Scribd
Upload
363 views

TRICK

Maxwell's vanity public key results from the choice of generator for the secp256k1 curve. The generator point is twice the standard point, which happens to match Maxwell's public key. His private key is 1/2 modulo the curve order n, which is a simple method to generate vanity addresses by drawing random private keys and computing the corresponding public keys until they match a desired pattern. Checksums can be added by hashing the address and prefix and appending the result.

Uploaded by

ram4a5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
363 views

TRICK

Maxwell's vanity public key results from the choice of generator for the secp256k1 curve. The generator point is twice the standard point, which happens to match Maxwell's public key. His private key is 1/2 modulo the curve order n, which is a simple method to generate vanity addresses by drawing random private keys and computing the corresponding public keys until they match a desired pattern. Checksums can be added by hashing the address and prefix and appending the result.

Uploaded by

ram4a5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Maxwell's vanity public key is a result of how the generator of the secp256k1 was

chosen; as explained by Maxwell himself.

For some reason, the generator G

is the double of the point:

x = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63,
y = 0xc0c686408d517dfd67c2367651380d00d126e4229631fd03f8ff35eef1a61e3c

which is exactly Maxwell's vanity public key. Its private key is


0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1 which is 1/2
, i.e. the inverse of 2 modulo the curve order n. This is also equal to (n+1)/2.

A simple method can be:

draw a random u

in [1,n) where n is the order of G, with n=2256−14551231950b75fc4402da1732fc9bebfh


for secp256k1
compute associated point P0=u×G
keep adding G
to that point, computing Pi=Pi−1+G
until that's a public key with suitable vanity
find the corresponding private key as u+imodn

(the modulus step is unnecessary in practice).

Usually point addition is more costly than point doubling, and it might be better
to use:

draw a random u

in [1,n)
compute associated point P0=u×G
keep doubling that point, computing Pi=Pi−1+Pi−1
until that's a public key with suitable vanity
find the corresponding private key as 2iumodn
.

Then to find a private key to any public key with a specific m bit prefix, with
m>n/2, Pollard Rho is the best shot, with m≤n/2 the fgrieu method is the best.

How do you add a check sum? Might come in handy later.

1) create a template of your desired address ie 1waLLobserverburnaddressxxxxxxxxx


(the last few characters will eventually be random due to checksum)
2) Base58 unencode your burn address into hex -
000A52498DB787B09EEC7C428B8B0C853EA1C2702C4E117611

3) remove the last 4 bytes from the result and call what's left N -
000A52498DB787B09EEC7C428B8B0C853EA1C2702C4E117611

4) sha256(sha256(N)) -
BD0F89693417148626446F3E1EA43A69453FBCF72A024600FB54A2BC34F23387

5) take the first 4 bytes of step 4 and stick it on the end of N -


000A52498DB787B09EEC7C428B8B0C853EA1C2702CBD0F8969

6) base58 encode step 5 - 1waLLobserverburnaddressxxy1oWwkk

done

Code:

vanitygen -k -r ^^123.*321$

This will search for the 123 pattern at the beginning and 321 at the end.
Obviously it doesn't have to be a numerical progression but certainly it will have
to begin and end with a 1

You might also like