Kangaroo1
Pollard's Kangaroo ECDLP Solver for SECP256K1
Install / Use
/learn @ZenulAbidin/Kangaroo1README
Pollard's kangaroo for SECPK1
A Pollard's kangaroo interval ECDLP solver for SECP256K1 (based on VanitySearch engine).
This program is limited to a 125bit interval search.
Feature
<ul> <li>Fixed size arithmetic</li> <li>Fast Modular Inversion (Delayed Right Shift 62 bits)</li> <li>SecpK1 Fast modular multiplication (2 steps folding 512bits to 256bits reduction using 64 bits digits)</li> <li>Multi-GPU support</li> <li>CUDA optimisation via inline PTX assembly</li> </ul>Discussion Thread
Discusion thread: https://bitcointalk.org/index.php?topic=5244940.0
Usage
Kangaroo v2.3
Kangaroo [-v] [-t nbThread] [-d dpBit] [gpu] [-check]
[-gpuId gpuId1[,gpuId2,...]] [-g g1x,g1y[,g2x,g2y,...]]
inFile
-v: Print version
-gpu: Enable gpu calculation
-gpuId gpuId1,gpuId2,...: List of GPU(s) to use, default is 0
-g g1x,g1y,g2x,g2y,...: Specify GPU(s) kernel gridsize, default is 2*(MP),2*(Core/MP)
-d: Specify number of leading zeros for the DP method (default is auto)
-t nbThread: Secify number of thread
-dpcount countfile: Specify file to save running DP count stats into (server only)
-dpi countInverval: Periodic interval (in seconds) for saving DP count stats (server only)
-wname workerName: Specify worker name, up to 32 alphanumeric or underscore characters max, (client only)
-w workfile: Specify file to save work into (current processed key only)
-i workfile: Specify file to load work from (current processed key only)
-wi workInterval: Periodic interval (in seconds) for saving work
-ws: Save kangaroos in the work file
-wss: Save kangaroos via the server
-wsplit: Split work file of server and reset hashtable
-wm file1 file2 destfile: Merge work file
-wmdir dir destfile: Merge directory of work files
-wt timeout: Save work timeout in millisec (default is 3000ms)
-winfo file1: Work file info file
-wpartcreate name: Create empty partitioned work file (name is a directory)
-wcheck worfile: Check workfile integrity
-m maxStep: number of operations before give up the search (maxStep*expected operation)
-s: Start in server mode
-c server_ip: Start in client mode and connect to server server_ip
-sp port: Server port, default is 17403
-nt timeout: Network timeout in millisec (default is 3000ms)
-o fileName: output result to fileName
-l: List cuda enabled devices
-check: Check GPU kernel vs CPU
inFile: intput configuration file
Structure of the input file:
- All values are in hex format
- Public keys can be given either in compressed or uncompressed format
Start range
End range
Key #1
Key #2
...
ex
49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000
49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5effffffffffffffff
0459A3BFDAD718C9D3FAC7C187F1139F0815AC5D923910D516E186AFDA28B221DC994327554CED887AAE5D211A2407CDD025CFC3779ECB9C9D7F2F1A1DDF3E9FF8
0335BB25364370D4DD14A9FC2B406D398C4B53C85BE58FCC7297BD34004602EBEC
Note on Time/Memory tradeoff of the DP method
The distinguished point (DP) method is an efficient method for storing random walks and detect collision between them. Instead of storing all points of all kangagroo's random walks, we store only points that have an x value starting with dpBit zero bits. When 2 kangaroos collide, they will then follow the same path because their jumps are a function of their x values. The collision will be then detected when the 2 kangaroos reach a distinguished point.
This has a drawback when you have a lot of kangaroos and looking for collision in a small range as the overhead is in the order of nbKangaroo.2<sup>dpBit</sup> until a collision is detected. If dpBit is too small a large number of point will enter in the central table, will decrease performance and quickly fill the RAM.
Powerfull GPUs with large number of cores won't be very efficient on small range, you can try to decrease the grid size in order to have less kangaroos but the GPU performance may not be optimal.
Yau can change manualy the DP mask size using the -d option, take in consideration that it will require more operations to complete. See table below:
| nbKangaroo.2<sup>dpBit</sup>/sqrt(N) | DP Overhead | Avg | |--------------------------------------|:------------:|:---:| | 4.000 | cubicroot(1+4.000) = ~71.0% | 3.55 sqrt(N) | | 2.000 | cubicroot(1+2.000) = ~44.2% | 2.99 sqrt(N) | | 1.000 | cubicroot(1+1.000) = ~26.0% | 2.62 sqrt(N) | | 0.500 | cubicroot(1+0.500) = ~14.5% | 2.38 sqrt(N) | | 0.250 | cubicroot(1+0.250) = ~7.7% | 2.24 sqrt(N) | | 0.125 | cubicroot(1+0.125) = ~4.0% | 2.16 sqrt(N) |
DP overhead according to the range size (N), DP mask size (dpBit) and number of kangaroos running in paralell (nbKangaroo).
Note that restarting a client without having a kangaroo backup is like adding more kangaroos, when you merge workfiles coming from different kangaroos, it is also like having more kangaroos.
How to deal with work files
You can save periodicaly work files using -w -wi -ws options. When you save a work file, if it does not contain the kangaroos (-ws) you will lost a bit of work due to the DP overhead, so if you want to continue a file on a same configuration it is recommended to use -ws. To restart a work, use the -i option, the input ascii file is not needed.
When you continue a work file on a different hardware, or using a different number of bits for the distinguished points, or a different number of kangaroos, you will also get an overhead.
However, work files are compatible (same key and range) and can be merged, if 2 work files have a different number of distinguished bits, the lowest will be recorded in the destination file.
If you have several hosts with different configurations, it is preferable to use -ws on each host and then merge all files from time to time in order to check if the key can be solved. When a merge solve a key, no output file is written. A merged file does not contain kangaroos.
Start a work from scratch and save work file every 30 seconds:
Kangaroo.exe -ws -w save.work -wi 30 in.txt
Continue the work from save.work and save work file every 30 seconds:
Kangaroo.exe -ws -w save.work -wi 30 -i save.work
Getting info from a work file:
Kangaroo.exe -winfo save.work
Kangaroo v1.5
Loading: save.work
Version : 0
DP bits : 16
Start : 3447F65ABC9F46F736A95F87B044829C8A0129D56782D635CD00000000000000
Stop : 3447F65ABC9F46F736A95F87B044829C8A0129D56782D635CDFFFFFFFFFFFFFF
Key : 031D91282433E664132046D25189A5FE0F64645A73494A37AB17BD6FB283AE5BA2
Count : 808510464 2^29.591
Time : 01:35
DP Size : 2.4/5.8MB
DP Count : 12199 2^13.574
HT Max : 3 [@ 008A9F]
HT Min : 0 [@ 000000]
HT Avg : 0.05
HT SDev : 0.22
Kangaroos : 4096 2^12.000
Merge 2 work files (here the key has been solved during the merge):
Kangaroo.exe -wm save1.work save2.work save3.work
Kangaroo v1.5
Loading: save1.work
MergeWork: [HashTable1 2.3/5.3MB] [00s]
Loading: save2.work
MergeWork: [HashTable2 2.3/5.3MB] [00s]
Merging...
Range width: 2^56
Key# 0 [1S]Pub: 0x031D91282433E664132046D25189A5FE0F64645A73494A37AB17BD6FB283AE5BA2
Priv: 0x3447F65ABC9F46F736A95F87B044829C8A0129D56782D635CD612C0F05F3DA03
Dead kangaroo: 0
Total f1+f2: count 2^30.04 [02:17]
Note on the wsplit option:
In order to avoid to handle a big hashtable in RAM, it is possible to save it and reset it at each backup. It will save a work file with a prefix at each backup and reset the hashtable in RAM. Then a merge can be done offline and key solved by merge. Even with a small hashtable, the program may also solve the key as paths continue and collision may occur in the small hashtable so don't forget to use -o option when using server(s).
Exemple with a 64bit key:
Kangaroo.exe -d 10 -s -w save.work -wsplit -wi 10 ..\VC_CUDA8\in64.txt
Kangaroo v1.6
Start:5B3F38AF935A3640D158E871CE6E9666DB862636383386EE0000000000000000
Stop :5B3F38AF935A3640D158E871CE6E9666DB862636383386EEFFFFFFFFFFFFFFFF
Keys :1
Range width: 2^64
Expected operations: 2^33.05
Expected RAM: 344.2MB
DP size: 10 [0xFFC0000000000000]
Kangaroo server is ready and listening to TCP port 17403 ...
[Client 0][Kang 2^-inf][DP Count 2^-inf/2^23.05][Dead 0][04s][2.0/4.0MB]
New connection from 127.0.0.1:58358
[Client 1][Kang 2^18.58][DP Count 2^-inf/2^23.05][Dead 0][08s][2.0/4.0MB]
New connection from 172.24.9.18:52090
[Client 2][Kang 2^18.61][DP Count 2^16.17/2^23.05][Dead 0][10s][4.2/14.1MB]
SaveWork: save.work_27May20_063455...............done [4.2 MB] [00s] Wed May 27 06:34:55 2020
[Client 2][Kang 2^18.61][DP Count 2^20.25/2^23.05][Dead 0][20s][40.1/73.9MB]
SaveWork: save.work_27May20_063505...............done [40.1 MB] [00s] Wed May 27 06:35:06 2020
[Client 2][Kang 2^18.61][DP Count 2^20.17/2^23.05][Dead 0][30s][37.9/71.5MB]
SaveWork: save.work_27May20_063516...............done [37.9 MB] [00s] Wed May 27 06:35:16 2020
[Client 2][Kang 2^18.61][DP Count 2^20.55/2^23.05][Dead 0][41s][48.9/82.8MB]
SaveWork: save.work_27May20_063526...............done [48.9 MB] [00s] Wed May 27 06:35:27 2020
[Client 2][Kang 2^18.61][DP Count 2^20.29/2^23.05][Dead 0][51s][41.1/74.9MB]
SaveWork: save.work_27May20_063537...............done [41.1 MB] [00s] Wed May 27 06:35:37 2020
[Client 2][Kang 2^18.61][DP Count 2^20.30/2^23.05][Dead 0][01:02][41.5/75.2MB]
SaveWork: save.work_27May20_063547...............done [41.5 MB] [00s] Wed May 27 06:35:48 2020
[Client 2][Kang 2^18.61][DP Count 2^20.28/2^23.05][Dead 0][01:12][40.9/74.6MB]
SaveWork: save.work_27May20_063558...............done [40.9 MB] [00s] Wed May 27 06:35:58 2020 <= offline merge solved the key there
[Client 2][Kang 2^18.61][DP Count 2^20.19/2^23.05][Dead 0][01:22][38.5/72.2MB]
SaveWork: save.work_27May20_063608...............done [38.5 MB] [00s] Wed May 27 06:36:08 2020
[Client 2][Kang 2^18.61][DP Count 2^20.55/2^23.05][Dead 0][01:33][48.8/82.7MB]
SaveWork: save.work_27May20_063618...............done [48.8 MB] [00s] Wed May 27 06:36:19 2020
[Client 2][Kan
