This must be the noisiest conference I've ever been to ... there's an LND guy trying to give a presentation approximately 3 meters from where I'm sitting and I can't hear him :)

While the LN node count has increased 150% during Feb to Oct this year, the central point dominance has decreased 13% - talk by Elias Rohrer right now in Berlin.

Having tons of productive discussions with people today, mostly about schnorr, taproot, coinjoin and various related ideas. The conference (this is only the pre- part) appears to be packed out.

Also saw a demo from @openoms of the raspiblitz project, really impressed with how much functionality is already packed in there.

paper concerned:

; it's a descendant of the much more famous Pointcheval and Stern paper from 2000 that introduced the now famous Forking Lemma.

On the key prefixing, the industry debate is interesting but there's nothing to discuss for Bitcoin's Schnorr inasmuch as the musig scenario of arbitrary keys being provided as input means it's completely necessary to use prefixing.

Only just noticed that Wuille's bip-schnorr footnote on security references the same paper that I dug up for my "ring signatures" blog post (, for the topic of the security proof of Schnorr. It's an interesting paper, very dense but in particular for the section I quoted describing the fascinating issue of "key prefixing" and how industry has vacillated on it. Intriguingly the paper authors argue *against* the necessity of key prefixing but bip-schnorr ofc does use it 1/2

waxwing boosted

If you don't know where to start, but like my open-source work, my tutorials or my posts here...

Consider sponsoring me a cup of tea a month. I greatly appreciate it 😋

It's literally two clicks:

waxwing boosted

New way to help fund my #Bitcoin work, for the folks who are boycotting Patreon but would still prefer to contribute in fiat currency.

(GitHub also *doesn't* have Patreon's 10% fee, and will even match contributions for a while!)

Refreshingly (well, kinda), even in random shops in shopping malls in Berlin you will sometimes hear "sorry, cash only". This is so rare nowadays in "developed" countries.

I'll just be happy as long as people accept cash as an *option* ... which is starting to fall away.

Not novel, but considering the experience I just had at an airport (being asked for boarding pass at shop and getting dirty look when I said no) just reminds me that people should focus on the main reason privacy is important: security requires privacy. Even if you never plan on doing anything censured by society, leaks of info to corps, governments and their representatives are threats, however minor, to your personal security.

Just tried it .. damn, I guarantee that if you gave that to a new user, however technical, it would take them at least 5 minutes (and probably longer) to figure out how to enable it!

I do appreciate clean, simple design but sometimes it makes advanced features incredibly obscure to access.

(Also I'd like a clear notification of whether my connection to Tor HS that I configured in SPV settings is working .. atm I can't see anything).

@LarryBitcoin I know you're not on here but hi :)

Integrated Tor support without Orbot on Green ... could be really cool .. Orbot refused to work on my old Android phone.

waxwing boosted

Since apparently intends to abandon the old #Bitcoin Core PPA (or already has?), I've created a new one here for people who still prefer this method of builds/packaging:

waxwing boosted

Remember Tesla's Wardenclyffe tower? Apparently the science was real, and there's a (rather suspicious) company building basically the exact same thing now:

waxwing boosted
waxwing boosted


Hot from #bh2019 we're delighted to be joined by & who'll be exhibiting their #LightningNetwork ATM built from off the shelf components
Come along with your #LightningNetwork wallet & begin #stackingsats for pocket change.

waxwing boosted

Now I'm sitting in a cafe not on a train I can think a bit more :) I guess it's not much of a question that collision resistance *is* required, but that was also true of p2sh (consider multisig). You want to reduce the creation of P', s' s.t. P' +H(P',s')G == P + H(P,s)G by the attacker to a known hard problem. Does that encapsulate it entirely? I really have no idea :)

Show more
unidentified instance

(instance image by мøтħer ¢røω)