Baby-Step Giant-Step reduces DLOG to O(√n) time and O(√n) space. Splits the keyspace into √n baby-steps stored in a hash table, then walks giant-steps until a collision is found. Effective against puzzles up to ~80-bit range.

Pollard's Kangaroo (λ-method) solves DLOG in O(√(b−a)) time for a key known to lie in [a, b]. Requires the public key. Distinguished-point variant enables distributed multi-client search. Effective against puzzles with exposed public keys up to ~130 bits.

Pollard's ρ algorithm for ECDLP using Floyd's cycle detection. Randomized walk on the group — time O(√n), space O(1). Parallelizable: r processors give ~√r speedup. Currently being wired up to the distinguished-point infrastructure.

Hidden Number Problem reduction: if multiple signatures use biased nonces (e.g., MSB/LSB known), the private key can be recovered via LLL lattice reduction. Applies if the puzzle generator re-used any nonce structure across signing transactions.

Birthday-paradox MITM: precompute k·G for k in [a, a+√n), then compute P − k·G for k in [0, √n) and match. Time O(√n), space O(√n). Effective against puzzles up to ~60-bit with current hardware, scaling to ~80-bit with cluster RAM.

Aggregates all known constraints on each puzzle's private key: bit-pattern constraints, Hamming weight bounds, blockchain metadata, timing analysis from solve order, and any partial information from previously solved adjacent puzzles.

Continued fraction expansion of e/N (ECDLP formulation). Tests if private key d < N^(1/4) ≈ 2^64. Validates all solved keys satisfy threshold. Tests CFE convergents as candidate keys against unsolved targets with known pubkeys.

Analyzes all 65+ solved private keys for mathematical structure: powers of 2, Mersenne numbers, Fibonacci sequence, prime numbers, near-powers (2^a ± 2^b), arithmetic/geometric progressions, and common RNG outputs (LCG, MT19937).

Computes differences d[i+1]−d[i], ratios, GCD of all differences, modular residues mod small primes (2,3,5,7,11...), Fermat factorization on differences. ML regression: train on puzzle_number→key for solved keys, check R²≥0.8.

Fetches spending transactions for solved puzzles via Blockstream API. Extracts DER signatures (r,s) from scriptSig/witness. Checks for nonce reuse (same r → instant key recovery) and nonce bias (MSB/LSB). 20+ biased sigs → LLL lattice reduction.

Tests whether solved key sequence matches known DRBG output structures: Dual EC DRBG (P/Q backdoor relationship), LCG with recovered (a,c,m), xorshift32/64 state machine, MT19937 temper/untemper. Any match → all future keys predictable.

Fetches full transaction history for each puzzle address via Blockstream API. Analyzes fee patterns, DER signature styles, block heights, and software fingerprints to group puzzles by likely creator wallet.

Tests solved keys against 4 RNG models: MT19937, LCG (a,c,m solver), xorshift32 family, and timestamp-hash derivation. If state reconstructed → generates future outputs to check against unsolved targets.

Full statistical test suite on all solved keys: χ² per bit position, Kolmogorov-Smirnov uniformity test, autocorrelation, Shannon entropy per bit, runs test, serial correlation. Any p<0.05 bias constrains search space.

Small roots of polynomials mod n via Howgrave-Graham. Auto-triggers when any puzzle has <40 unknown bits from constraint stacking. Recovers full key from partial information in O(k^ω) where ω≈2.37.

Aggregates ALL results from attacks 1–9. Per-puzzle tracking of eliminated ranges, known bit constraints, probability distributions. Triggers Coppersmith at <40 bits, MITM at <60 bits, flags priority at <50 bits.

Scans ALL puzzle transactions for OP_RETURN outputs. Decodes as UTF-8, hex, base64, and Bitcoin script. Looks for creator hints, messages, or encoded patterns embedded in the blockchain by the puzzle creator.

Classifies each puzzle address: P2PKH, P2SH, P2WPKH, P2WSH, P2TR. For SegWit/Taproot with spending txs, extracts the full public key from witness data — making them Kangaroo-ready.

Analyzes block timestamps of creation and claiming for each solved puzzle. Computes solve durations. If timing correlates with algorithm runtimes (brute force = exponential, BSGS = polynomial) → reveals what approach worked.

Targets P2TR (Taproot) puzzle addresses only. Extracts Schnorr signatures from witness data. Checks for nonce reuse (same R value = direct key recovery), bias, and linearity. Different algebra from ECDSA.

For each spending transaction, extracts DER signature (r, s) and simulates single-bit faults in nonce k via Bellcore. Checks if a faulty computation matches — revealing weak nonces or vulnerable signing implementations.

Checks puzzle transactions for points NOT on secp256k1 (on the twist curve). Twist has smooth order → Pohlig-Hellman decomposition → d mod small_factor for each factor. CRT combines partial results → full key recovery.

Auto-triggers when constraint stacking narrows any puzzle below 60 unknown bits. Splits key into d = d_high * 2^(N/2) + d_low. Precomputes d_low*G table, then matches target - d_high*G. O(2^(N/2)) vs O(2^N).

Periodically scrapes: Blockstream blockchain data, GitHub bitcoin-puzzle repos, Reddit r/Bitcoin discussions. Parses for eliminated ranges, discovered patterns, claimed solves, new techniques. Feeds all findings into constraint stacking engine.