Viewing posts for the category Cryptography

Ring signatures

Posted by: Adam Gibson | in Cryptography | 7 months ago | 0 comments


  • Basic goal of 1-of-\(N\) ring signatures
  • Recap: the \(\Sigma\)-protocol
  • OR of \(\Sigma\)-protocols, CDS 1994
  • Abe-Ohkubo-Suzuki (AOS) 2002 (broken version)
  • Security weaknesses
  • Key prefixing
  • Borromean, Maxwell-Poelstra 2015
  • Linkability and exculpability
  • AND of \(\Sigma\)-protocols, DLEQ
  • Liu-Wei-Wong 2004
  • Security arguments for the LWW LSAG
  • Back 2015; compression, single-use
  • Fujisaki-Suzuki 2007 and Cryptonote 2014
  • Monero MLSAG

Basic goal of 1-of-\(N\) ring signatures

The idea of a ring signature (the term itself is a bit sloppy in context, but let's stick with it for now) is simple enough:

Liars, cheats, scammers and the Schnorr signature

Posted by: Adam Gibson | in Cryptography | 7 months, 1 week ago | 1 comment

How sure are you that the cryptography underlying Bitcoin is secure? With regard to one future development of Bitcoin's crypto, in discussions in public fora, I have more than once confidently asserted "well, but the Schnorr signature has a security reduction to ECDLP". Three comments on that before we begin:

Finessing commitments

Posted by: Adam Gibson | in Bitcoin, Cryptography | 7 months, 3 weeks ago | 4 comments


This post was mostly prompted by a long series of discussions had online and in person with many people, including in particular Adam Back and Tim Ruffing (but lots of others!) - and certainly not restricted to discussions I took part in - about the tradeoffs in a version of Bitcoin that does actually use Confidential Transactions.

The half scriptless swap

Posted by: Adam Gibson | in Bitcoin, Cryptography | 1 year, 2 months ago | 0 comments

A curious, hybrid, unlinkable, signature algorithm independent atomic swap

(**THIS ALGORITHM IS BROKEN** .. OOPS! LEAVING FOR POSTERITY, BUT I HAVE MARKED WITH *** A COMMENT IN THE BELOW THAT IDENTIFIES THE FLAW IN THE REASONING. Also, there is a way I think it could be made to work, but only in a more restricted context than initially envisioned; again, see the comment below marked with ***).

From Zero Knowledge Proofs to Bulletproofs Paper

Posted by: Adam Gibson | in Cryptography | 1 year, 6 months ago | 2 comments

I've spent the last few weeks working on this paper, which comes out of my own desire to understand the technical underpinnings of Bulletproofs (see my previous post). It ends up being a walkthrough of sections of three academic papers, with "Asides" along the ways about various supporting concepts like Commitments and Zero Knowledge Proofs.