Skip to content

Instantly share code, notes, and snippets.

paulmillr / blst-benchmarks.txt
Last active Oct 28, 2020
blst bls12-381 benchmarks @ 29 Oct 2020, Core i9-8950HK 2.9GHz, rust
View blst-benchmarks.txt
time: [2.3732 ms 2.4034 ms 2.4348 ms]
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high mild
time: [3.4727 ms 3.4913 ms 3.5106 ms]
time: [5.8451 ms 5.8785 ms 5.9125 ms]
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild
#! /usr/bin/env python3
# This file is dual-licensed. Choose whichever licence you want from
# the two licences listed below.
# The first licence is a regular 2-clause BSD licence. The second licence
# is the CC-0 from Creative Commons. It is intended to release Monocypher
# to the public domain. The BSD licence serves as a fallback option.
# SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
paulmillr / ed25519-bug.js
Created May 30, 2020
Torsion safe representatives in ed25519
View ed25519-bug.js
const ed = require('noble-ed25519');
const D = ed.Point.fromHex(ed.utils.TORSION_SUBGROUP[3]) // 26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05
// Point {
// x: 14399317868200118260347934320527232580618823971194345261214217575416788799818n,
// y: 2707385501144840649318225287225658788936804267575313519463743609750303402022n
const privateKey = '01020304050607080910111213141516';
const P = ed.Point.BASE.multiply(BigInt('0x'+privateKey))
// Point {
// x: 759756512641423873946439870058443608688414856670287422413795292548523931103n,
paulmillr / iptables-v4
Created May 30, 2020
Iptables for hetzner node
View iptables-v4
# Generated by iptables-save v1.8.4 on Sat May 30 03:09:50 2020
:INPUT ACCEPT [5482791635:734844839963]
:OUTPUT ACCEPT [6170704752:839626854547]
paulmillr / pgp_proof.txt
Last active Apr 15, 2020
PGP verification
View pgp_proof.txt
Proving ownership of
- via
- via
Paul Miller (PGP 46BEEF337A641ABB) on 15 Apr 2020
Full pubkey:
paulmillr / expo.ts
Created Apr 9, 2020
Fast exponent 2_252_minus_3
View expo.ts
function pow_2_252_3_fast(t: bigint) {
const t0 = mod(t * t);
const t1 = mod(t0 ** 4n);
const t2 = mod(t * t1);
const t3 = mod(t0 * t2);
const t5 = mod(t2 * t3 * t3);
let t7 = t5;
for (let i = 0; i < 5; i++) {
t7 *= t7;
t7 %= P;

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).

I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

paulmillr /
Created Mar 31, 2020 — forked from hermanjunge/
BLS Signature for Busy People

BLS Signature for Busy People


  • BLS stands for

    • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
    • Boneh-Lynn-Shacham: A Signature Scheme.
  • Signature Aggregation

    • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.
use std::env::args;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::path::Path;
use std::thread;
// grep 6 times faster than unix `grep` CLI
fn read_print(filename: String, matcher: String) {
let path = Path::new(&filename);

A simple file encryption tool & format

Filippo Valsorda (@FiloSottile) — Ben Cartwright-Cox (@Benjojo12)

Designed at the Recurse Center during NGW 2019

This is a design for a simple file encryption CLI tool, Go library, and format. It’s meant to replace the use of gpg for encrypting files, backups, streams, etc. It’s called "age", which might be an acronym for Actually Good Encryption, and it’s pronounced like the Japanese 上げ (with a hard g).