Amount blinding:

I was trying to make much the same point as this article in 2018 (blogpost, Lisbon panel, podcasts), but it is a pretty good summary. It slightly underplays just how unacceptable a "transparent migration" would be but, still.

Also, it should mention offchainness/higher layers.

It is concise, though, and clears up the main issues:

web.getmonero.org/2020/01/17/a

Also, on crypto hardness: "In short, breaking soundness is not a practical risk" - maybe; pairing crypto?

waxwing boosted

I found this a very interesting read on the topic of the potential for backdooring ECC via non- or fake- NUMS parameter generation. By Dan Bernstein et al:

bada55.cr.yp.to/bada55-2015092

waxwing boosted

Introducing txCast: Randomised Bitcoin (testnet) transaction broadcasting to break timing analysis.

Github: github.com/6102bitcoin/txCast

Medium: link.medium.com/3hAZmvSPp3

note: I have little coding experience and would appreciate any feedback / suggestions that you can offer.

Lindell with a review of some interesting talks from this year's RWC (which I believe was in NY this month).
unboundtech.com/report-real-wo

waxwing boosted

I have been very busy recently with life and stuff. Next week, I'm getting back to Bitcoin by doing a presentation about Schnorr / Taproot using the material from the recent code review (thanks @waxwing for taking so much time to explain some of this stuff to me) sosthene.net/event/tech-meetup

@meeDamian

... and embed the wallet into the phone would be a substantial step up in work, and to not require an external jmdaemon, ie 100% on phone, even more (whole can of worms including Tor).

(jmdaemon was something i added in the rewrite in 2016/17; you can have the communications with peers entirely separated from the wallet, and the two talk to each over over TLS. At least one user actually does this)

twitter.com/zndtoshi/status/12

There hasn't been too much discussion about this, but the first point is to narrow down exactly what functionality would be desired on mobile.
A while back someone (I think it was @meeDamian ?) added push notification functionality for coinjoins from makers; that would be basically trivial.
Then you could go further and have like a control panel for remote access on phone, and still have same basic joinmarket on home machine. To go even further (1/2)

waxwing boosted

RT @joinmarket@twitter.com

JoinMarket now accepts donations without address reuse: bitcoinprivacy.me/joinmarket-d

This open source project is decentralized and available to everyone for free, but therefore does not have a funding model. Be part of the effort to improve Bitcoin privacy and fungibility!

waxwing boosted

The idea of having a Wasabi Bulletin Board is fine, but it could be the source of a targeted Sybil attack by analysis companies who want to link the unmixed change with the inputs (if it's not viable to link them onchain).

What would be particularly bad is if people make proposals to mix mixed outputs and use the Pubkeys of inputs to generate the shared secret - because the wasabi user would be revealing the link between their input & output to the other SNICKER participant.

waxwing boosted

I feel like what they're presenting as a new taxonomy here isn't actually new; it was already in Liu-Wei-Wong 04 ... but to be fair, they do cite it. Not sure whether new ring sig constructions here are of interest, but at the least they're attempting to clarify what is otherwise a very confusing topic:

eprint.iacr.org/2019/135

H/T Christopher Allen. This kind of bumbling idiocy from governments, ruining people's lives through enforced identity tracking, is a trend.

mumbaimirror.indiatimes.com/mu

Very apposite comment here: does anyone believe such an insane choice would have survived for long if the library was open source?
It really beggars belief that you would not lock down curve parameters.

news.ycombinator.com/item?id=2

Also a funny nuance: one often has to explain to people that the choice of generator in a cyclic group "doesn't matter" (all generators are equivalent) - but crucially that is not the same as saying two different participants in a protocol can use different generators!

waxwing boosted

VICE did a report on the current state of surveillance in China:

youtube.com/watch?v=CLo3e1Pak-
h/t @openoms

Black Mirror (and SkyNet) is referenced in a positive way ... 🙃
Also mentioned that the technology is used in a Berlin metro station and student in France are tracked whether they're paying attention.
And all the 'better marketing' slogans.

I was WAY too optimistic with my 5-10 years. And people are starting to consider this (facial recognition stuff) normal.

Awesome :'(

waxwing boosted

Someone just did a transaction worth around 1 billion USD, for only around 80 USD in fees, via a distributed p2p network based on nothing but free software, and no chance for any bank or government on the planet to censor the tx.

Exciting times we're living in!

blockstream.info/tx/5deca6b2b2

To change from a standard (ID) sigma protocol to a signature scheme you apply Fiat-Shamir, which replaces an honest verifier choosing a random challenge, with a hash value.
How else could you get a provably honest random challenge? A blockchain!
If Alice commits to R in block N, she could use the blockhash of block N+100 and then publish a signature. No random oracle assumption required!
Wait ...
The security of bitcoin relies on the preimage resistance of the hash function anyway, lol.

Wasabi research club talked about SNICKER and I attended. Hangout started with a slide presentation by Aviv Milner explaining in detail, visually, how it works - very recommended if you're interested in the proposal but don't want to wade through the BIP draft.

youtu.be/S0C-50QTteA

waxwing boosted

I just made my first #zola web site for our BitDevs LA group, it was fun and easy: bitdevsla.org. The styling I borrowed from the original bitdevs.org site, but the templates I had to redo. Anyone else with a local BitDevs group please feel free to fork it!

Show more
unidentified instance

(instance image by мøтħer ¢røω)