I was trying to make much the same point as this article in 2018 (blogpost, Lisbon panel, podcasts), but it is a pretty good summary. It slightly underplays just how unacceptable a "transparent migration" would be but, still.
Also, it should mention offchainness/higher layers.
It is concise, though, and clears up the main issues:
Also, on crypto hardness: "In short, breaking soundness is not a practical risk" - maybe; pairing crypto?
Lindell with a review of some interesting talks from this year's RWC (which I believe was in NY this month).
I have been very busy recently with life and stuff. Next week, I'm getting back to Bitcoin by doing a presentation about Schnorr / Taproot using the material from the recent code review (thanks @waxwing for taking so much time to explain some of this stuff to me) https://www.sosthene.net/event/tech-meetup-schnorr-taproot/
... and embed the wallet into the phone would be a substantial step up in work, and to not require an external jmdaemon, ie 100% on phone, even more (whole can of worms including Tor).
(jmdaemon was something i added in the rewrite in 2016/17; you can have the communications with peers entirely separated from the wallet, and the two talk to each over over TLS. At least one user actually does this)
There hasn't been too much discussion about this, but the first point is to narrow down exactly what functionality would be desired on mobile.
A while back someone (I think it was @meeDamian ?) added push notification functionality for coinjoins from makers; that would be basically trivial.
Then you could go further and have like a control panel for remote access on phone, and still have same basic joinmarket on home machine. To go even further (1/2)
JoinMarket now accepts donations without address reuse: https://bitcoinprivacy.me/joinmarket-donations
This open source project is decentralized and available to everyone for free, but therefore does not have a funding model. Be part of the effort to improve Bitcoin privacy and fungibility!
The idea of having a Wasabi Bulletin Board is fine, but it could be the source of a targeted Sybil attack by analysis companies who want to link the unmixed change with the inputs (if it's not viable to link them onchain).
What would be particularly bad is if people make proposals to mix mixed outputs and use the Pubkeys of inputs to generate the shared secret - because the wasabi user would be revealing the link between their input & output to the other SNICKER participant.
Me in Bitcoin Magazine on Erlay and academia https://bitcoinmagazine.com/articles/bitcoin-researcher-drums-up-academic-interest-in-erlay-protocol
I feel like what they're presenting as a new taxonomy here isn't actually new; it was already in Liu-Wei-Wong 04 ... but to be fair, they do cite it. Not sure whether new ring sig constructions here are of interest, but at the least they're attempting to clarify what is otherwise a very confusing topic:
H/T Christopher Allen. This kind of bumbling idiocy from governments, ruining people's lives through enforced identity tracking, is a trend.
Very apposite comment here: does anyone believe such an insane choice would have survived for long if the library was open source?
It really beggars belief that you would not lock down curve parameters.
Also a funny nuance: one often has to explain to people that the choice of generator in a cyclic group "doesn't matter" (all generators are equivalent) - but crucially that is not the same as saying two different participants in a protocol can use different generators!
VICE did a report on the current state of surveillance in China:
Black Mirror (and SkyNet) is referenced in a positive way ... 🙃
Also mentioned that the technology is used in a Berlin metro station and student in France are tracked whether they're paying attention.
And all the 'better marketing' slogans.
I was WAY too optimistic with my 5-10 years. And people are starting to consider this (facial recognition stuff) normal.
Someone just did a transaction worth around 1 billion USD, for only around 80 USD in fees, via a distributed p2p network based on nothing but free software, and no chance for any bank or government on the planet to censor the tx.
Exciting times we're living in!
On the just released CVE from Microsoft/NSA, this explanation looks right:
The bug as per zdnet:
To change from a standard (ID) sigma protocol to a signature scheme you apply Fiat-Shamir, which replaces an honest verifier choosing a random challenge, with a hash value.
How else could you get a provably honest random challenge? A blockchain!
If Alice commits to R in block N, she could use the blockhash of block N+100 and then publish a signature. No random oracle assumption required!
The security of bitcoin relies on the preimage resistance of the hash function anyway, lol.
Wasabi research club talked about SNICKER and I attended. Hangout started with a slide presentation by Aviv Milner explaining in detail, visually, how it works - very recommended if you're interested in the proposal but don't want to wade through the BIP draft.