paulmillr

// https://www.rfc-editor.org/rfc/rfc4648.txt
const ALPHABET = 'abcdefghijklmnopqrstuvwxyz234567';

export function encode(data: Uint8Array): string {
  let bits = 0;
  let cur = 0;
  let output = '';
  for (let i = 0; i < data.length; i++) {
    cur = (cur << 8) | data[i];
    bits += 8;

paulmillr

verify_multi_aggregate/verify_multi_aggregate/8                                                                             
                        time:   [2.3732 ms 2.4034 ms 2.4348 ms]
Found 2 outliers among 100 measurements (2.00%)
  2 (2.00%) high mild
verify_multi_aggregate/verify_multi_aggregate/16                                                                             
                        time:   [3.4727 ms 3.4913 ms 3.5106 ms]
verify_multi_aggregate/verify_multi_aggregate/32                                                                            
                        time:   [5.8451 ms 5.8785 ms 5.9125 ms]
Found 1 outliers among 100 measurements (1.00%)
  1 (1.00%) high mild

paulmillr

#! /usr/bin/env python3

# This file is dual-licensed.  Choose whichever licence you want from
# the two licences listed below.
#
# The first licence is a regular 2-clause BSD licence.  The second licence
# is the CC-0 from Creative Commons. It is intended to release Monocypher
# to the public domain.  The BSD licence serves as a fallback option.
#
# SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0

paulmillr

const ed = require('noble-ed25519');
const D = ed.Point.fromHex(ed.utils.TORSION_SUBGROUP[3]) // 26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05
// Point {
//   x: 14399317868200118260347934320527232580618823971194345261214217575416788799818n,
//   y: 2707385501144840649318225287225658788936804267575313519463743609750303402022n
//}
const privateKey = '01020304050607080910111213141516';
const P = ed.Point.BASE.multiply(BigInt('0x'+privateKey))
// Point {
//   x: 759756512641423873946439870058443608688414856670287422413795292548523931103n,

paulmillr

# Generated by iptables-save v1.8.4 on Sat May 30 03:09:50 2020
*filter
:INPUT ACCEPT [5482791635:734844839963]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6170704752:839626854547]
-A OUTPUT -s 100.64.0.0/10 -j DROP
-A OUTPUT -s 192.168.0.0/16 -j DROP
-A OUTPUT -s 172.16.0.0/12 -j DROP
-A OUTPUT -s 10.0.0.0/8 -j DROP
-A OUTPUT -s 192.0.0.0/24 -j DROP

paulmillr

Proving ownership of
- paulmillr.com/pgp_proof.txt via paulmillr.com/pgp_proof.txt.asc
- twitter.com/paulmillr
- github.com/paulmillr via gist.github.com/paulmillr/cb3ad3b9cd4ac849eb1def3634f93421

Paul Miller (PGP 46BEEF337A641ABB) on 15 Apr 2020

Full pubkey:

-----BEGIN PGP PUBLIC KEY BLOCK-----

paulmillr

function pow_2_252_3_fast(t: bigint) {
  const t0 = mod(t * t);
  const t1 = mod(t0 ** 4n);
  const t2 = mod(t * t1);
  const t3 = mod(t0 * t2);
  const t5 = mod(t2 * t3 * t3);
  let t7 = t5;
  for (let i = 0; i < 5; i++) {
    t7 *= t7;
    t7 %= P;

paulmillr

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).

---

I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

paulmillr

BLS Signature for Busy People

Summary

• BLS stands for

  • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
  • Boneh-Lynn-Shacham: A Signature Scheme.

• Signature Aggregation

  • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.

paulmillr

use std::env::args;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::path::Path;
use std::thread;

// grep 6 times faster than unix `grep` CLI

fn read_print(filename: String, matcher: String) {
  let path = Path::new(&filename);