Skip to content

Instantly share code, notes, and snippets.


Paul Miller paulmillr

Block or report user

Report or block paulmillr

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View bls12-jacobian.ts
export class JacobianPoint<T> {
public x: Field<T>,
public y: Field<T>,
public z: Field<T>,
public C: Constructor<T>
) {}
getZero() {
return new ProjectivePoint(this.C.ZERO, this.C.ONE, this.C.ZERO, this.C);
View edwards.ts
// Default Point works in default aka affine coordinates: (x, y)
// Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy)
class BaseExtendedPoint {
constructor(public x: bigint, public y: bigint, public z: bigint, public t: bigint) {}
static BASE = new ExtendedPoint(CURVE.Gx, CURVE.Gy, 1n, mod(CURVE.Gx * CURVE.Gy));
static ZERO = new ExtendedPoint(0n, 1n, 1n, 0n);
static fromAffine(p: Point): ExtendedPoint {
paulmillr / pgp_proof.txt
Last active Apr 15, 2020
PGP verification
View pgp_proof.txt
Proving ownership of
- via
- via
Paul Miller (PGP 46BEEF337A641ABB) on 15 Apr 2020
Full pubkey:
paulmillr / expo.ts
Created Apr 9, 2020
Fast exponent 2_252_minus_3
View expo.ts
function pow_2_252_3_fast(t: bigint) {
const t0 = mod(t * t);
const t1 = mod(t0 ** 4n);
const t2 = mod(t * t1);
const t3 = mod(t0 * t2);
const t5 = mod(t2 * t3 * t3);
let t7 = t5;
for (let i = 0; i < 5; i++) {
t7 *= t7;
t7 %= P;
paulmillr /
Created Apr 3, 2020
Speed-up secp256k1 by using endomorphism

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).

I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

paulmillr /
Created Mar 31, 2020 — forked from hermanjunge/
BLS Signature for Busy People

BLS Signature for Busy People


  • BLS stands for

    • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
    • Boneh-Lynn-Shacham: A Signature Scheme.
  • Signature Aggregation

    • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.
use std::env::args;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::path::Path;
use std::thread;
// grep 6 times faster than unix `grep` CLI
fn read_print(filename: String, matcher: String) {
let path = Path::new(&filename);

A simple file encryption tool & format

Filippo Valsorda (@FiloSottile) — Ben Cartwright-Cox (@Benjojo12)

Designed at the Recurse Center during NGW 2019

This is a design for a simple file encryption CLI tool, Go library, and format. It’s meant to replace the use of gpg for encrypting files, backups, streams, etc. It’s called "age", which might be an acronym for Actually Good Encryption, and it’s pronounced like the Japanese 上げ (with a hard g).


Keybase proof

I hereby claim:

  • I am paulmillr on github.
  • I am paulmillr ( on keybase.
  • I have a public key whose fingerprint is E0B4 E9E1 A4B9 C96F 889E 6C6F 6128 0CD9 A383 C2E5

To claim this, I am signing this object:

paulmillr / iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global
Created Apr 7, 2018
iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment
View iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global

iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment

This post by a security researcher who prefers to remain anonymous will elucidate concerns about certain problematic decisions Apple has made and caution about future decisions made in the name of “security” while potentially hiding questionable motives. The content of this article represents only the opinion of the researcher. The researcher apologises if any content is seen to be inaccurate, and is open to comments or questions through PGP-encrypted mail.


You can’t perform that action at this time.