Skip to content

Instantly share code, notes, and snippets.

View lollerfirst's full-sized avatar

lollerfirst

34 followers · 48 following
View GitHub Profile
@lollerfirst
lollerfirst / pairing-ecash-aggregate-verification.md
Last active September 27, 2025 09:45

Aggregate Verification for pairing-based Ecash

Threshold Signatures

In the blind threshold signature scheme (TBLS), we suppose a client gets the following signatures (after Interpolate and Unblind): $\sigma_1 = a_1 \cdot H(m_1), \ \sigma_2 = a_2 \cdot H(m_2), \ \sigma_3 = a_3 \ \cdot H(m_3)$

Where $a_1, a_2, a_3$ are different threshold private keys (supposedly for different amounts), and $m_1, m_2, m_3$ are $3$ different messages.

Normal Verification

@lollerfirst
lollerfirst / cashu-kvac.md
Last active December 13, 2024 17:48
Cashu KVAC

Moved to Repository Cashu-KVAC

Definitions

Scalar and GroupElement

Scalar

A Scalar is an element of group $\mathbf{Z}_q$, where $q$ is prime and is also called the order of the group. Scalar is also commonly referred to as PrivateKey and in cashu-kvac Scalar is a wrap-around secp256k1-py's PrivateKey with some added functionality.

@lollerfirst
lollerfirst / double-blinding.md
Last active April 21, 2025 07:35

Tricking ecash wallets into double blinding

This document outlines how any ecash mint can potentially trick the user (Alice) into blinding their tokens a second time, and then potentially link their transactions without having to memorize any particular key for any user. The chaumian ecash scheme won't be described here, as it is assumed the reader is familiar with it.

Note

This is not a security issue.

Tricking Alice

The mint (Bob) can tag blind signatures by negating its signing key $a \rightarrow -a$.

$$$$