Skip to content

Instantly share code, notes, and snippets.

View AdamISZ's full-sized avatar

Adam Gibson AdamISZ

261 followers · 1 following
View GitHub Profile
@AdamISZ
AdamISZ / basicmusigadaptors.py
Last active April 3, 2023 19:56
Unsafe sample implementation of 3 round musig with optional adaptors
# Replaced with this: https://github.com/AdamISZ/3roundmusig4fun
@AdamISZ
AdamISZ / triptych_poc.py
Created August 22, 2022 13:19
Triptych proof of concept
#!/usr/bin/env python
help = """
A demonstration of the algorithm of
the linkable ring signature algorithm in Goodall and Noether's
Triptych:
https://eprint.iacr.org/2020/018
To use, specify two arguments: n (integer) and m (integer), such
that N (size of ring) = n^m.
@AdamISZ
AdamISZ / groth14poc.py
Last active April 3, 2023 19:59
Demo of logarithmic size ring signature algorithm (Groth and Kohlweiss '14)
#!/usr/bin/env python
help = """
A demonstration of the algorithm of:
Groth and Kohlweiss 2014 "How to leak a secret and spend a coin."
https://eprint.iacr.org/2014/764.pdf
This uses the Joinmarket bitcoin backend, mostly just for its encapsulation
of the package python-bitcointx (`pip install bitcointx` or github:
https://github.com/Simplexum/python-bitcointx).
@AdamISZ
AdamISZ / RIDDLE.md
Last active April 3, 2023 20:00
Lightweight anti-Sybil with anonymity in Bitcoin

RIDDLE

Due to unexpected failures of github's LaTeX parsing (which were not evident until I published this, but have persisted afterwards), and since the mathematical parts are important in this, I have migrated this proposal to a blog post with identical content, but correctly formatted equations.

Please continue to put any comments here.

@AdamISZ
AdamISZ / MuSigForgery.md
Last active April 3, 2023 20:01
Forgery with a fake key in MuSig2

As per footnote 2 in the draft BIP here, it is possible in MuSig2 to create a partial signature which verifies correctly to the other participants, even though the adversary does not know the secret key corresponding to the given public key, but only by the adversary taking the role of at least one other participant, and in that case it is not possible to create a partial signature for that other public key, even if the corresponding private key is known.

The purpose of this gist is to work through the mathematical details of the above statement, as it isn't, probably, obvious to most readers (although it may be at least somewhat intuitive - think about 'free variables').

Setup: keyset $L = X_1 , X_2 , X_3 , X_4 , X_5$. The adversary will take the roles of indices 4 and 5, and will forge a partial signature on key $X_4$, not knowing the corresponding secret $x_4$, on a given message $m$. Assume the adversary does kn

@AdamISZ
AdamISZ / sqrt_commit.py
Created April 26, 2022 07:27
Square root scaling for polynomial commitments
#!usr/bin/env python
""" Implementation example of https://eprint.iacr.org/2016/263.pdf
Bootle et al. Section 3, polynomial evaluation protocol which scales
in the square root of the degree.
*Not* zero knowledge form.
"""
import jmbitcoin as btc
import struct
@AdamISZ
AdamISZ / JMCL.md
Last active April 3, 2023 20:03
Offchain Joinmarket fees with adaptors

Joinmarket fees over Lightning using encrypted signatures

Fees inside Joinmarket coinjoins are one of (arguably, the principal) "metadata" fingerprints that damage the quality of the privacy generated by such coinjoins. At minimum, they force a lot more rounds of coinjoin in order to get a meaningful anonymity set (and realistically, more complex behaviour and a lot more time). It should be noted that there is no claim that removing these fingerprints are a panacea.

But let's consider how off-chain fees could work. It's clearly possible to do it with centralized servers. The more advanced way to use servers would be a Chaumian e-cash server as described by chris-belcher here. However this short note is intended to explain that the same goal can be achieved trustlessly.

First, remember that either with Schnorr or with ECDSA, we can construct "signature adaptors" or preferably "otVES" - one-time verifiably encrypted signatures, in

@AdamISZ
AdamISZ / recover-old-keys-2.py
Created January 14, 2021 13:00
Script to recover pre-segwit Joinmarket wallet keys from the seedphrase only without Bitcoin Core
import os
from optparse import OptionParser
from jmbase import jmprint
from jmclient import load_program_config, LegacyWallet, VolatileStorage, get_network
def get_parser():
description = (
'Use this script to extract keys and addresses from pre-segwit '
'Joinmarket wallets if you do not have access to Bitcoin Core. Specify '
@AdamISZ
AdamISZ / bulletin-board-for-jm.md
Last active April 3, 2023 20:06
@AdamISZ
AdamISZ / btcpayserver-joinmarket-regtest.md
Last active April 3, 2023 20:07
How to set up a local dev environment on regtest with btcpayserver and joinmarket for interoperability testing of payjoin

Setup paying hot wallet btcpayserver to joinmarket all on one machine, on regtest:

  1. Follow installation instructions from scratch as per: https://docs.btcpayserver.org/LocalDevelopment/ (note, there is another setup description, but it is specifically for coding and debugging, using visual studio, here: https://docs.btcpayserver.org/Contribute/ContributeDev/ContributeDevCode/#visual-studio-setup)

  2. after the docker-compose up dev command specified there, run dotnet run --launch-profile Bitcoin from BTCPayServer directory (should not need to change any config)

  3. Load http://127.0.0.1:14142 to get the BTCPayServer UI

  4. Create an Admin account (check the option) with a random email and password. New screen should show 'Regtest' and 'Server Settings'.