Viewing posts by Adam Gibson

Ring signatures

Posted by: Adam Gibson | in Cryptography | 3 weeks, 6 days ago | 0 comments


  • Basic goal of 1-of-\(N\) ring signatures
  • Recap: the \(\Sigma\)-protocol
  • OR of \(\Sigma\)-protocols, CDS 1994
  • Abe-Ohkubo-Suzuki (AOS) 2002 (broken version)
  • Security weaknesses
  • Key prefixing
  • Borromean, Maxwell-Poelstra 2015
  • Linkability and exculpability
  • AND of \(\Sigma\)-protocols, DLEQ
  • Liu-Wei-Wong 2004
  • Security arguments for the LWW LSAG
  • Back 2015; compression, single-use
  • Fujisaki-Suzuki 2007 and Cryptonote 2014
  • Monero MLSAG

Basic goal of 1-of-\(N\) ring signatures

The idea of a ring signature (the term itself is a bit sloppy in context, but let's stick with it for now) is simple enough:

Liars, cheats, scammers and the Schnorr signature

Posted by: Adam Gibson | in Cryptography | 1 month ago | 1 comment

How sure are you that the cryptography underlying Bitcoin is secure? With regard to one future development of Bitcoin's crypto, in discussions in public fora, I have more than once confidently asserted "well, but the Schnorr signature has a security reduction to ECDLP". Three comments on that before we begin:

Finessing commitments

Posted by: Adam Gibson | in Bitcoin, Cryptography | 1 month, 2 weeks ago | 2 comments


This post was mostly prompted by a long series of discussions had online and in person with many people, including in particular Adam Back and Tim Ruffing (but lots of others!) - and certainly not restricted to discussions I took part in - about the tradeoffs in a version of Bitcoin that does actually use Confidential Transactions.


Posted by: Adam Gibson | in Bitcoin | 2 months ago | 0 comments


Payjoin - a basic demo

Posted by: Adam Gibson | in Bitcoin, Joinmarket, Testing | 2 months ago | 0 comments

I'll shortly be writing a blog post about the idea of "PayJoin", which is a variant of what's sometimes been called "Pay-To-Endpoint" coinjoin, or "p2ep".