Skip to content

Instantly share code, notes, and snippets.

View nothingmuch's full-sized avatar

Yuval Kogman nothingmuch

View GitHub Profile
# This script lives in my home manager home.packages. I also have:
# programs.direnv.enable = true;
# programs.direnv.nix-direnv.enable = true;
# To enable a language, I use e.g.:
# nix registry add rust-direnv ~/code/dev-templates/rust
# where the directory is my local fork of
nothingmuch /
Last active February 7, 2023 14:49
An attack on multiparty protocols that can make some SegWit v1 inputs unfairly cheap


Since Taproot (more generally any kind of MAST) spends have variable size which depends on the path being used, the last such input to be signed in a multiparty transaction can always use a larger than estimated witness to unfairly extract a fee contribution from the other parties to the transaction (keeping the absolute fees the same and reducing the feerate for the transaction).

Attack Scenario

nothingmuch / Bitcoin Privacy
Last active November 10, 2022 15:06
Notes for a presentation on Bitcoin privacy for the Des Femmes mentorship progarm

Bitcoin Privacy Introduction

Why privacy matters in Bitcoin

Celsius recent court filings provided a terrible and arguably avoidable loss of privacy for many of its customers, and will likely have chilling ripple effects for a long time to come. The goal of this presentation-turned-writeup is to give some context so that the reader can understand the consequences of such incidents and where to find more detailed information in order to mitigate such risks, and the tradeoffs that entails.

nothingmuch / 1. zerolink modifications for 3 phase chaumian
Last active April 18, 2020 14:01
personal notes on how to generalize chaumian coinjoin - superseded by
// PoC for 2-of-3 multisig where one of the keys is an opendime (sealed at time of scriptPubKey creation)
// see on
// the script ivy generates seems sub-optimal (some unconditional rotation and rolling of stack elements)
// but this is just a yucky PoC, and the ivy source is arguably easier to understand anyway
contract LockWithKeyHashMultisig(
pubKey1: PublicKey,
pubKey2: PublicKey,
pubKey3hash: Ripemd160(Sha256(PublicKey)), // opendime address
dummyKey: PublicKey, // should be a curve point with no known discrete log
nothingmuch / 1_exact_file_hash_matches_random_sample_of_full_guix_git_history.tsv
Last active June 14, 2019 05:28
packages for bitcoin deps, as of core 431d81b61ca968da2d7c25f0d56455a44cd46fed guix 30825c46298c70028f70da1470eadbadf1e0d858
We can make this file beautiful and searchable if this error is corrected: It looks like row 10 should actually have 5 columns, instead of 1. in line 9.
guix hash dependency source file guix revision package file line
1wl1x93b5w457ddsdgj0lh7yjq4q6l7wfbgwhagkc8fm2qkkrd0p expat-2.2.6.tar.bz2 HEAD gnu/packages/xml.scm 75
1wm4pv12f36cwzhldpp7vy3lhm3xdcnp4f184xkxsp7b18r7gm7x libXau-1.0.8.tar.bz2 HEAD gnu/packages/xorg.scm 4821
0dbfn5bznnrhqzvkrcmw4c44yvvpwdcsrvzxf4rk27r36b9x865m libXext-1.3.3.tar.bz2 HEAD gnu/packages/xorg.scm 4547
040rcs9fpv4bslhiy43v7dcrzakz4vwwpyqg4jp8bn24sl95ci7f protobuf-2.6.1.tar.bz2 HEAD gnu/packages/protobuf.scm 139
1c2vma9gqgc2v06rfxdiqgwhxmzk2cbmknwf1ng3m76vr0xb5x7k xextproto-7.3.0.tar.bz2 HEAD gnu/packages/xorg.scm 2369
18dighcs333gsvajvvgqp8l4cx7h1x7yx9gd5xacnk80spyykrf3 zlib-1.2.11.tar.gz HEAD gnu/packages/compression.scm 81
0jjirhw6xwz2ffmbg5kr79108l8i1bdaw7szc67n3qpkygaxsjb0 dbus-1.10.18.tar.gz d8048a1212e880ce360aaf1b32f4bf3c84e51028 gnu/packages/glib.scm 78
1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl fontconfig-2.12.1.tar.bz2 ab4e939c50b579eaee634c7c90c600f9c9f3aa3f gnu/packages/fontutils.scm 233
set -e
echo "Pinging peers..."
bitcoin-cli ping
sleep 2
# loop until all but 2 slowest peers have responded


Locking down REST and/or JSON-RPC APIs in a generic way, with an object capability security model.

Proposed Design

Given some sort of priviliged access to a backend, this proxy would expose the service with no changes to the API apart from additional requirement for macaroon authorization.

A second mode would also be able to expose such a service to an unrestricted port, by statically configuring a macaroon to be submitted to an upstream endpoint, allowing hardened APIs to be exposed with no macaroon required.