Skip to content

Instantly share code, notes, and snippets.

@AdamISZ
AdamISZ / receiver-trustless-inheritance.md
Last active January 21, 2025 18:01
Instructions for RECEIVER

We are working in pairs. One person is HOLDER. One person is RECEIVER.

Instructions for RECEIVER

As receiver, you don't know much about Bitcoin!! So:

  1. Download a wallet on your phone. There are many apps, but we need to use signet. Please download Padawan wallet on Android or iPhone , which is signet by default and is very simple. If that fails, use the Electrum wallet on your computer, as instructed to the HOLDER.
  2. Create a new wallet, write down the seedphrase on paper, (go to Settings->Recovery Phrase), and create a receiving address. Give the receiving address to your HOLDER.
@AdamISZ
AdamISZ / holder-trustless-inheritance.md
Last active January 21, 2025 17:56
Instructions for HOLDER

We are working in pairs. One person is HOLDER. One person is RECEIVER.

Instructions for HOLDER

You are going to die soon!! Hurry!

  1. Download Electrum from https://electrum.org .
  2. Run Electrum using ./electrum-4.5.8-x86_64.AppImage --signet on Linux or /Applications/Electrum.app/Contents/MacOS/run_electrum --signet on Mac. On Windows do the same; run the executable FROM THE COMMAND LINE: C:\Program Files (x86)\Electrum> electrum-4.5.8.exe --signet.
  3. Go to File-> New/Restore, leave default (standard) wallet and enter a file name. Enter the 12 word seed phrase ("I already have a seed"), choose BIP39 in Options, and recover the wallet. It should contain a bit less than 10M sats.
@AdamISZ
AdamISZ / jmsudokuer.py
Last active January 15, 2025 21:44
Crude first draft script for extracting taker input combinations
#!/usr/bin/env python3
""" Tool to take sets of Joinmarket coinjoin transactions,
and do subset sum iteration to find possible sets of taker
inputs, based on an assumed max possible value of maker fees
(see tolerance).
"""
from itertools import combinations, chain, product
from jmbitcoin import CTransaction, is_jm_tx
@AdamISZ
AdamISZ / fakeforgery.py
Created September 13, 2023 00:40
How to prove you're Satoshi
# A reminder of how to "prove" you're Satoshi.
# ("reminder" - this was done (with tongue in cheek, presumably)
# by someone on Twitter a few years ago).
# 1. We need the public key of the receiving address of (e.g.) block 1.
# it is on the blockchain in uncompressed form (P2PK):
block1_uncompressed_output_key_hex = "0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee"
@AdamISZ
AdamISZ / basicmusigadaptors.py
Last active April 3, 2023 19:56
Unsafe sample implementation of 3 round musig with optional adaptors
# Replaced with this: https://github.com/AdamISZ/3roundmusig4fun
@AdamISZ
AdamISZ / chaumian.md
Last active November 24, 2024 11:49
Chaumian ecash designs, notes

Chaumian cash in a Bitcoin world - cashu, Fedimint

What's this for?

  • More scalable/faster than a blockchain (not enough utxos)
  • Much better privacy security model than a blockchain
  • Same or better theft security model than TTP but much worse than a blockchain

If it's so great, why hasn't it been done yet?

@AdamISZ
AdamISZ / triptych_poc.py
Created August 22, 2022 13:19
Triptych proof of concept
#!/usr/bin/env python
help = """
A demonstration of the algorithm of
the linkable ring signature algorithm in Goodall and Noether's
Triptych:
https://eprint.iacr.org/2020/018
To use, specify two arguments: n (integer) and m (integer), such
that N (size of ring) = n^m.
@AdamISZ
AdamISZ / groth14poc.py
Last active April 3, 2023 19:59
Demo of logarithmic size ring signature algorithm (Groth and Kohlweiss '14)
#!/usr/bin/env python
help = """
A demonstration of the algorithm of:
Groth and Kohlweiss 2014 "How to leak a secret and spend a coin."
https://eprint.iacr.org/2014/764.pdf
This uses the Joinmarket bitcoin backend, mostly just for its encapsulation
of the package python-bitcointx (`pip install bitcointx` or github:
https://github.com/Simplexum/python-bitcointx).
@AdamISZ
AdamISZ / RIDDLE.md
Last active April 3, 2023 20:00
Lightweight anti-Sybil with anonymity in Bitcoin

RIDDLE

Due to unexpected failures of github's LaTeX parsing (which were not evident until I published this, but have persisted afterwards), and since the mathematical parts are important in this, I have migrated this proposal to a blog post with identical content, but correctly formatted equations.

Please continue to put any comments here.

@AdamISZ
AdamISZ / MuSigForgery.md
Last active June 25, 2024 03:19
Forgery with a fake key in MuSig2

As per footnote 2 in the draft BIP here, it is possible in MuSig2 to create a partial signature which verifies correctly to the other participants, even though the adversary does not know the secret key corresponding to the given public key, but only by the adversary taking the role of at least one other participant, and in that case it is not possible to create a partial signature for that other public key, even if the corresponding private key is known.

The purpose of this gist is to work through the mathematical details of the above statement, as it isn't, probably, obvious to most readers (although it may be at least somewhat intuitive - think about 'free variables').

Setup: keyset $L = X_1 , X_2 , X_3 , X_4 , X_5$. The adversary will take the roles of indices 4 and 5, and will forge a partial signature on key $X_4$, not knowing the corresponding secret $x_4$, on a given message $m$. Assume the adversary does kn