RT @nicolasburtey
pretty cool comparison chart about lightning rebalancing solutions on http://peerswap.dev
RT @arcbtc
At £8.75 PP, Bristol based #bitcoinAdventure, with great #bitcoin talks, workshops and experiences, is by FAR the best value #bitcoin conference in existence! 🚀
Make sure you pop along! 🤩
https://www.avonvalley.co.uk/events/the-bitcoin-adventure/
RT @linaseiche
CBDCs vs. #Bitcoin
I made this one for @bitcoinmagazine’s Censorship Resistance print issue 🧡
I've never seen PeerTube videos included in search results, not in search engines that promote themselves as privacy-friendly (DuckDuckGo), and not even in Searx and other community-hosted metasearch sites run on free code software. Why not?
https://search.joinpeertube.org/
#search #SearchEngines #PeerTube #DDG #Searx #NetworkFreedom
I've migrated my gist on RIDDLE to https://reyify.com/blog/riddle because of the dumpster fire that is github's LaTeX parsing implementation.
Comments can still go on the gist: https://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f
New blog post; prove that a commitment commits to 1 or 0:
https://reyify.com/blog/commit-to-a-bit
This is the second out of a series of 3 (or 4 or 5, not sure) shorter blog posts focusing on condensed ring signatures and creating tokens from them.
Bitcoin Optech newsletter #206 is here:
- summarizes popular questions and answers from Bitcoin Stack Exchange
- LND 0.15.0-beta, Core Lightning 0.11.2 releases
(Another addendum: I don't know why this wasn't obvious to me yesterday, but the difference between this case and the Schnorr sig case is obvious: the latter is claiming a relation between the original commitment (pubkey), and a message. The former is making a claim *about the intrinsic properties of the original commitment*. So not freezing that starting value invalidates the claim, whereas in Schnorr, the corresponding 'false' claims that can be made, are meaningless.)
(btw correction, if I read the reasoning correct, it's not 'any value you like', it's 'a random value in under the group order' which is still a break of the system).
(Btw as per blog post there were apparently one or two actual implementations that had this vulnerability. Note that this is *another* instance of 'if you did this in a cryptocurrency you could completely invalidate inflation control, because of one slight ambiguity in an academic paper'. I think this is the *third* such instance, or maybe even more).
.. but it's still worth fixing the key in the F-S challenge, just to make the security proofs that much more watertight.
But it turns out in Bulletproofs the absence of prefixing *completely invalides the range proof*!
And it seems that because of language in the paper that vaguely says 'do the F-S challenge without the commitment' (section 4.4), i.e. there is no 'commitment-prefixing', you can backsolve the commitment to be to any value you like.
(2/2)
This story strongly relates to "key prefixing":
https://blog.trailofbits.com/2022/04/15/the-frozen-heart-vulnerability-in-bulletproofs/
The ambiguity is that the Fiat Shamir transform is conceptually 'hash the transcript of the conversation up to the challenge'; but where does the conversation *start*?
In basic Schnorr you can "forge" signatures on e.g. unpredictable keys, if you don't key-prefix (i.e. you don't start the conversation with the public key), which isn't important *most* of the time, ... (1/2)
#cryptography
Github's equation rendering in markdown is proving somewhere between janky and unusable.
Ping @nothingmuch what is 'org mode' as per https://github.com/nothingmuch/org-math-test/blob/main/README.org ? (discovered it while searching for comments about this issue).
Learn more about how ROAST guarantees that a quorum of honest signers can always obtain a valid signature even in the presence of disruptive signers. ⬇️
https://medium.com/blockstream/roast-robust-asynchronous-schnorr-threshold-signatures-ddda55a07d1b
New short blog post giving an answer to a homework question I set in the conference in London :)
https://reyify.com/blog/homework-answer-advancing-2022
As noted I'm writing this now because it leads into something I'll probably blog about this new linkable ring sig/RIDDLE/credentials thing I've been looking into. It's fairly involve so breaking it up into pieces.
Interesting summary of recent Lightning dev meeting, about future developments:
https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-June/003600.html
2B6F C204 D9BF 332D 062B 461A 1410 01A1 AF77 F20B (use email to contact)