waxwing boosted

RT @nicolasburtey
pretty cool comparison chart about lightning rebalancing solutions on peerswap.dev

waxwing boosted

RT @arcbtc
At £8.75 PP, Bristol based #bitcoinAdventure, with great #bitcoin talks, workshops and experiences, is by FAR the best value #bitcoin conference in existence! 🚀
Make sure you pop along! 🤩
avonvalley.co.uk/events/the-bi

waxwing boosted
waxwing boosted

I've never seen PeerTube videos included in search results, not in search engines that promote themselves as privacy-friendly (DuckDuckGo), and not even in Searx and other community-hosted metasearch sites run on free code software. Why not?

search.joinpeertube.org/

#search #SearchEngines #PeerTube #DDG #Searx #NetworkFreedom

I've migrated my gist on RIDDLE to reyify.com/blog/riddle because of the dumpster fire that is github's LaTeX parsing implementation.

Comments can still go on the gist: gist.github.com/AdamISZ/513494

New blog post; prove that a commitment commits to 1 or 0:

reyify.com/blog/commit-to-a-bi

This is the second out of a series of 3 (or 4 or 5, not sure) shorter blog posts focusing on condensed ring signatures and creating tokens from them.

waxwing boosted

Q: What does a government speaker say in response to the media report that critical infrastructure is running on unmaintainable legacy software?

A: No comment.

waxwing boosted

Bitcoin Optech newsletter #206 is here:

- summarizes popular questions and answers from Bitcoin Stack Exchange
- LND 0.15.0-beta, Core Lightning 0.11.2 releases

bitcoinops.org/en/newsletters/

(Another addendum: I don't know why this wasn't obvious to me yesterday, but the difference between this case and the Schnorr sig case is obvious: the latter is claiming a relation between the original commitment (pubkey), and a message. The former is making a claim *about the intrinsic properties of the original commitment*. So not freezing that starting value invalidates the claim, whereas in Schnorr, the corresponding 'false' claims that can be made, are meaningless.)

Show thread

(btw correction, if I read the reasoning correct, it's not 'any value you like', it's 'a random value in under the group order' which is still a break of the system).

Show thread

(Btw as per blog post there were apparently one or two actual implementations that had this vulnerability. Note that this is *another* instance of 'if you did this in a cryptocurrency you could completely invalidate inflation control, because of one slight ambiguity in an academic paper'. I think this is the *third* such instance, or maybe even more).

Show thread

.. but it's still worth fixing the key in the F-S challenge, just to make the security proofs that much more watertight.

But it turns out in Bulletproofs the absence of prefixing *completely invalides the range proof*!

And it seems that because of language in the paper that vaguely says 'do the F-S challenge without the commitment' (section 4.4), i.e. there is no 'commitment-prefixing', you can backsolve the commitment to be to any value you like.

(2/2)

Show thread

This story strongly relates to "key prefixing":

blog.trailofbits.com/2022/04/1

The ambiguity is that the Fiat Shamir transform is conceptually 'hash the transcript of the conversation up to the challenge'; but where does the conversation *start*?

In basic Schnorr you can "forge" signatures on e.g. unpredictable keys, if you don't key-prefix (i.e. you don't start the conversation with the public key), which isn't important *most* of the time, ... (1/2)

Github's equation rendering in markdown is proving somewhere between janky and unusable.

Ping @nothingmuch what is 'org mode' as per github.com/nothingmuch/org-mat ? (discovered it while searching for comments about this issue).

waxwing boosted

Learn more about how ROAST guarantees that a quorum of honest signers can always obtain a valid signature even in the presence of disruptive signers. ⬇️
medium.com/blockstream/roast-r

Show thread
waxwing boosted

New short blog post giving an answer to a homework question I set in the conference in London :)

reyify.com/blog/homework-answe

As noted I'm writing this now because it leads into something I'll probably blog about this new linkable ring sig/RIDDLE/credentials thing I've been looking into. It's fairly involve so breaking it up into pieces.

waxwing boosted
Show older
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!