AdamISZ

### This module illustrates how Back's variant
# of the LSAG (linkable spontaneous anonymous group)
# signature of Liu Wei Wong 2004, works.
# There is no command line tool, only a set of tests
# as sanity checks that the algorithm is correct.
#
# To use, pip install python-bitcointx (which comes from:
# https://github.com/Simplexum/python-bitcointx )
# and note that installation of this will only work if it
# succeeds in finding libsecp256k1 on your system.

AdamISZ

We are working in pairs. One person is HOLDER. One person is RECEIVER.

Instructions for RECEIVER

As receiver, you don't know much about Bitcoin!! So:

1. Download a wallet on your phone. There are many apps, but we need to use signet. Please download Padawan wallet on Android or iPhone , which is signet by default and is very simple. If that fails, use the Electrum wallet on your computer, as instructed to the HOLDER.
2. Create a new wallet, write down the seedphrase on paper, (go to Settings->Recovery Phrase), and create a receiving address. Give the receiving address to your HOLDER.

AdamISZ

We are working in pairs. One person is HOLDER. One person is RECEIVER.

Instructions for HOLDER

You are going to die soon!! Hurry!

1. Download Electrum from https://electrum.org .
2. Run Electrum using ./electrum-4.5.8-x86_64.AppImage --signet on Linux or /Applications/Electrum.app/Contents/MacOS/run_electrum --signet on Mac. On Windows do the same; run the executable FROM THE COMMAND LINE: C:\Program Files (x86)\Electrum> electrum-4.5.8.exe --signet.
3. Go to File-> New/Restore, leave default (standard) wallet and enter a file name. Enter the 12 word seed phrase ("I already have a seed"), choose BIP39 in Options, and recover the wallet. It should contain a bit less than 10M sats.

AdamISZ

#!/usr/bin/env python3

""" Tool to take sets of Joinmarket coinjoin transactions,
    and do subset sum iteration to find possible sets of taker
    inputs, based on an assumed max possible value of maker fees
    (see tolerance).
"""

from itertools import combinations, chain, product
from jmbitcoin import CTransaction, is_jm_tx, CScript

AdamISZ

(parentheses + italics = commentary, questions on how these challenges are structured. obviously not intended to be in the text for the students.)

Challenge 1: The fees are all mine(d) (3/10)

(This challenge is focused on not needing any coding skills and just discussing/knowing basic bitcoin mechanisms)

Tx number	Fee /sats	Weight	Standard?	Consensus valid?	Spends from
1	58M	3.6M	✔️	✔️	4

AdamISZ

# A reminder of how to "prove" you're Satoshi.

# ("reminder" - this was done (with tongue in cheek, presumably)
# by someone on Twitter a few years ago).

# 1. We need the public key of the receiving address of (e.g.) block 1.

# it is on the blockchain in uncompressed form (P2PK):

block1_uncompressed_output_key_hex = "0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee"

AdamISZ

# Replaced with this: https://github.com/AdamISZ/3roundmusig4fun

AdamISZ

Chaumian cash in a Bitcoin world - cashu, Fedimint

What's this for?

• More scalable/faster than a blockchain (not enough utxos)
• Much better privacy security model than a blockchain
• Same or better theft security model than TTP but much worse than a blockchain

If it's so great, why hasn't it been done yet?

AdamISZ

#!/usr/bin/env python
help = """
A demonstration of the algorithm of
the linkable ring signature algorithm in Goodall and Noether's
Triptych:
https://eprint.iacr.org/2020/018

To use, specify two arguments: n (integer) and m (integer), such
that N (size of ring) = n^m.

AdamISZ

#!/usr/bin/env python
help = """
A demonstration of the algorithm of:
Groth and Kohlweiss 2014 "How to leak a secret and spend a coin."
https://eprint.iacr.org/2014/764.pdf

This uses the Joinmarket bitcoin backend, mostly just for its encapsulation
of the package python-bitcointx (`pip install bitcointx` or github:
https://github.com/Simplexum/python-bitcointx).