took part in the stealing-bot-script discussions a few pages ago is suspicious.
The thief likely active here but would never confess because of repercussions...and well he would unmask as an asshole
.I'm tending to think it wasn't any of the usuals in this thread 'cause we all thought the solver would go through MARA. For his very reason I didn't even bother to finish developing mine.
Also, I don't think anyone would bother to precompute against 66 in this scenario as the key can be cracked in mere seconds anyways.
If that was the case it would have taken much less than 45s to replace the original tx, as once you have the key it might take less than 1 second to relay the first replacement.
I was also thinking.... What if the creator himself triggered the attempted withdraw?
Reason: To officially embed this event in the challenge's timeline at the cost of 6.6 BTC, as now "puzzle #66" will be notoriously known to have been hijacked by a bot in the proposed scenario.
Am I making any sense here or am I just hitting my bong too much?
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
⭐ Merited by Kamoheapohea (1)
any idea for puzzel 67
Yes.
Wait until someone solves it and then steal the coins with a bot.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Heyho, I couldn't find any Info on this. I'm using VanitySearch and it says [compressed] next to the address - is this right? Are the addresses compressed or not?
Ty guys!
Ty guys!
How could you not find this information? It's literally in this same page, above your own post.
There are other 4, consecutive posts showing a huge list with every known COMPRESSED pubkey from this puzzle.