Skip to content

Instantly share code, notes, and snippets.

Avatar

Adam Gibson AdamISZ

View GitHub Profile
@AdamISZ
AdamISZ / rfctaas.md
Last active Mar 6, 2019
RFC: Tlsnotary-as-a-service
View rfctaas.md

RFC: Tlsnotary-as-a-service

The following are assumed to already exist:

  1. A webserver W with high availability, and strongly hardened. A second server C for holding a private key for signing, only communicating with W
  2. A tlsnotary browser addon installable by any user on Linux/MacOS/Win with a single toolbar button ('audit button'); configured to use W as auditor without additional setup or configuration, and knowing C's public key.

Process for user:

@AdamISZ
AdamISZ / tlsn-notarization-file-format.md
Last active Nov 9, 2016
TLSNotary notarization file format
View tlsn-notarization-file-format.md

Data format: binary. Default file extension: '.tlsn'

Contents

Field description (size in bytes) code in Python version
Header (29) 'tlsnotary notarization file\n\n'
View TLSTweet-manifesto.md

This document is a summary of the line of reasoning leading to an idea I had about secret messaging which is referred to here as 'TLSTweet' (not sure about the name..).

What is "self-evident" about modern crypto.

There are several "truisms" in modern day cryptology (= cryptography + cryptanalysis). One of them is "don't roll your own crypto", which is meant to convey the extraordinary difficulty in creating ciphers and cryptosystems that are genuinely resistant to cryptanalysis, and the tremendous ease with which it's possible for the non-specialist, or even the specialist, to convince themselves that the cipher or system they've created is resistant to cryptanalysis, when it isn't.

Another, related but distinct, actually has a name - Kerckhoff's Principle - which briefly stated means that not only should you not hide the algorithm, but you should endeavour to make it as publically known as possible, because genuine security comes from the sec

@AdamISZ
AdamISZ / pit-activity-monitor-script.py
Created Oct 13, 2015
For joinmarket pit analysis
View pit-activity-monitor-script.py
import time
from datetime import datetime, timedelta
from calendar import timegm
def write_activity_log(lfn):
with open(lfn,'rb') as f:
loglines = f.readlines()
loglines = [x for x in loglines if 'pubmsg' in x]
x = {}
for l in loglines:
@AdamISZ
AdamISZ / JMsnoopmitigation.md
Last active Feb 8, 2016
Snooping attacks on joinmarket - mitigation ideas.
@AdamISZ
AdamISZ / SegwitJM.md
Last active Sep 4, 2017
Segwit support in Joinmarket
View SegwitJM.md

Current work is in this branch.

Reference information at: BIP141, BIP143 (note BIP142 is not in force)

Implementation uses P2SH-P2WPKH - the P2SH is for backwards-compatibility (old wallets can send to P2SH addresses), and P2WPKH not P2WSH for simplicity (no multisig involved).

Modifications made so far:

New ordertypes:

@AdamISZ
AdamISZ / electrumsnippets.py
Created May 24, 2016
electrum joinmarket snippets
View electrumsnippets.py
blockchain interface:
class ElectrumWalletInterface(BlockchainInterface):
"""A pseudo-blockchain interface using the existing
Electrum server connection in an Electrum wallet.
Usage requires calling set_wallet with a valid Electrum
wallet instance.
"""
def __init__(self, testnet=False):
super(ElectrumWalletInterface, self).__init__()
View jm-0.2.0-protocol.md

Username (herafter "nick") construction for message channel:

nick = one "type" byte (currently "J") + one version byte (current jm_version protocol value) + Base58 (not Base58Check) of: first joinmarket.message_channel.NICK_HASH_LEN bytes of sha256 of : ephemeral per-bot-process public key.

If length(X) < joinmarket.message_channel.NICK_MAX_ENCODED, right pad with 'O' char to that length.

Definitions:

@AdamISZ
AdamISZ / Taker-sophistication.md
Last active Oct 16, 2016
Taker algorithm adjustment to dissuade duplicate bots
View Taker-sophistication.md

This idea is due to @Adlai

This is a rough overview of the idea; there may well be refinements in practice.

Consider the following issue: a Maker is incented to find a way to get chosen more frequently in joins. He can try these approaches:

  1. Publish more offers from his single bot, which cover the same btc amount range
  2. Create multiple bots which make duplicated offers from the same wallet/utxo set.

Note that there is no "3. create multiple bots referring to different utxo sets"; there is nothing wrong with doing that.

@AdamISZ
AdamISZ / economic_incentives_of_makers.md
Created Feb 20, 2017
Thoughts on economic incentives of makers in Joinmarket
View economic_incentives_of_makers.md

Some definitions and assumptions:

EMM: "economically motivated maker" - defined as purely motivated by immediate largest economic benefit, not bounded by coding skill (so can implement any algorithm not limited to our codebase), not interested in any privacy concerns, and most importantly: not including the intent to either DOS or not DOS the system.

Un (x) a real utxo (index n) controlling x btc.

U'n(x) a fake utxo (index n) controlling x btc.

Assumption: the EMM has U1 ... Un real utxos, each with corresponding amount xi.