Skip to content

Instantly share code, notes, and snippets.

View darosior's full-sized avatar

Antoine Poinsot darosior

483 followers · 110 following
View GitHub Profile
@nothingmuch
nothingmuch / samourai_key_consistency.md
Last active December 21, 2024 19:21
Key consistency issue in Samourai Wallet

The Samourai Bitcoin wallet, which implements the whirlpool variant of the zerolink protocol, is vulnerable to key tagging attacks due to the absence of any key consistency checks, completely defeating the privacy claims of the protocol.

In Whirlpool CoinJoin transactions, clients utilize a variant of ZeroLink nominate Bitcoin UTXOs as inputs into a collaborative transaction that allows them to send a fixed amount back to themselves anonymously, somewhat analogous to a mixing stage in a mixnet. Inputs and outputs are registered from separate tor circuits. In order to reject unauthorized outputs, this variant of Zerolink uses RSA blind signatures. Blind signatures are given in response to valid input registrations. An unblinded signature and message is then used as an authorization token, allowing the server to ensure it corresponds to one of the inputs, ostensibly without revealing which one.

The server's blind signing key is obtained by the client by [extracting it f

@instagibbs
instagibbs / cov_rationale.md
Last active March 5, 2025 20:05
Covenants Table Rationale

Non-exhaustive thoughts but better to have something written than nothing at all:

WANTING: There's no developer or larger community consensus on anything, so I marked anything I'm happy with as "Wanting" instead.

MEVil: The below discussion is predicated on the fact we as a community are no longer overly concerned with script enhancements creating mining centralization risk via MEVil.

OP_CTV

SIGHASH_ALL emulation. Pretty understandable how to use, also not very exciting on its own unless you believe it's the step function in usability for Arg, Timeout Trees, and also believe those are game changers. It does show up in a lot of places are cleanups removing interactivity in protocols, especially when combined with OP_CSFS.

@chris-belcher
chris-belcher / design-for-improving-joinmarkets-resistance-to-sybil-attacks-using-fidelity-bonds.md
Last active December 4, 2021 08:30
Design for improving JoinMarket's resistance to sybil attacks using fidelity bonds

Design for improving JoinMarket's resistance to sybil attacks using fidelity bonds

13/7/2019

tl;dr

JoinMarket can be sybil attacked today at relatively low cost which can destroy its privacy. Bitcoins can be sacrificed with burner outputs and time-locked addresses (also called fidelity bonds), and this can be used to greatly improve JoinMarket's resistance to sybil attacks.

With real-world data and realistic assumptions we calculate that under such a fidelity bond system an adversary would need to lock up 30,000-80,000 bitcoins for months, or send 45-120 bitcoins to burner addresses to have a good chance of sybil attacking the system if it were added to JoinMarket.

@laanwj
laanwj / reducing-bitcoind-memory-usage.md
Last active August 28, 2022 09:44
Reducing bitcoind memory usage
@dcousens
dcousens / _scripttemplates.md
Last active February 3, 2024 18:59
Transaction / Script Templates
  • <> represents data or script
  • {} represents data that must prefixed by OP_PUSHDATA
  • [] represents multiple {}

Standard Scripts

PubKey (pay-to-pubkey / P2PK)

Address: N/A
scriptPubKey: {pubKey} OP_CHECKSIG
@jfdm
jfdm / sodium-documented.h
Last active March 18, 2021 19:45
A well documented version of libNaCl and libSodium's ABI.
/** \mainpage
*
* __NaCl__ (pronounced _salt_) is a new easy-to-use high-speed
* software library for network communication, encryption, decryption,
* signatures, etc. NaCl's goal is to provide all of the core
* operations needed to build higher-level cryptographic tools.
*
* __Sodium__ is a portable, cross-compilable, installable,
* packageable, API-compatible version of NaCl.
*