Skip to content

Instantly share code, notes, and snippets.

Adam Gibson AdamISZ

Block or report user

Report or block AdamISZ

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
AdamISZ /
Last active Aug 4, 2019
Ring signatures for de-linked fidelity bonds

Fidelity Bonds in an Anonymity set

If timelocked outputs are used as fidelity bonds, there is some inevitable degradation in the anonymity of users of a system that requires such bonds. Part of this would be entirely unavoidable - in that when the utxo is spent, the CLTV nature of the scriptPubKey must be revealed, and in most scenarios this would probably watermark that the utxo was being used for a fidelity bond purpose. But what might be avoided is the tracing, or linking, of a particular utxo used repeatedly for the same purpose.

Concrete case: Joinmarket maker

To make the issue clearer, consider the specific case of Joinmarket, and the recent proposal on fidelity bonds by Chris Belcher [1]. Here, the fidelity bond would be used to sign an ephemeral identity used on a message channel. The user, having committed funds to the bond, would perforce re-use that same bond every time he reconnects to the trading pit and so what is currently a completely ephemeral identity (it can be changed as often as

View SNICKER_BIP_draft.mediawiki

  BIP: ??
  Layer: Applications
  Title: SNICKER - Simple Non-Interactive Coinjoin with Keys for Encryption Reused
  Author&#58; Adam Gibson <>
  Comments&#45;Summary&#58; No comments yet.
  Comments&#45;URI&#58; &#45;
  Status&#58; Proposed
  Type&#58; Informational
  Created&#58; &#45;

AdamISZ /
Created Jul 1, 2019
Simple Python script to find Joinmarket type transactions in blocks
#!/usr/bin/env python
from __future__ import print_function
Find/count JM transactions in blocks.
Ensure your joinmarket-clientserver virtualenv (jmvenv) is activated,
make sure your Bitcoin Core node is available and joinmarket.cfg is appropriately set.
Pass start and end block number:
`python 400000 400200`.
AdamISZ /
Created Apr 27, 2019
Multiparty symmetrical Schnorrr scriptless script swap (SSSSS)

General idea; generalise the Schnorr scriptless script atomic swap of A Poelstra to multiple parties.

We consider 3-party case with trivial generalisation. Parties are Alice, Bob, Charlie, A, B, C. Payment destinations are D_x. Transactions are TX_x. Adaptor signature secrets are t_x (scalar), T_x (point). Signatures are "sigma", adaptor signatures will be marked with '.


AdamISZ /
Created Apr 16, 2019
Tool to get keys from pre-2017 Joinmarket (no segwit or BIP39) if Bitcoin Core is not available.
from __future__ import (absolute_import, division,
print_function, unicode_literals)
from builtins import * # noqa: F401
import os
from optparse import OptionParser
from jmbase import jmprint
from jmclient import load_program_config, open_test_wallet_maybe
def get_wallet_path(file_name, wallet_dir):
# TODO: move default wallet path to ~/.joinmarket
AdamISZ /
Last active Mar 6, 2019
Compressed tx transfer

Looking for optimally minimal data transfer to send a transaction.

Just throwing this out there; I'm sure we can do better.

Some stuff should be pre-agreed by anyone following this protocol. For example:

  • Preagreed: script type (say legacy P2PKH)
  • Preagreed: version 1, locktime 0, sequence maxint-1, fee 10K sats (tweak this later)

Receiver has address AR, requests X sats.

AdamISZ /
Created Dec 27, 2018
Basic payjoin/p2ep protocol for Joinmarket wallets

Described here is a variant of what has previously been published under the name "P2EP" or Pay-to-endpoint, in which A pays B but B contributes utxos, i.e. it's a coinjoin-payment.

I'm using the term "payjoin" here to refer to using that idea, but not including a URI/endpoint specific to B, and not allowing (as a merchant would) arbitrary payments, which opens up certain problems around snooping attackers (more on this below). So payjoin just means "A pays B but B actively participates and passes across utxos as extra inputs".

I'll defer a more features-focused and non-tech friendly description of what this means to a later blogpost.

AdamISZ /
Created Aug 27, 2018
Derivatives and manipulation?

So, why the current narrative around ETFs, futures and similar is wrong, I believe:

Start with the idea of Darwinian natural selection. People say "evolution is a theory, it isn't proven", now you may think they're stupid because the theory is proven, but the error is much more fundamental: natural selection is not really a theory at all. It's an inevitable logical consequence of a simple set of conditions: basically, reproduction through encoding along with random variation. Natural selection has to happen in this case.

There is a similar story around the famous "Efficient Market Hypothesis". People love to say that this theory is wrong, in fact I get the impression many think they're very smart for realizing that this is

AdamISZ / test-coinjoin.go
Created Aug 4, 2018
Elementary test of co-signing/coinjoin in lnd
View test-coinjoin.go
// This tests a simple 2 party of coinjoin by first funding a utxo
// for both of Bob and Alice, and then spending both into one
// transaction. The purpose is to test construction and broadcast,
// not sophisticated validation.
func testCospend(r *rpctest.Harness,
alice, bob *lnwallet.LightningWallet, t *testing.T) {
// Start building the coinjoin transaction; we'll append
// inputs and outputs as we build
tx1 := wire.NewMsgTx(2)
AdamISZ /
Last active Jun 30, 2018
Hybrid swap design, minimising interactivity

Alice has 1 Alice-coin UA on Alice-chain. Bob has 1 BTC UB on Bitcoin. X-rate = 1/1. M() is multisig.

  2. Negotiate keys: A1,A2, A3, B1. Create M(2,2,A1,B1). Alice create txid from UA to M(2,2,A1,B1), give to Bob. Bob pre-sign backout to A2 with nlocktime L1.
  3. Alice gives key A3 as ephem key for BTC side of swap.
  4. A and B do C&C ending with Bob receiving H(k) and E_k(sig on M(2,2,A1,B1)->B2_m) for m distinct cases, and note Alice doesn't know the B2 keys.

(everything else does not require communication)

You can’t perform that action at this time.