Skip to content

Instantly share code, notes, and snippets.


Paul Miller paulmillr

View GitHub Profile
paulmillr / ed25519-bug.js
Created May 30, 2020
Torsion safe representatives in ed25519
View ed25519-bug.js
const ed = require('noble-ed25519');
const D = ed.Point.fromHex(ed.utils.TORSION_SUBGROUP[3]) // 26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05
// Point {
// x: 14399317868200118260347934320527232580618823971194345261214217575416788799818n,
// y: 2707385501144840649318225287225658788936804267575313519463743609750303402022n
const privateKey = '01020304050607080910111213141516';
const P = ed.Point.BASE.multiply(BigInt('0x'+privateKey))
// Point {
// x: 759756512641423873946439870058443608688414856670287422413795292548523931103n,
paulmillr / iptables-v4
Created May 30, 2020
Iptables for hetzner node
View iptables-v4
# Generated by iptables-save v1.8.4 on Sat May 30 03:09:50 2020
:INPUT ACCEPT [5482791635:734844839963]
:OUTPUT ACCEPT [6170704752:839626854547]
View bls12-jacobian.ts
export class JacobianPoint<T> {
public x: Field<T>,
public y: Field<T>,
public z: Field<T>,
public C: Constructor<T>
) {}
getZero() {
return new ProjectivePoint(this.C.ZERO, this.C.ONE, this.C.ZERO, this.C);
View edwards.ts
// Default Point works in default aka affine coordinates: (x, y)
// Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy)
class BaseExtendedPoint {
constructor(public x: bigint, public y: bigint, public z: bigint, public t: bigint) {}
static BASE = new ExtendedPoint(CURVE.Gx, CURVE.Gy, 1n, mod(CURVE.Gx * CURVE.Gy));
static ZERO = new ExtendedPoint(0n, 1n, 1n, 0n);
static fromAffine(p: Point): ExtendedPoint {
paulmillr / pgp_proof.txt
Last active Apr 15, 2020
PGP verification
View pgp_proof.txt
Proving ownership of
- via
- via
Paul Miller (PGP 46BEEF337A641ABB) on 15 Apr 2020
Full pubkey:
paulmillr / expo.ts
Created Apr 9, 2020
Fast exponent 2_252_minus_3
View expo.ts
function pow_2_252_3_fast(t: bigint) {
const t0 = mod(t * t);
const t1 = mod(t0 ** 4n);
const t2 = mod(t * t1);
const t3 = mod(t0 * t2);
const t5 = mod(t2 * t3 * t3);
let t7 = t5;
for (let i = 0; i < 5; i++) {
t7 *= t7;
t7 %= P;

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).

I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

paulmillr /
Created Mar 31, 2020 — forked from hermanjunge/
BLS Signature for Busy People

BLS Signature for Busy People


  • BLS stands for

    • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
    • Boneh-Lynn-Shacham: A Signature Scheme.
  • Signature Aggregation

    • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.
use std::env::args;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::path::Path;
use std::thread;
// grep 6 times faster than unix `grep` CLI
fn read_print(filename: String, matcher: String) {
let path = Path::new(&filename);

A simple file encryption tool & format

Filippo Valsorda (@FiloSottile) — Ben Cartwright-Cox (@Benjojo12)

Designed at the Recurse Center during NGW 2019

This is a design for a simple file encryption CLI tool, Go library, and format. It’s meant to replace the use of gpg for encrypting files, backups, streams, etc. It’s called "age", which might be an acronym for Actually Good Encryption, and it’s pronounced like the Japanese 上げ (with a hard g).

You can’t perform that action at this time.