The 66-Bit Puzzle has Been Solved! \ stacker news ~bitcoin

Many years ago, back when BTC was worth every little, an anonymous user created 160 "puzzles" on the Bitcoin timechain. Each puzzle is simply an amount of BTC which is locked by an address that was generated with a purposefully low-entropy private key.

The anon user published the list of 160 bitcoin addresses along with the amount of entropy used in the private key for each address. Address #1 only used 1 bit of entropy so the private key for Address #1 was literally either 2^0 or 2^1 (000..001 or 000...002). Needless to say, the first dozen puzzles were solved almost instantly. However, each puzzle is twice as difficult to "crack" as the previous one.

Over the years, the remaining puzzle addresses have received additional deposits from people looking to "sweeten the reward".

Yesterday, this transaction entered the mempool: https://mempool.space/tx/8c8ec6b3511c62500ea9b3a1c30ca937e15d251b55d30290a2a6da2f1124f3fb

It spends from the 66-bit puzzle address: 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so

This tx (accidentally) revealed the script pubkey of the address to everyone watching the mempool. This was a big mistake.

Since these addresses are known to be generated with low entropy, it only takes a few seconds/mins to brute force the private key if you already know the public key.

This caused the tx to be RBF'd by "bots" who were monitoring the mempool for spends of these puzzle addresses.

This tool was likely used by the bots: https://github.com/JeanLucPons/Kangaroo

The bots managed to recreate the exact same private key from this accidentally revealed public key in just a few mins, meanwhile it took years and many Megawatts of compute to find the private key from just the address.

It appears most of the 6.6 BTC reward locked by the 66-bit key (we can't really call it a private key anymore) was redeemed by these bots.

It also possible that something nefarious happened (like a puzzle pool operator tried to make it look like bots stole the TX, when, really it was all a coverup to steal the reward from the pool participants).

This "theft" of the 66-bit puzzle reward highlights another use-case for "private" tx-inclusion services offered by large mining pools. If the finder of the 66-bit key had sent their TX direct to a miner, then maybe it could have been fully redeemed (assuming the miner didn't try to steal it also).

Anyways, its a good lesson in the importance of using strong entropy. The completion of these puzzles is also a reminder that compute is getting faster and cheaper every year, and Bitcoin relies on compute being expensive to enforce its property rights.

Warning: If you're thinking of joining one of the pools "cracking" these puzzles, consider your risks! Most of these pools are fully trusted and not auditable. You're spending real resources (GPUs and electricity) for a chance to be granted a reward by a trusted pool operator. There's also a ton of technical risk, even if your pool manages to crack the next puzzle, there are many factors that can lead to no payout for you!

Source: https://btcpuzzle.info

31 sats \ 1 reply \ @ChrisS 13 Sep

Great post. What would be the correct way to spend this bitcoin so as not to reveal the scriptpubkey in the mempool.

1 sat \ 0 replies \ @nullcount OP 13 Sep

As I understand it, its a limitation of the old address format which needs to reveal the scriptpubkey in order to spend. Normally, this isn't a huge concern because most keys use strong entropy so its not so easy to recreate private key from scriptpubkey.

So the preferred way to redeem the reward is to have it secretly mined by a mining pool without even going thru the mempools.

10 sats \ 0 replies \ @DarthCoin 13 Sep

10 sats \ 1 reply \ @hasherstacker 13 Sep

However, each puzzle is twice as difficult to "crack" as the previous one.

0 sats \ 0 replies \ @nullcount OP 13 Sep

The bots managed to recreate the exact same private key...

10 sats \ 2 replies \ @go 13 Sep

This gamified decryption could be an excellent example used to illustrate how 256 bit encryption is so secure

131 sats \ 1 reply \ @nullcount OP 13 Sep

Fun fact: bitcoin doesn't use any encryption!

0 sats \ 0 replies \ @go 13 Sep

🤩

10 sats \ 1 reply \ @nullcount OP 13 Sep

someone sent a message to the 66-bit address using vanity addresses: https://mempool.space/tx/75212bc4690e100438398b3bf30a2066e4861b36dc961c485925641e8de762d4

0 sats \ 0 replies \ @random_ 13 Sep

Cryptic

0 sats \ 0 replies \ @Satoshi__Nakamoto 14 Sep

Impressive

0 sats \ 2 replies \ @Satosora 13 Sep

I was just looking at this puzzle the other day. I thought it would be years before it was solved. 67 has almost the same difficulty, right?

20 sats \ 1 reply \ @nullcount OP 14 Sep

66bit puzzle was a key between 2^65 and 2^66. The actual key was (in decimal notation) 46,346,217,550,346,335,726

The 67bit puzzle is a key between 2^66 and 2^67. So puzzle 67 has twice the number of keys to search as 66. Puzzle 67 has 6.7BTC currently. It might be "easier" than 66bit depending on how quickly GPUs advance in the coming years

Disclaimer, this whole thing could be a scam. But the rabbit hole goes deep!

0 sats \ 0 replies \ @Satosora 14 Sep

Yeah, I heard someone poached it or something because of releasing the key? Some amateur mistake? I dont know all the details yet, I am sure the rabbit hole is deep.

0 sats \ 0 replies \ @OT 13 Sep

deleted by author