Search content
Sort by
Showing 20 of 62 results by jovica888
I am not sure how Kangaroo algorithm is functioning but for example I run JeanLucPons/Kangaroo a few time...
I saw that it creates about 2^19 Kangaroos at the start (I have Nvidia 1070ti - it sucks) and then it finds solutions for small ranges really fast
So my question is, how are the starting points for those Kangaroos created or selected?
If it is not already working in this way, I thought maybe it would be good to make it like this
So from a lower position of range, you create 2^19 kangaroos and those Kangaroos are consecutive - one by one.... from 1G to 2^19G
Then you create a jumps and all jumps are random but those jumps must be "jump_value % 2^19 = 0" and the same jumps we use for the public_key we are searching. because jumps are "jump_value % 2^19 = 0" then all starting Kangaroos will not collide with themselves because it is not possible. Public key is jumping with those jumps and save points where X is starting with (I do not know) 0000 for example
Then we move each kangaroo with those jumps and we move public_key with those jumps UP so we are adding points basically
A collision will happen when 1 of the starting kangaroos hits the path of public_key...
The starting Kangaroo that is going to hit the path of public_key will basically follow this rule
starting_value_of_that_Kangaroo % 2^19 = private_key_of_public_key % 2^19
So if you can create more starting Kangaroos with more GPUs then you can jump larger jumps and collision will occur faster... right?
Thank you
I saw that it creates about 2^19 Kangaroos at the start (I have Nvidia 1070ti - it sucks) and then it finds solutions for small ranges really fast
So my question is, how are the starting points for those Kangaroos created or selected?
If it is not already working in this way, I thought maybe it would be good to make it like this
So from a lower position of range, you create 2^19 kangaroos and those Kangaroos are consecutive - one by one.... from 1G to 2^19G
Then you create a jumps and all jumps are random but those jumps must be "jump_value % 2^19 = 0" and the same jumps we use for the public_key we are searching. because jumps are "jump_value % 2^19 = 0" then all starting Kangaroos will not collide with themselves because it is not possible. Public key is jumping with those jumps and save points where X is starting with (I do not know) 0000 for example
Then we move each kangaroo with those jumps and we move public_key with those jumps UP so we are adding points basically
A collision will happen when 1 of the starting kangaroos hits the path of public_key...
The starting Kangaroo that is going to hit the path of public_key will basically follow this rule
starting_value_of_that_Kangaroo % 2^19 = private_key_of_public_key % 2^19
So if you can create more starting Kangaroos with more GPUs then you can jump larger jumps and collision will occur faster... right?
Thank you
I think it is possible on this way
For example you define jumps like you have a starting point
after 5.000.000 of those iterations, I guarantee that all nearby points will go to the same point...
I already did that I mean proved that to myself (
)
But what you can do for example...
In case of puzzle 135
You can start jumping from
and put in "babystep" file every 1.000.000th iteration point and you put I do not know 200.000.000 points... and you calculate G added from starting point to 6th last point... This will be a BIG number and it will basically be you BIG GIANT JUMP
Then you start scan from
02145d2611c823a396ef6712ce0f712f09b9b4f3135e3e0aa3230fb9b6d08d1e16
With the same rule... after 6.000.000 iteration if you did not find point from the babystep file you can jump BIG GIANT JUMP
If you find the point then
private key = 7fffffffffffffffffffffffffffffffff + Gadded in line of babystep file - G added in scan at the moment of collision
So this should be a hybrid kangaroo and bsgs
I do not know I am just a guy that is trying something
For example you define jumps like you have a starting point
Code:
300DF8475800 * G = 035e7ee2416496d46b6be9f20acd95ce922333dba658cf6d1d9da570a79b38b556
and then you have other points
300DF8475801 * G = 030264c5072d186570623d1b8346c3e1cebccbdddd1b63e6fb310d1481f060f6f8fb
300DF8475802 * G = 02239e98430c54ee569cf81d39b518ed7c321778429fde49953497285d3283711e
300DF8475803 * G = 03cda37e3633f55b043cf7d4ee148fa44baa50d8925571469d617eb72cc75b0648
300DF8475804 * G = 031b6349e3953558ed1561b69652ccce70eb92bd7c9b93f3082d0d7e563cfebdb7
.
.
.
you make a rule of jumps where you take |last 6 digits of X +1G|and then you have other points
300DF8475801 * G = 030264c5072d186570623d1b8346c3e1cebccbdddd1b63e6fb310d1481f060f6f8fb
300DF8475802 * G = 02239e98430c54ee569cf81d39b518ed7c321778429fde49953497285d3283711e
300DF8475803 * G = 03cda37e3633f55b043cf7d4ee148fa44baa50d8925571469d617eb72cc75b0648
300DF8475804 * G = 031b6349e3953558ed1561b69652ccce70eb92bd7c9b93f3082d0d7e563cfebdb7
.
.
.
after 5.000.000 of those iterations, I guarantee that all nearby points will go to the same point...
I already did that I mean proved that to myself (
)But what you can do for example...
In case of puzzle 135
You can start jumping from
Code:
7fffffffffffffffffffffffffffffffff * G = 02699adca27ea4ce71af1a9b27f767988a8a0d6af792ce33104f45de740d7d1519
|last 6 digits of X +1G|and put in "babystep" file every 1.000.000th iteration point and you put I do not know 200.000.000 points... and you calculate G added from starting point to 6th last point... This will be a BIG number and it will basically be you BIG GIANT JUMP
Then you start scan from
02145d2611c823a396ef6712ce0f712f09b9b4f3135e3e0aa3230fb9b6d08d1e16
With the same rule... after 6.000.000 iteration if you did not find point from the babystep file you can jump BIG GIANT JUMP
If you find the point then
private key = 7fffffffffffffffffffffffffffffffff + Gadded in line of babystep file - G added in scan at the moment of collision
So this should be a hybrid kangaroo and bsgs
I do not know I am just a guy that is trying something
⭐ Merited by vapourminer (1)
I was using this website
https://asecuritysite.com/ecc/ecc_points_mult
I was putting random p-prime numbers, then "manually" bruteforce X value to get valid point
Then if you get rule (n-1)mod 6 = 0 then you basically got the smaller version of standard secp256k1 - you will get the sets of 2 Y values with 3 X values just like in regular curve
The smalles example is p = 7 G=(1, 1)
https://asecuritysite.com/ecc/ecc_points_mult
I was putting random p-prime numbers, then "manually"
bruteforce X value to get valid pointThen if you get rule (n-1)mod 6 = 0 then you basically got the smaller version of standard secp256k1 - you will get the sets of 2 Y values with 3 X values just like in regular curve
The smalles example is p = 7 G=(1, 1)
Code:
P (1,1) Point is on curve
2P (2,1) Point is on curve
3P (4,6) Point is on curve
4P (4,1) Point is on curve
5P (2,6) Point is on curve
6P (1,6) Point is on curve
7P=0
2P (2,1) Point is on curve
3P (4,6) Point is on curve
4P (4,1) Point is on curve
5P (2,6) Point is on curve
6P (1,6) Point is on curve
7P=0
I also have another Idea like a Kangaroo that will use the infinity point as a referent point so the kangaroo will jump from the public key up and we will save X values of those points when the code jumps over the infinity point then the kangaroo will basically start jumping back because X values now have order in backward... and then when you find collision with itself you can calculate the private key
So in my code I was looking for private key of
03440daba3905488f1b5ad2186f6ce2e9a9fe69327ac975dba1a93f8ed60d7813d
I know that private key is < n/2 so I took the even Y value to have a point > n/2
here is the code
I know that the code is slow but it finds a solution
So original private key is
Code:
priv_key = (n - (G_added - G_at_collision) // 2 - G_at_collision) % n
So in my code I was looking for private key of
03440daba3905488f1b5ad2186f6ce2e9a9fe69327ac975dba1a93f8ed60d7813d
I know that private key is < n/2 so I took the even Y value to have a point > n/2
here is the code
Code:
import ecdsa
from ecdsa.ellipticcurve import Point
import time
# Parameters of the secp256k1 elliptic curve
curve = ecdsa.curves.SECP256k1.curve
G = ecdsa.curves.SECP256k1.generator
n = ecdsa.curves.SECP256k1.order
# Initial point
X = 0x440daba3905488f1b5ad2186f6ce2e9a9fe69327ac975dba1a93f8ed60d7813d
Y = 0x9d656a2ee1049d7bf9c4b48c4df47e92115b0a479c60ba1034c9c2e7a39d2f0c
P = Point(curve, X, Y)
visited_x = {} # Store X coordinates in RAM
G_added = 0 # Total G added
start_time = time.time() # Start time
last_print_time = start_time # Track last print time
iteration = 0 # Track current iteration
while True:
last5 = X & 0xFFFFF # Last 7 digits of X-axis
step = last5 + 1 # Step size
P = P + step * G # Jump forward
X = P.x()
G_added += step
iteration += 1
current_time = time.time()
if current_time - last_print_time >= 5:
print(f"Total G added: {hex(G_added)}, Current Iteration: {iteration}, Current step: {step}", end="\r")
last_print_time = current_time
if X in visited_x:
G_at_collision = visited_x[X]
priv_key = (n - (G_added - G_at_collision) // 2 - G_at_collision) % n
end_time = time.time()
elapsed_time = end_time - start_time
hours, rem = divmod(elapsed_time, 3600)
minutes, seconds = divmod(rem, 60)
print(f"\nPrivate key found: {hex(priv_key)}")
print(f"Time taken: {int(hours)}h {int(minutes)}m {int(seconds)}s")
break
else:
visited_x[X] = G_added
from ecdsa.ellipticcurve import Point
import time
# Parameters of the secp256k1 elliptic curve
curve = ecdsa.curves.SECP256k1.curve
G = ecdsa.curves.SECP256k1.generator
n = ecdsa.curves.SECP256k1.order
# Initial point
X = 0x440daba3905488f1b5ad2186f6ce2e9a9fe69327ac975dba1a93f8ed60d7813d
Y = 0x9d656a2ee1049d7bf9c4b48c4df47e92115b0a479c60ba1034c9c2e7a39d2f0c
P = Point(curve, X, Y)
visited_x = {} # Store X coordinates in RAM
G_added = 0 # Total G added
start_time = time.time() # Start time
last_print_time = start_time # Track last print time
iteration = 0 # Track current iteration
while True:
last5 = X & 0xFFFFF # Last 7 digits of X-axis
step = last5 + 1 # Step size
P = P + step * G # Jump forward
X = P.x()
G_added += step
iteration += 1
current_time = time.time()
if current_time - last_print_time >= 5:
print(f"Total G added: {hex(G_added)}, Current Iteration: {iteration}, Current step: {step}", end="\r")
last_print_time = current_time
if X in visited_x:
G_at_collision = visited_x[X]
priv_key = (n - (G_added - G_at_collision) // 2 - G_at_collision) % n
end_time = time.time()
elapsed_time = end_time - start_time
hours, rem = divmod(elapsed_time, 3600)
minutes, seconds = divmod(rem, 60)
print(f"\nPrivate key found: {hex(priv_key)}")
print(f"Time taken: {int(hours)}h {int(minutes)}m {int(seconds)}s")
break
else:
visited_x[X] = G_added
I know that the code is slow but it finds a solution
Code:
Total G added: 0x11a4b3bb783, Current Iteration: 2312884, Current step: 699786
Private key found: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25d8a18d30c97
Time taken: 0h 3m 19s
Private key found: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25d8a18d30c97
Time taken: 0h 3m 19s
So original private key is
Code:
n - fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25d8a18d30c97
hex 102B76334AA
dec 1111178294442
hex 102B76334AA
dec 1111178294442
You are creating Babystep file from 1G to 10G in babystep file you only put X values (or part of it or I do not know)
You are jumping from 264G ----> inverse point n - 264
And you can jump 20G in one jump and try to match X values of the point...
number of line you hit is for example 3... you have 2 solutions ...
private key = n - nuber of jumps * 20 - 3
private key = n - nuber of jumps * 20 - 3 * 2 - 1(because of infinity point)
I mean this is something I am thinking about not sure
You are jumping from 264G ----> inverse point n - 264
And you can jump 20G in one jump and try to match X values of the point...
number of line you hit is for example 3... you have 2 solutions ...
private key = n - nuber of jumps * 20 - 3
private key = n - nuber of jumps * 20 - 3 * 2 - 1(because of infinity point)
I mean this is something I am thinking about not sure
my idea is to create ONE babystep file and count that file twice because you can double the number of consecutive X values because they are going in one direction then in the reverse direction (with 0 point in the middle)
I am not sure about the method where we put gaps between points in the babystep file because there is infinity point so after infinity point all points are moved by 1 so if you jump 600.000.000 keys per jump and you have only 300.000.000 points in BS file I am not sure that it will find a solution because other half of points are moved by 1
In regular BSGS that must work - it does not work only in case if you hit the infinity point when you jump for 600.000.000 keys... But I think the chances for that are small
I have only this code for generating lines
When I generate 300.000.000 keys I take only first 16 characters for matching. It is a simple code and can be improved on many ways. I am not so good at python I was working with PHP like 15 years
In regular BSGS that must work - it does not work only in case if you hit the infinity point when you jump for 600.000.000 keys... But I think the chances for that are small
I have only this code for generating lines
When I generate 300.000.000 keys I take only first 16 characters for matching. It is a simple code and can be improved on many ways. I am not so good at python I was working with PHP like 15 years
Code:
import secp256k1 as ice
import os
# Starting point
P = ice.pub2upub('02145d2611c823a396ef6712ce0f712f09b9b4f3135e3e0aa3230fb9b6d08d1e16')
batch_size = 30_000_000
max_lines = 300_000_000
babystep_file = "babystep.txt"
if os.path.exists(babystep_file):
with open(babystep_file, "r") as f:
line_count = sum(1 for _ in f)
else:
line_count = 0
with open(babystep_file, "a") as f:
while line_count < max_lines:
print(f"Generating {batch_size} BSGS points...")
bsgs_batch = ice.point_sequential_increment(batch_size, P)
for i in range(batch_size):
hex_string = bsgs_batch[i * 65: i * 65 + 65].hex()
x_hex = hex_string[2:18]
f.write(f"{x_hex}\n")
line_count += 1
if line_count >= max_lines:
break
P = ice.pub2upub(bsgs_batch[-65:].hex())
print(f"Current generating: {line_count}/{max_lines} lines.")
print("Generating of 300.000.000 lines completed.")
import os
# Starting point
P = ice.pub2upub('02145d2611c823a396ef6712ce0f712f09b9b4f3135e3e0aa3230fb9b6d08d1e16')
batch_size = 30_000_000
max_lines = 300_000_000
babystep_file = "babystep.txt"
if os.path.exists(babystep_file):
with open(babystep_file, "r") as f:
line_count = sum(1 for _ in f)
else:
line_count = 0
with open(babystep_file, "a") as f:
while line_count < max_lines:
print(f"Generating {batch_size} BSGS points...")
bsgs_batch = ice.point_sequential_increment(batch_size, P)
for i in range(batch_size):
hex_string = bsgs_batch[i * 65: i * 65 + 65].hex()
x_hex = hex_string[2:18]
f.write(f"{x_hex}\n")
line_count += 1
if line_count >= max_lines:
break
P = ice.pub2upub(bsgs_batch[-65:].hex())
print(f"Current generating: {line_count}/{max_lines} lines.")
print("Generating of 300.000.000 lines completed.")
I do not want to create a new thread I just want to continue here...
I tried to figure out how BSGS works for scanning points and how it maybe can be improved...
Many BSGS scanners makes babystep file where you take starting point and the add +G+G+G+G+G+G to get for example 300.000.000 consecutive points
Then scanner will jump 300M per iteration and check if the current point is on the list...
But I think that there is no need for all points to be consecutive. You can spread them all over the range just make sure that when you generating the babystep file have the rule where
iteration * 300.000.000 * (some fixed number) + Iteration....
For every point in theory if you do mod 300.000.000 you will get all posible remainings for 300.000.000... so that means when you scan you can still jump regular jumps even if there is huge gap between points and you will find a solution sooner because points are not at the same place
I think this can be improved more....
I tried to figure out how BSGS works for scanning points and how it maybe can be improved...
Many BSGS scanners makes babystep file where you take starting point and the add +G+G+G+G+G+G to get for example 300.000.000 consecutive points
Then scanner will jump 300M per iteration and check if the current point is on the list...
But I think that there is no need for all points to be consecutive. You can spread them all over the range just make sure that when you generating the babystep file have the rule where
iteration * 300.000.000 * (some fixed number) + Iteration....
For every point in theory if you do mod 300.000.000 you will get all posible remainings for 300.000.000... so that means when you scan you can still jump regular jumps even if there is huge gap between points and you will find a solution sooner because points are not at the same place
I think this can be improved more....
I was making a similar thing for puzzle 135... I put in babystep file only public keys that starts with "145d" and sometimes I had 2000 keys between 2 "145d" points and sometimes I had 120.000 keys between 2 "145d"...
So in average it will be 65.000 but I can not skip 65.000 keys each time when I find "145d" point
So in average it will be 65.000 but I can not skip 65.000 keys each time when I find "145d" point
@dexizer7799
Thank you but I think this is an example for different type of curve... I do not know I did not understand the content of that link
for small secp256k1 I found that if you do addition of all X values for all points and do mod p you get 0
So if P=97 I get n=79
if I do the addition of all valid points Gx+2Gx+3Gx+4Gx....+78Gx Where Generator point is P (1,69) then I get
3880 mod 97 = 0
Maybe this can be usefull
Thank you but I think this is an example for different type of curve... I do not know I did not understand the content of that link
for small secp256k1 I found that if you do addition of all X values for all points and do mod p you get 0
So if P=97 I get n=79
if I do the addition of all valid points Gx+2Gx+3Gx+4Gx....+78Gx Where Generator point is P (1,69) then I get
3880 mod 97 = 0
Maybe this can be usefull
Re: Pairs of matching n-values in secp256k1 with changed b-values
p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f ** 2
I tried this P and I basically get like P * regular curves (I am not sure how to explain)
So the structure and order of points are the same nothing changes
so for
Private key 3 and private key fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364144
I get the same point
Maybe I am doing something wrong
I tried this P and I basically get like P * regular curves (I am not sure how to explain)
So the structure and order of points are the same nothing changes
Code:
p_prime = (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) ** 2
K = GF(p_prime)
a = K(0)
b = K(7)
E = EllipticCurve(K, (a, b))
G = E(
K(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798),
K(0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
)
private_key_hex = "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364144"
k = int(private_key_hex, 16)
P = k * G
print(f"Private key: {private_key_hex}")
print(f"X = {hex(int(P[0]))}")
print(f"Y = {hex(int(P[1]))}")
K = GF(p_prime)
a = K(0)
b = K(7)
E = EllipticCurve(K, (a, b))
G = E(
K(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798),
K(0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
)
private_key_hex = "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364144"
k = int(private_key_hex, 16)
P = k * G
print(f"Private key: {private_key_hex}")
print(f"X = {hex(int(P[0]))}")
print(f"Y = {hex(int(P[1]))}")
so for
Private key 3 and private key fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364144
I get the same point
Code:
Private key: fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364144
X = 0xf9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
Y = 0x388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
Private key: 3
X = 0xf9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
Y = 0x388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
X = 0xf9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
Y = 0x388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
Private key: 3
X = 0xf9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
Y = 0x388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
Maybe I am doing something wrong
⭐ Merited by NotATether (5)
So I am learning about everything and so there is a chance that this post can be lame/noob or something like that
I created a smaller secp256k1, p=43 n=31
I took point G(2, 31) for the generator point and I got the list of all valid points
I printed this and I put it on my wall so when I work (I work from home) sometimes I look into this paper and I tried to find something interesting (interesting for me )
so this is what I found and also those rules can be applied on regular secp256k1 that Bitcoin is using...
Every Y has 3 different X values... When you calculate G of those points you always get n=31
so G=(2,31) + 5G=(12,31) + 25G=(29,31) = 31G, also for all other points 2G=(7,36) + 10G=(42,36) + 19G=(37,36) = 31G
If you change generator points those positions will remain the same so for n=31 you will always get the same Y on the same sets of points 1 5 25, 2 10 19... there are 10 sets of this points
There are negative points set with 1 5 25 and 6 26 30 (6 26 30 starting from the "end" to start" basically) When you find this points those point will always return 93G or 3n
I found that if you do for one set of point X1 + X2 +X3 you sometimes get 2P and sometimes get only P I do not know why...
so on original curve where y is 483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
you have 3 X
first x: c994b69768832bcbff5e9ab39ae8d1d3763bbf1e531bed98fe51de5ee84f50fb
second x: 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
third x: bcace2e99da01887ab0102b696902325872844067f15e98da7bba04400b88fcb
If you do X1 + X2 + X3 in this case you will get 2P in some other cases I found that I only get 1P
Y 4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee
first x: 1
second x: 7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee
third x: 851695d49a83f8ef919bb86153cbcb16630fb68aed0a766a3ec693d68e6afa40
In this case you get only P when you do X1 + X2 + X3
I found that for symmetrical points if you do Y1+Y2 you always get P
b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777 + 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 = p
.
.
.
Is there and useful way that we can use those points if we can calculate their G positions? I am testing bigger and bigger curves and always looking for n that number of points mod 6 = 0 (+ infinity point)
p = 937 n = 973
1G 235G 737G
So I am trying to make a connection between 1st and 2nd point for any p and any n....
If I know 1st and 2nd point I can easily calculate 3rd = n - 1st - 2nd
then I can calculate the position of other 3 points that has different Y but same 3 X
If we know the relations between those points maybe we can scan keys faster or see some periodical groups I do not know
I created a smaller secp256k1, p=43 n=31
I took point G(2, 31) for the generator point and I got the list of all valid points
Code:
G=(2,31)
2G=(7,36)
3G=(35,22)
4G=(21,25)
5G=(12,31)
6G=(29,12)
7G=(25,25)
8G=(32,3)
9G=(20,3)
10G=(42,36)
11G=(40,18)
12G=(37,7)
13G=(13,22)
14G=(34,3)
15G=(38,22)
16G=(38,21)
17G=(34,40)
18G=(13,21)
19G=(37,36)
20G=(40,25)
21G=(42,7)
22G=(20,40)
23G=(32,40)
24G=(25,18)
25G=(29,31)
26G=(12,12)
27G=(21,18)
28G=(35,21)
29G=(7,7)
30G=(2,12)
2G=(7,36)
3G=(35,22)
4G=(21,25)
5G=(12,31)
6G=(29,12)
7G=(25,25)
8G=(32,3)
9G=(20,3)
10G=(42,36)
11G=(40,18)
12G=(37,7)
13G=(13,22)
14G=(34,3)
15G=(38,22)
16G=(38,21)
17G=(34,40)
18G=(13,21)
19G=(37,36)
20G=(40,25)
21G=(42,7)
22G=(20,40)
23G=(32,40)
24G=(25,18)
25G=(29,31)
26G=(12,12)
27G=(21,18)
28G=(35,21)
29G=(7,7)
30G=(2,12)
I printed this and I put it on my wall so when I work (I work from home) sometimes I look into this paper and I tried to find something interesting (interesting for me
) so this is what I found and also those rules can be applied on regular secp256k1 that Bitcoin is using...
Every Y has 3 different X values... When you calculate G of those points you always get n=31
so G=(2,31) + 5G=(12,31) + 25G=(29,31) = 31G, also for all other points 2G=(7,36) + 10G=(42,36) + 19G=(37,36) = 31G
If you change generator points those positions will remain the same so for n=31 you will always get the same Y on the same sets of points 1 5 25, 2 10 19... there are 10 sets of this points
There are negative points set with 1 5 25 and 6 26 30 (6 26 30 starting from the "end" to start" basically) When you find this points those point will always return 93G or 3n
I found that if you do for one set of point X1 + X2 +X3 you sometimes get 2P and sometimes get only P I do not know why...
so on original curve where y is 483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
you have 3 X
first x: c994b69768832bcbff5e9ab39ae8d1d3763bbf1e531bed98fe51de5ee84f50fb
second x: 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
third x: bcace2e99da01887ab0102b696902325872844067f15e98da7bba04400b88fcb
If you do X1 + X2 + X3 in this case you will get 2P in some other cases I found that I only get 1P
Y 4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee
first x: 1
second x: 7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee
third x: 851695d49a83f8ef919bb86153cbcb16630fb68aed0a766a3ec693d68e6afa40
In this case you get only P when you do X1 + X2 + X3
I found that for symmetrical points if you do Y1+Y2 you always get P
b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777 + 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 = p
.
.
.
Is there and useful way that we can use those points if we can calculate their G positions? I am testing bigger and bigger curves and always looking for n that number of points mod 6 = 0 (+ infinity point)
p = 937 n = 973
1G 235G 737G
So I am trying to make a connection between 1st and 2nd point for any p and any n....
If I know 1st and 2nd point I can easily calculate 3rd = n - 1st - 2nd
then I can calculate the position of other 3 points that has different Y but same 3 X
If we know the relations between those points maybe we can scan keys faster or see some periodical groups I do not know
I am running Rotor Cuda on my second PC with an old Zotac Nvidia 1060 GTX and I am getting about 150.000.000 keys per seconds...
I am learning Python and try to also to make my way for scan private/public keys...
I think the fastest way to generate public keys with CPU is to use ice library
https://github.com/iceland2k14/secp256k1
you can use ice.point_sequential_increment(3500000, P)
So you have point P and in 2 seconds I get 3.5 million of next points (+G+G+G+G+G+G....) and then you can proceed with that array... That is the faster way than checking one by one
And when you are finished with 3.5 million of points then last point from that batch will be the next point P and then again ice.point_sequential_increment(3500000, P)
Keep experimenting... that is the only way to success
I am learning Python and try to also to make my way for scan private/public keys...
I think the fastest way to generate public keys with CPU is to use ice library
https://github.com/iceland2k14/secp256k1
you can use ice.point_sequential_increment(3500000, P)
So you have point P and in 2 seconds I get 3.5 million of next points (+G+G+G+G+G+G....) and then you can proceed with that array... That is the faster way than checking one by one
And when you are finished with 3.5 million of points then last point from that batch will be the next point P and then again ice.point_sequential_increment(3500000, P)
Keep experimenting... that is the only way to success
So this is my approach I am not sure if there is a tool like this
I have an idea of 2 Python codes, 1st code adding +G+G+G+G+G+G to the public key of 32BTC puzzle and saving only those iteration numbers (number of G added) and X value of public key only if X starts with "145D"... of course do not save it to a txt file 1 by 1 but first into RAM and then periodically save it to a txt file
2nd code will start to scan and it also searches for "145d" X values... When it finds one check if that X value is in the txt file of the first code (also periodically load txt file of first code to RAM to gain faster read) and if it is not this scanner can jump by reading the last added iteration value (the number of +G+G+G added).. Make like scan.txt and periodically save the state so you can continue...
By the time you make bigger and bigger jumps... and also X value starting with 145D approximately shows Each FFFF keys so you do not need hi speed of scanning...
Sory for my bad English this is just IDEA... If someone can write this by using CUDA or OpenCL it will be good...
Also I am not sure maybe I described some other algorithm... I do not know
I have an idea of 2 Python codes, 1st code adding +G+G+G+G+G+G to the public key of 32BTC puzzle and saving only those iteration numbers (number of G added) and X value of public key only if X starts with "145D"... of course do not save it to a txt file 1 by 1 but first into RAM and then periodically save it to a txt file
2nd code will start to scan and it also searches for "145d" X values... When it finds one check if that X value is in the txt file of the first code (also periodically load txt file of first code to RAM to gain faster read) and if it is not this scanner can jump by reading the last added iteration value (the number of +G+G+G added).. Make like scan.txt and periodically save the state so you can continue...
By the time you make bigger and bigger jumps... and also X value starting with 145D approximately shows Each FFFF keys so you do not need hi speed of scanning...
Sory for my bad English this is just IDEA... If someone can write this by using CUDA or OpenCL it will be good...
Also I am not sure maybe I described some other algorithm... I do not know
Quote
But if you're using libsecp256k1 then you don't actually have to worry about constructing an N or a P for modulus. The library will reduce the values automatically.
How does the library "know" when to do regular inverse double 16G-->8G and when to do 7G---->SomethingG... I am asking because every dot looks like any other dot. You do not know if multiplier*G is odd or even
So I am exploring this everything and I am learning a lot about bitcoin technical side and structure and also I am learning to programing at Python...
And I made like simple program where you can add dots on elliptic curve like Q+Q or Q+G and also I made G-Q, X*G and
I made like Q:1/2 so this code will give me for 8G I will get 4G dot...
But when I did that for 3G I expected some error mistake or something because we do not have 1.5G...
So What am I doing wrong here? How I get the result for 3G... or 5G or any odd number * G
Thank you
And I made like simple program where you can add dots on elliptic curve like Q+Q or Q+G and also I made G-Q, X*G and
I made like Q:1/2 so this code will give me for 8G I will get 4G dot...
But when I did that for 3G I expected some error mistake or something because we do not have 1.5G...
So What am I doing wrong here? How I get the result for 3G... or 5G or any odd number * G
Thank you