Skip to content

Instantly share code, notes, and snippets.

View base32.ts
// https://www.rfc-editor.org/rfc/rfc4648.txt
const ALPHABET = 'abcdefghijklmnopqrstuvwxyz234567';
export function encode(data: Uint8Array): string {
let bits = 0;
let cur = 0;
let output = '';
for (let i = 0; i < data.length; i++) {
cur = (cur << 8) | data[i];
bits += 8;
@paulmillr
paulmillr / blst-benchmarks.txt
Last active Oct 28, 2020
blst bls12-381 benchmarks @ 29 Oct 2020, Core i9-8950HK 2.9GHz, rust
View blst-benchmarks.txt
verify_multi_aggregate/verify_multi_aggregate/8
time: [2.3732 ms 2.4034 ms 2.4348 ms]
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high mild
verify_multi_aggregate/verify_multi_aggregate/16
time: [3.4727 ms 3.4913 ms 3.5106 ms]
verify_multi_aggregate/verify_multi_aggregate/32
time: [5.8451 ms 5.8785 ms 5.9125 ms]
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild
View elligator.py
#! /usr/bin/env python3
# This file is dual-licensed. Choose whichever licence you want from
# the two licences listed below.
#
# The first licence is a regular 2-clause BSD licence. The second licence
# is the CC-0 from Creative Commons. It is intended to release Monocypher
# to the public domain. The BSD licence serves as a fallback option.
#
# SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
@paulmillr
paulmillr / ed25519-bug.js
Created May 30, 2020
Torsion safe representatives in ed25519
View ed25519-bug.js
const ed = require('noble-ed25519');
const D = ed.Point.fromHex(ed.utils.TORSION_SUBGROUP[3]) // 26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05
// Point {
// x: 14399317868200118260347934320527232580618823971194345261214217575416788799818n,
// y: 2707385501144840649318225287225658788936804267575313519463743609750303402022n
//}
const privateKey = '01020304050607080910111213141516';
const P = ed.Point.BASE.multiply(BigInt('0x'+privateKey))
// Point {
// x: 759756512641423873946439870058443608688414856670287422413795292548523931103n,
@paulmillr
paulmillr / iptables-v4
Created May 30, 2020
Iptables for hetzner node
View iptables-v4
# Generated by iptables-save v1.8.4 on Sat May 30 03:09:50 2020
*filter
:INPUT ACCEPT [5482791635:734844839963]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6170704752:839626854547]
-A OUTPUT -s 100.64.0.0/10 -j DROP
-A OUTPUT -s 192.168.0.0/16 -j DROP
-A OUTPUT -s 172.16.0.0/12 -j DROP
-A OUTPUT -s 10.0.0.0/8 -j DROP
-A OUTPUT -s 192.0.0.0/24 -j DROP
@paulmillr
paulmillr / pgp_proof.txt
Last active Apr 15, 2020
PGP verification
View pgp_proof.txt
Proving ownership of
- paulmillr.com/pgp_proof.txt via paulmillr.com/pgp_proof.txt.asc
- twitter.com/paulmillr
- github.com/paulmillr via gist.github.com/paulmillr/cb3ad3b9cd4ac849eb1def3634f93421
Paul Miller (PGP 46BEEF337A641ABB) on 15 Apr 2020
Full pubkey:
-----BEGIN PGP PUBLIC KEY BLOCK-----
@paulmillr
paulmillr / expo.ts
Created Apr 9, 2020
Fast exponent 2_252_minus_3
View expo.ts
function pow_2_252_3_fast(t: bigint) {
const t0 = mod(t * t);
const t1 = mod(t0 ** 4n);
const t2 = mod(t * t1);
const t3 = mod(t0 * t2);
const t5 = mod(t2 * t3 * t3);
let t7 = t5;
for (let i = 0; i < 5; i++) {
t7 *= t7;
t7 %= P;
View secp256k1-endomorphism.md

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).


I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

@paulmillr
paulmillr / BLS_Signature.md
Created Mar 31, 2020 — forked from hermanjunge/BLS_Signature.md
BLS Signature for Busy People
View BLS_Signature.md

BLS Signature for Busy People

Summary

  • BLS stands for

    • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
    • Boneh-Lynn-Shacham: A Signature Scheme.
  • Signature Aggregation

    • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.
View parallel_grep.rs
use std::env::args;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::path::Path;
use std::thread;
// grep 6 times faster than unix `grep` CLI
fn read_print(filename: String, matcher: String) {
let path = Path::new(&filename);