Problem
The current --transform armory generates a single root key from a passphrase. However, Armory wallets use a multiplicative chain to derive sequences of keys:
key[0] = root_key
key[1] = key[0] * scalar[0] mod n
key[2] = key[1] * scalar[1] mod n
...
where scalar[i] = hash256(pubkey[i]) XOR chaincode
For BTC1000 research, we need to test if the puzzle creator used an Armory wallet with a brainwallet seed, generating 160 sequential keys and masking each to the appropriate bit width.
Proposed Solution
Add --armory-cascade option that generates the full Armory multiplicative chain and verifies against multiple masked targets:
# Search passphrases for Armory chain that produces BTC1000 puzzles
vuke scan --targets btc1000_addresses.txt wordlist rockyou.txt \
--transform armory \
--armory-cascade 5:0x15,10:0x202,20:0xd2c55,30:0x3d94cd64Algorithm
fn check_armory_cascade(passphrase: &str, targets: &[(u8, U256)]) -> bool {
// Generate root key
let root = sha256(passphrase);
let chaincode = hmac_sha256(
key: hash256(root),
msg: b"Derive Chaincode from Root Key"
);
let mut current_key = root;
for (bits, target) in targets {
// Apply mask
let masked = (current_key & ((1 << bits) - 1)) | (1 << (bits - 1));
if masked != target {
return false;
}
// Armory multiplicative chain step
let pubkey = current_key.to_pubkey();
let scalar = hash256(pubkey) XOR chaincode;
current_key = (current_key * scalar) % SECP256K1_ORDER;
}
true // All targets matched
}Key Difference from Issue #11
| Issue #11 (MT19937 cascade) |
This issue (Armory cascade) |
Sequential fill_bytes() calls |
Multiplicative chain derivation |
key[i] = rng.next_256_bits() |
key[i] = key[i-1] * scalar mod n |
| Stateless per-key |
Each key depends on previous |
Use Case
BTC1000 puzzle research - testing hypothesis that creator used Armory deterministic wallet with brainwallet passphrase (Experiments E170, E179 in cryptopuzzles).
References
Problem
The current
--transform armorygenerates a single root key from a passphrase. However, Armory wallets use a multiplicative chain to derive sequences of keys:For BTC1000 research, we need to test if the puzzle creator used an Armory wallet with a brainwallet seed, generating 160 sequential keys and masking each to the appropriate bit width.
Proposed Solution
Add
--armory-cascadeoption that generates the full Armory multiplicative chain and verifies against multiple masked targets:# Search passphrases for Armory chain that produces BTC1000 puzzles vuke scan --targets btc1000_addresses.txt wordlist rockyou.txt \ --transform armory \ --armory-cascade 5:0x15,10:0x202,20:0xd2c55,30:0x3d94cd64Algorithm
Key Difference from Issue #11
fill_bytes()callskey[i] = rng.next_256_bits()key[i] = key[i-1] * scalar mod nUse Case
BTC1000 puzzle research - testing hypothesis that creator used Armory deterministic wallet with brainwallet passphrase (Experiments E170, E179 in cryptopuzzles).
References
puzzles/saatoshi_rising/analysis/armory_search.py