Hey, guys.
Here’s a challenge to win 10,000,000 sats, worth about $7,000 when posted.
This is a reverse deduction puzzle, NOT a brute force one, nevertheless, any attempt at a brute force solution is welcome, and any analysis with the help of AI tools is also welcome.
The puzzle is as follows:
Here’s the BIP39 seed phrase named S1, and the 12 seed words are:
arena brisk seminar tool risk cat despair repeat seat property cattle laterHere’s a set of two cards called CipherCard used for encryption, the black card is a data card with a lot of substitution characters laser-engraved, and the silver card is covered with cut-out holes and index characters laser-engraved.
Now using the CipherCard as the picture shows to perform substitution encryption on the seed phrase S1, to get ciphertext C1 as follows:
URU/Yw
LwE~T1
AE&8If
4YQ8Iw
C2Q~EE
nvH~TE
JEQLJY
rEQL5U
4wuQIw
CT&lQ&
&TT2&E
K>I5ef
Due to the fact that the Nostr client handles fonts differently, I’m going to put a clear picture here as an aid to easy identification.
You can claim the prize if you can derive the substitution RULE for converting from plaintext to ciphertext based on plaintext S1, ciphertext C1, and the CipherCard mentioned above.
Please understand: bitcoin transaction fees will be paid out of the prize, receiving the prize is completely tax-free in some countries, while in others you will be taxed when you exchange bitcoin for local fiat currency.
Here’s How
Let’s assume you’ve tried to recover this wallet by entering S1 plaintext into Electrum or whatever software/hardware wallet you prefer, if you’re not sure about the derivation path, here’s a hint:
p2pkh m/44h/0h/0h
Now you can see that the entire balance in this wallet was spent to a 2-of-3 multisig wallet address:
3ARNTrr77hteEMpsR9czY9fjr3iUK4u9DJ
And this is our jackpot.
You already control the first Master Private Key of this multisig wallet because you know S1, you can easily verify that the first Master Public Key is:
xpub6AHLobkTKhivG2iA35ky2XzXViUKKcufHQbvUEb1jkC1BPr7dGaJNqSj6jPj2QySUssXBtYDMdJezM5bxq17cH7PbRVX9fcxzgVjQ8rZwye
If you’re not sure about the derivation path of this multisig wallet, here’s another hint:
p2sh m/45h/0
To create an observation wallet, the other two Master Public Keys you need are as follows:
xpub6ACDZ7jooxgrDb7Hdh14jYcyqL551UhLyKRvVEAcsEKVLjkdRTB9wWK3SQ6kHumHJo5Cj7NLYGo1gibDhPDba49mGAmYxYbtB7zgE3BMgk1
xpub6BK1kchT9yHsk6i7rsmehWeE44yqRhbyYKrBSQ1bxsPKqKdEneDykfRnqaqbB1rBjrfTgDRxnw6z3tTXecyq7gqkVBQXzfftz81mEM9nhYr
But to spend the balance of this 2-of-3 multisig wallet, you have to control at least one more private key, and the only information you can get about this second private key is the following ciphertext C2:
URUd53
d(C<E^
%ECNFS
d[s[KS
qFC<{(
dFUlqq
%JbEsp
Q#<Eq<
$EpJwd
KFUNFA
[l<#m<
ee15ef
- For the same reason, I’m going to put another clear picture here as an aid to easy identification.
As mentioned, you have derived the substitution RULE for converting from plaintext to ciphertext by using plaintext S1, ciphertext C1, and CipherCard, it will not be difficult to invert plaintext S2 from ciphertext C2 and the same CipherCard.
When you get S1 and S2, you’d better transfer the whole prize straight away at the first opportunity in case some other smart guy gets there first. After that, please take some time to detail your analysis process so I can improve the rule, thanks in advance.
The puzzle won’t be too easy, requiring basic math knowledge about bitcoin and blockchain, a bit of patience, and a bit of luck. Yet it won’t be too hard either, as you can see from the short ciphertext (compared to the plaintext), that I haven’t used too many tricks to interfere with your analysis.
If you do put in a little effort but can’t solve the puzzle, you can forward it to the guy you think is the smartest among the people you know and then share the prize with them.
Of course sponsoring this challenge is also appreciated, and I’m really thinking about how to give the challengers and sponsors a little surprise, any offers?
Additional useful information
Considering that not having a physical card in your hand will inconvenience you in recognizing and reading the substitution table, I list all the possible combinations regarding the stacked placement of the two cards below, in case you guys might need it.
The Story Behind
Just to make up a little more word count, the following text is not helpful in solving the puzzle.
I’ve been using PassCard to manage my strong passwords for over 8 years (with two or three versions iterated in that time). These passwords are used to sign up for various websites or services, and that’s odd, I never thought of saving seed phrases in this way (considering I’ve been into bitcoin mining for 13 years now).
A chance encounter made me want to share my approach to password management, and I’ve even written an article about this approach, which I call the “Rule-Based Multi-Table Substitution Strong Password Management Method and Tool”. In that article I compare the password management tools available on the market and give a lot of examples to illustrate what the “rule-based” approach is. I claimed that the security of passwords depends on the security of the rules, not the substitution tables.
Even if the information on the PassCard is made public, it still doesn’t compromise the security of all my passwords, and even if it is coupled with one password compromised by a phishing attack, it doesn’t compromise the security of other passwords with the same rules and the same substitution table.
I realize I may have blown it a bit.
Using it myself is one scenario, and letting more people use it is another, the attack exposure increases so many times that I need to perform a more extensive security validation before I put the article on the Internet, I mean, for the sake of prudence, but I haven’t been able to come up with a proper test plan.
Just about 1 month ago, I happened to see Asanoha’s nostr post on the Seed Cipher, which I think is a tool/artifact related to seed phrase encryption, and he then launched a Puzzle challenge. By the way, that was a brute force cracking challenge that still has no challenger declared successful, anyone interested can learn about it from this link or this link.
That inspired me, but there are still some differences between passwords and seed words, at the most basic level, (BIP39) seed words are limited to a 2048 word dictionary, and even including SLIP39 and Electrum, there are only 3210 selectable words, which makes brute force cracking considerably less difficult. In order to make rule-based multi-table substitution encryption work for seed words, I’ve made a simple upgrade to the CipherCard, which makes the two cards you just saw very different from the stainless steel one I had in my poket, and a new set of two cards (laser-cut + laser-engraved) is being customized to be received very soon, I think.
So I decided to put up 0.1 BTC to start this challenge, I’m not sure if that reward is attractive enough, after all there are hundreds of BTC worth of challenges out there. Let’s see, maybe I’ll pump more prizes into the pool, maybe someone else will offer a sponsorship to the pool, maybe this challenge will only survive for a week or two before it’s cracked, who knows?
I just hope this challenge lasts a little longer, because I need time to update my article, add chapter about seed phrases, and also replace the pictures in the article with pictures of the new CipherCard so that all the examples I’ve given will need to be rewritten based on the new CipherCard as well.
As I said, security depends on the rules, not the information on the card, and even if this challenge is solved, it only means that the rules I set were too simple, and maybe I’ll re-initiate a more difficult challenge with more complex rules while offering higher prizes, who knows?