Skip to content

Instantly share code, notes, and snippets.

@AdamISZ
AdamISZ / fakeforgery.py
Created September 13, 2023 00:40
How to prove you're Satoshi
# A reminder of how to "prove" you're Satoshi.
# ("reminder" - this was done (with tongue in cheek, presumably)
# by someone on Twitter a few years ago).
# 1. We need the public key of the receiving address of (e.g.) block 1.
# it is on the blockchain in uncompressed form (P2PK):
block1_uncompressed_output_key_hex = "0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee"
@AdamISZ
AdamISZ / basicmusigadaptors.py
Last active April 3, 2023 19:56
Unsafe sample implementation of 3 round musig with optional adaptors
# Replaced with this: https://github.com/AdamISZ/3roundmusig4fun
@AdamISZ
AdamISZ / chaumian.md
Last active July 17, 2024 02:08
Chaumian ecash designs, notes

Chaumian cash in a Bitcoin world - cashu, Fedimint

What's this for?

  • More scalable/faster than a blockchain (not enough utxos)
  • Much better privacy security model than a blockchain
  • Same or better theft security model than TTP but much worse than a blockchain

If it's so great, why hasn't it been done yet?

@AdamISZ
AdamISZ / triptych_poc.py
Created August 22, 2022 13:19
Triptych proof of concept
#!/usr/bin/env python
help = """
A demonstration of the algorithm of
the linkable ring signature algorithm in Goodall and Noether's
Triptych:
https://eprint.iacr.org/2020/018
To use, specify two arguments: n (integer) and m (integer), such
that N (size of ring) = n^m.
@AdamISZ
AdamISZ / groth14poc.py
Last active April 3, 2023 19:59
Demo of logarithmic size ring signature algorithm (Groth and Kohlweiss '14)
#!/usr/bin/env python
help = """
A demonstration of the algorithm of:
Groth and Kohlweiss 2014 "How to leak a secret and spend a coin."
https://eprint.iacr.org/2014/764.pdf
This uses the Joinmarket bitcoin backend, mostly just for its encapsulation
of the package python-bitcointx (`pip install bitcointx` or github:
https://github.com/Simplexum/python-bitcointx).
@AdamISZ
AdamISZ / RIDDLE.md
Last active April 3, 2023 20:00
Lightweight anti-Sybil with anonymity in Bitcoin

RIDDLE

Due to unexpected failures of github's LaTeX parsing (which were not evident until I published this, but have persisted afterwards), and since the mathematical parts are important in this, I have migrated this proposal to a blog post with identical content, but correctly formatted equations.

Please continue to put any comments here.

@AdamISZ
AdamISZ / MuSigForgery.md
Last active June 25, 2024 03:19
Forgery with a fake key in MuSig2

As per footnote 2 in the draft BIP here, it is possible in MuSig2 to create a partial signature which verifies correctly to the other participants, even though the adversary does not know the secret key corresponding to the given public key, but only by the adversary taking the role of at least one other participant, and in that case it is not possible to create a partial signature for that other public key, even if the corresponding private key is known.

The purpose of this gist is to work through the mathematical details of the above statement, as it isn't, probably, obvious to most readers (although it may be at least somewhat intuitive - think about 'free variables').

Setup: keyset $L = X_1 , X_2 , X_3 , X_4 , X_5$. The adversary will take the roles of indices 4 and 5, and will forge a partial signature on key $X_4$, not knowing the corresponding secret $x_4$, on a given message $m$. Assume the adversary does kn

@AdamISZ
AdamISZ / sqrt_commit.py
Created April 26, 2022 07:27
Square root scaling for polynomial commitments
#!usr/bin/env python
""" Implementation example of https://eprint.iacr.org/2016/263.pdf
Bootle et al. Section 3, polynomial evaluation protocol which scales
in the square root of the degree.
*Not* zero knowledge form.
"""
import jmbitcoin as btc
import struct
@AdamISZ
AdamISZ / pathcoin.md
Last active November 17, 2023 02:31
PathCoin

PathCoin

Caveat

Before we begin: this post describes a very limited protocol idea. It's possible that what we describe here is a start towards, or a component of, something genuinely useful, but in itself it's really more of a toy, albeit it's fun.

Non-interactive digital cash

Since the 90s, there was a dream that cash could be sent online just like email. We've basically been experimenting with tradeoffs against this pure vision ever since. Sometimes the tradeoff is: there's a central party we have to trust (either with our privacy or our money or the management or inflation or..), but otherwise we get the goal. Often the tradeoff includes: we have to interact with the receiver. In pretty much every case there's an online-ness requirement: we have to exchange messages with a p2p network of active nodes (bitcoin) or a central server and our counterparty, or at least, directly with our counterparty (e.g. Lightning) in the payment transaction.

@AdamISZ
AdamISZ / test_taproot_script_path.py
Created November 22, 2021 19:53
Testing script path spending in taproot with python-bitcointx
import bitcointx as btc
btc.allow_secp256k1_experimental_modules()
btc.select_chain_params("bitcoin/testnet")
from bitcointx.wallet import CCoinKey
from bitcointx.core import COutPoint, CTxIn, CTxOut, CMutableTransaction, CTxInWitness
from bitcointx.core.script import (CScript, OP_CHECKSIGADD, OP_CHECKSIG, OP_NUMEQUAL,
TaprootScriptTree, CScriptWitness)
from bitcointx.wallet import P2TRCoinAddress
from binascii import hexlify, unhexlify