Having tons of productive discussions with people today, mostly about schnorr, taproot, coinjoin and various related ideas. The conference (this is only the pre- part) appears to be packed out.
Also saw a demo from @openoms of the raspiblitz project, really impressed with how much functionality is already packed in there.
paper concerned: https://eprint.iacr.org/2016/191.pdf
; it's a descendant of the much more famous Pointcheval and Stern paper from 2000 that introduced the now famous Forking Lemma.
On the key prefixing, the industry debate is interesting but there's nothing to discuss for Bitcoin's Schnorr inasmuch as the musig scenario of arbitrary keys being provided as input means it's completely necessary to use prefixing.
Only just noticed that Wuille's bip-schnorr footnote on security references the same paper that I dug up for my "ring signatures" blog post (https://joinmarket.me/blog/blog/ring-signatures/), for the topic of the security proof of Schnorr. It's an interesting paper, very dense but in particular for the section I quoted describing the fascinating issue of "key prefixing" and how industry has vacillated on it. Intriguingly the paper authors argue *against* the necessity of key prefixing but bip-schnorr ofc does use it 1/2
If you don't know where to start, but like my open-source work, my tutorials or my posts here...
Consider sponsoring me a cup of tea a month. I greatly appreciate it 😋
It's literally two clicks: https://github.com/sponsors/muesli
BlueMatt giving PoS (so beloved of academia) a good battering 😂
Not novel, but considering the experience I just had at an airport (being asked for boarding pass at shop and getting dirty look when I said no) just reminds me that people should focus on the main reason privacy is important: security requires privacy. Even if you never plan on doing anything censured by society, leaks of info to corps, governments and their representatives are threats, however minor, to your personal security.
Just tried it .. damn, I guarantee that if you gave that to a new user, however technical, it would take them at least 5 minutes (and probably longer) to figure out how to enable it!
I do appreciate clean, simple design but sometimes it makes advanced features incredibly obscure to access.
(Also I'd like a clear notification of whether my connection to Tor HS that I configured in SPV settings is working .. atm I can't see anything).
@LarryBitcoin I know you're not on here but hi :)
Integrated Tor support without Orbot on Green ... could be really cool .. Orbot refused to work on my old Android phone.
Since apparently @TheBlueMatt@twitter.com intends to abandon the old #Bitcoin Core PPA (or already has?), I've created a new one here for people who still prefer this method of builds/packaging:
Remember Tesla's Wardenclyffe tower? Apparently the science was real, and there's a (rather suspicious) company building basically the exact same thing now:
Hot from #bh2019 we're delighted to be joined by @firstname.lastname@example.org & @email@example.com who'll be exhibiting their #LightningNetwork ATM built from off the shelf components @BitBrum@twitter.com.
Come along with your #LightningNetwork wallet & begin #stackingsats for pocket change. http://BitBrum.org
There is Google/NBA/etc that bow to Chinese pressure/censorship.
And then there is South Park 😂
Now I'm sitting in a cafe not on a train I can think a bit more :) I guess it's not much of a question that collision resistance *is* required, but that was also true of p2sh (consider multisig). You want to reduce the creation of P', s' s.t. P' +H(P',s')G == P + H(P,s)G by the attacker to a known hard problem. Does that encapsulate it entirely? I really have no idea :)