Skip to content

Instantly share code, notes, and snippets.

View nothingmuch's full-sized avatar
🤔

Yuval Kogman nothingmuch

🤔
View GitHub Profile
@nothingmuch
nothingmuch / kvac_rate_limiting.md
Last active July 15, 2024 22:09
reusable KVAC based rate limiting tokens with O(1) server storage

Introduction

A blind signature based rate limiting tokens, or their keyed verification analogues (e.g. privacy pass) can be used to rate limit requests, but presents challenges with regards to stockpiling and interaction requirements (credential requests can be batched and done ahead of time subject to anti-stockpiling mitigations, but are still fundamentall O(N)).

The somewhat obvious idea (probably not novel, but I couldn't find a description) presented here uses the unlinkable multi-show property of anonymous credentials to construct token bucket filters with a one time setup, permitting non-interactive self-issuance of usage tokens whose honest usage is anonymous (tokens of a single credential or different credentials are indistinguishable).

One time set up

A client wishes to make repeated anonymous requests to a rate limited server.

@nothingmuch
nothingmuch / mkenvrc.nix
Created March 15, 2023 22:37
# This script lives in my home manager home.packages. I also have:
#
# programs.direnv.enable = true;
# programs.direnv.nix-direnv.enable = true;
#
# To enable a language, I use e.g.:
#
# nix registry add rust-direnv ~/code/dev-templates/rust
#
# where the directory is my local fork of https://github.com/the-nix-way/dev-templates
@nothingmuch
nothingmuch / multiparty_jpeg_subsidy.md
Last active February 7, 2023 14:49
An attack on multiparty protocols that can make some SegWit v1 inputs unfairly cheap

Summary

Since Taproot (more generally any kind of MAST) spends have variable size which depends on the path being used, the last such input to be signed in a multiparty transaction can always use a larger than estimated witness to unfairly extract a fee contribution from the other parties to the transaction (keeping the absolute fees the same and reducing the feerate for the transaction).

Attack Scenario

@nothingmuch
nothingmuch / Bitcoin Privacy Intro.org
Last active November 10, 2022 15:06
Notes for a presentation on Bitcoin privacy for the Des Femmes mentorship progarm

Bitcoin Privacy Introduction

Why privacy matters in Bitcoin

Celsius recent court filings provided a terrible and arguably avoidable loss of privacy for many of its customers, and will likely have chilling ripple effects for a long time to come. The goal of this presentation-turned-writeup is to give some context so that the reader can understand the consequences of such incidents and where to find more detailed information in order to mitigate such risks, and the tradeoffs that entails.

@nothingmuch
nothingmuch / WabiSabi explainer.org
Last active June 19, 2020 00:28
moved to https://github.com/zkSNACKs/WabiSabi/blob/master/explainer.md
@nothingmuch
nothingmuch / 1. zerolink modifications for 3 phase chaumian coinjoin.md
Last active April 18, 2020 14:01
personal notes on how to generalize chaumian coinjoin - superseded by https://github.com/zkSNACKs/WabiSabi
@nothingmuch
nothingmuch / coinjoin bookmarks.md
Last active May 6, 2022 13:03
@nothingmuch
nothingmuch / pay_to_hash_multisig.ivy
Last active November 16, 2019 18:40
context: https://twitter.com/mHaGqnOACyFm0h5/status/1195531541373423619
// PoC for 2-of-3 multisig where one of the keys is an opendime (sealed at time of scriptPubKey creation)
// see on https://ivy-lang.org/bitcoin
// the script ivy generates seems sub-optimal (some unconditional rotation and rolling of stack elements)
// but this is just a yucky PoC, and the ivy source is arguably easier to understand anyway
contract LockWithKeyHashMultisig(
pubKey1: PublicKey,
pubKey2: PublicKey,
pubKey3hash: Ripemd160(Sha256(PublicKey)), // opendime address
dummyKey: PublicKey, // should be a curve point with no known discrete log
@nothingmuch
nothingmuch / 1_exact_file_hash_matches_random_sample_of_full_guix_git_history.tsv
Last active June 14, 2019 05:28
packages for bitcoin deps, as of core 431d81b61ca968da2d7c25f0d56455a44cd46fed guix 30825c46298c70028f70da1470eadbadf1e0d858
We can make this file beautiful and searchable if this error is corrected: It looks like row 10 should actually have 5 columns, instead of 1. in line 9.
guix hash dependency source file guix revision package file line
1wl1x93b5w457ddsdgj0lh7yjq4q6l7wfbgwhagkc8fm2qkkrd0p expat-2.2.6.tar.bz2 HEAD gnu/packages/xml.scm 75
1wm4pv12f36cwzhldpp7vy3lhm3xdcnp4f184xkxsp7b18r7gm7x libXau-1.0.8.tar.bz2 HEAD gnu/packages/xorg.scm 4821
0dbfn5bznnrhqzvkrcmw4c44yvvpwdcsrvzxf4rk27r36b9x865m libXext-1.3.3.tar.bz2 HEAD gnu/packages/xorg.scm 4547
040rcs9fpv4bslhiy43v7dcrzakz4vwwpyqg4jp8bn24sl95ci7f protobuf-2.6.1.tar.bz2 HEAD gnu/packages/protobuf.scm 139
1c2vma9gqgc2v06rfxdiqgwhxmzk2cbmknwf1ng3m76vr0xb5x7k xextproto-7.3.0.tar.bz2 HEAD gnu/packages/xorg.scm 2369
18dighcs333gsvajvvgqp8l4cx7h1x7yx9gd5xacnk80spyykrf3 zlib-1.2.11.tar.gz HEAD gnu/packages/compression.scm 81
0jjirhw6xwz2ffmbg5kr79108l8i1bdaw7szc67n3qpkygaxsjb0 dbus-1.10.18.tar.gz d8048a1212e880ce360aaf1b32f4bf3c84e51028 gnu/packages/glib.scm 78
1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl fontconfig-2.12.1.tar.bz2 ab4e939c50b579eaee634c7c90c600f9c9f3aa3f gnu/packages/fontutils.scm 233
121gm15ayfg3rglby8ifh8384
@nothingmuch
nothingmuch / disconnect_slowest.sh
Last active January 19, 2019 11:56
#!/bin/bash
set -e
echo "Pinging peers..."
bitcoin-cli ping
sleep 2
# loop until all but 2 slowest peers have responded