Blog

Viewing posts for the category Cryptography

Schnorrless Scriptless Scripts

Posted by: Adam Gibson | in Bitcoin, Cryptography | 3 months ago | 0 comments

Introduction

The weekend of April 4th-5th 2020 we had a remote "Lightning Hacksprint" organized by the ever-excellent Fulmo, one Challenge was related to "Payment Points" (see here; see lots more info about the hacksprint at that wiki) and was based around a new innovation recently seen in the world of adaptor signatures. Work was led by Nadav Kohen of Suredbits and Jonas Nick of Blockstream; the latter's API for the tech described below can be seen currently as a PR to the secp256k1 project here. The output from Suredbits was a demo as show here on their youtube, a PTLC (point time locked contract, see their blog for more details on that).

Avoiding Wagnerian tragedies

Posted by: Adam Gibson | in Cryptography | 8 months ago | 0 comments

This blog post is all about this paper by David Wagner from 2002.

Ring signatures

Posted by: Adam Gibson | in Cryptography | 1 year, 4 months ago | 1 comment

Outline:

  • Basic goal of 1-of-\(N\) ring signatures
  • Recap: the \(\Sigma\)-protocol
  • OR of \(\Sigma\)-protocols, CDS 1994
  • Abe-Ohkubo-Suzuki (AOS) 2002 (broken version)
  • Security weaknesses
  • Key prefixing
  • Borromean, Maxwell-Poelstra 2015
  • Linkability and exculpability
  • AND of \(\Sigma\)-protocols, DLEQ
  • Liu-Wei-Wong 2004
  • Security arguments for the LWW LSAG
  • Back 2015; compression, single-use
  • Fujisaki-Suzuki 2007 and Cryptonote 2014
  • Monero MLSAG

Basic goal of 1-of-\(N\) ring signatures

The idea of a ring signature (the term itself is a bit sloppy in context, but let's stick with it for now) is simple enough:

Liars, cheats, scammers and the Schnorr signature

Posted by: Adam Gibson | in Cryptography | 1 year, 4 months ago | 1 comment

How sure are you that the cryptography underlying Bitcoin is secure? With regard to one future development of Bitcoin's crypto, in discussions in public fora, I have more than once confidently asserted "well, but the Schnorr signature has a security reduction to ECDLP". Three comments on that before we begin:

Finessing commitments

Posted by: Adam Gibson | in Bitcoin, Cryptography | 1 year, 5 months ago | 4 comments

Introduction

This post was mostly prompted by a long series of discussions had online and in person with many people, including in particular Adam Back and Tim Ruffing (but lots of others!) - and certainly not restricted to discussions I took part in - about the tradeoffs in a version of Bitcoin that does actually use Confidential Transactions.