Shamir challenge: published zpub does not derive target address; no 2-of-5 threshold downgrade found

[matuta99]

Summary

1. The published zpub does not derive the advertised target address on standard BIP84 paths.
2. A broad scan on m/84'/0'/0'/{0,1}/0..5000 found no match.
3. Reproduced the historical per-byte interpolation bug (JS) using the two published shares: it yields a valid 12-word mnemonic but still not the published zpub/address. No threshold downgrade to 2-of-5 was observed for this challenge.

Challenge target

1. Address (main reward): bc1qyjwa0tf0en4x09magpuwmt2smpsrlaxwn85lh6
2. zpub: zpub6qdEDkv51FpxX6g1rpFGckmiL46vV8ccmtEgPAkj3qj8N4ZZHyXDRA9RwpTiFK2Kb8vRaDmSmwgX6rfB4t2K8Ktdq8ExQ6fumKpn2ndJCqL
3. Path claim: m/84'/0'/0'/0/0
4. Public shares (2 of 3):
   1.) "session cigar grape merry useful churn fatal thought very any arm unaware"
   2.) "clock fresh security field caution effort gorilla speed plastic common tomato echo"

Reproduction bundle (attached)

1. bitaps_challenge_report_matuta99.zip contains:
   • REPORT.md — methods and results
   • run_verify.py — quick check (zpub → /0/0 & scan /0,1/0..N)
   • sss_tool.py / check_third_share.py — combine SSS shares & test candidate 3rd share
   • sss_diffprobe.py, sss_diffprobe_block.py — RNG/coef differential probes (no hits)
   • src_jsbtc/shamir_secret_sharing.js — reference copy of SSS implementation
   • MANIFEST.txt — file list & SHA256, plus environment

Key results

1. From the published zpub:
   • /0/0 = bc1qyqpr88dj8ml828dkdvjy5pkunxed08y077hdg7 ≠ target.
   • Scan /0,1/0..5000: NOT FOUND.
2. JS “per-byte interpolation” bug (reproduced offline) with the two shares yields a valid mnemonic (e.g., right budget hire … in our run), but the derived zpub and /0/0 address still do not equal those published on the challenge page.
3. Differential tests for potential exploitable biases (linear, block patterns, RNG determinism) found no consistent weakness that reduces the 3-of-5 threshold.

How to verify quickly

1. python3 -m venv .venv && . .venv/bin/activate && pip -q install pybtc pycryptodome
2. python3 run_verify.py
3. SCAN_LIMIT=5000 python3 run_verify.py

Environment

1. Python 3 + pybtc + pycryptodome (RIPEMD160 fallback used when needed)
2. All commands, outputs and hashes are in REPORT.md and MANIFEST.txt.

Conclusion
With the current public data (two shares and the published zpub/address), the challenge does not yield the target address under standard BIP84 derivations. Either (a) a valid 3rd share is still required, or (b) a new implementation bug (beyond the known per-byte interpolation bug) that genuinely lowers the 3-of-5 threshold must be demonstrated. Our probes did not find such a weakness.

Thank you,
Best Regards
Matuta99 from Indonesia
BTC address : 18fqoTyDjKrXeGq8SzZfEHfzhyZcRLtKLN

bitaps_challenge_report_matuta99.zip