Skip to content

Instantly share code, notes, and snippets.

View RobinLinus's full-sized avatar
🧡
₿itcoin

Robin Linus RobinLinus

🧡
₿itcoin
1.6k followers · 22 following
View GitHub Profile
@RobinLinus
RobinLinus / peg.sol
Last active February 11, 2022 00:32
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.5.10;
import "https://github.com/summa-tx/bitcoin-spv/blob/master/solidity/contracts/ViewBTC.sol";
import "https://github.com/summa-tx/bitcoin-spv/blob/master/solidity/contracts/ViewSPV.sol";
contract Peg {
//
// Security Parameters
@RobinLinus
RobinLinus / or-operator.md
Last active March 3, 2024 03:24

OR Operator for DLCs and PTLCs

We construct an OR operator for adaptor points:

If Alice learns the dlog of T₁, or T₂, ..., or Tₙ, then she also learns the dlog of X.

This is possible using verifiable encryption (see "Juggling" by Shlomovits et al.). An OR operator allows to condense complex spending conditions into a single point. This prevents the combinatorial explosions which usually occur when using multi-oracles. An OR operator makes spending conditions easily composable. In theory, it even enables arbitrary computations on values provided by oracles.

Motivation

Applications for the OR operator include Discreet Log Contracts (DLCs), adaptor signatures, and Point Time Locked Contracts (PTLCs):

@RobinLinus
RobinLinus / dlc-order-relations.md
Last active March 14, 2022 23:47
Succinct order relations for DLCs

Order Relations for DLCs

We expect an oracle will publish some number 𝑁 by signing each of its n bits.

Given a constant c, we want to express the spending condition 𝑁 ≥ c in a single adaptor point.

The key idea is to construct an OR operator for adaptor points. This is possible with verifiable encryption. An OR operator allows to condense complex spending conditions into a single point. This prevents the combinatorical explosions that usually occure when using multi-oracles. An OR operator makes spending conditions easily composable. In theory, it even enables arbitrary computations.

Number Format

We define B₁ to Bₙ to represent the adaptor points for oracle signatures of those bits of 𝑁 that are equal to 1:

@RobinLinus
RobinLinus / decaying-multisig.md
Last active February 10, 2022 06:24

Decaying MultiSig using nLockTime

A decaying MultiSig that requires no bitcoin script other than regular MultiSigs.

A 3-of-3 that decays into a 2-of-3 at block height x.

  1. Alice, Bob, and Carol create a 3-of-3 regular MultiSig output.

  2. Alice signs the output with nLocktime = x and SIGHASH_NONE.

  3. She sends this partially signed TX to Bob and Carol.

@RobinLinus
RobinLinus / sig_pow.md
Last active January 14, 2026 04:14
Timelocked Proof of Work via signature length

The following script allows everyone to spend; the shorter your signature the earlier you can spend.

OP_SIZE
OP_CHECKSEQUENCEVERIFY OP_DROP

<G>
OP_CHECKSIGVERIFY

The point R = 1/2 G has the smallest known x coordinate -- x = 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63. If the public key is chosen P = 1 G then the ECDSA signature becomes s=2(H(m)+x). So, the smaller H(m) the smaller s (as long as it is bigger than x ~ 2^165). Thus, the above output is spendable by the miner mining the lowest TX hash.

@RobinLinus
RobinLinus / is-fritzbox.js
Created December 1, 2019 21:31
Detect if the client's router is a FritzBox
function isFritzBox(){
return new Promise(resolve =>{
let img = document.createElement('img');
img.onload = _ => resolve(true);
img.onerror = _ => resolve(false);
img.src = 'http://fritz.box/favicon.ico';
});
}