From what I understand, AOPP doesn't work for general BTC addresses. It requires a single key address. Exchanges thus force users into certain wallet policies. Have they even looked at BIP322?

https://gitlab.com/aopp/address-ownership-proof-protocol/-/tree/master
https://github.com/bitcoin/bips/blob/master/bip-0322.mediawiki

**Kalle Rosenbaum** @[email protected] · Jan 20, 2022, 20:22

**Kalle Rosenbaum** @[email protected] · Jan 20, 2022, 20:22

Jan 20, 2022, 20:22

Kalle Rosenbaum @[email protected]

@mullvadnet Got help on Twitter from ajtowns https://twitter.com/ajtowns/status/1484238854995742725?s=20

Show thread

**Kalle Rosenbaum** @[email protected] · Jan 20, 2022, 18:14

**Kalle Rosenbaum** @[email protected] · Jan 20, 2022, 18:14

Jan 20, 2022, 18:14

Kalle Rosenbaum @[email protected]

IRC/VPN issue: Why can't I connect to libera using HexChat on debian 11 when connected to @mullvadnet VPN? The following cycles every 10s. It works fine if I disconnect from Mullvad. Is it "Couldn't look up your hostname"? If so, what can I do about it?

98777e9c81489cff.png

**Kalle Rosenbaum** · Jan 19, 2022, 11:27

Kalle Rosenbaum boosted

**Stephan Livera** @[email protected] · Jan 19, 2022, 11:27

Jan 19, 2022, 11:27

Stephan Livera @[email protected]

Just two more pandemics, then back to normal guys 🤡

**Kalle Rosenbaum** · Jan 17, 2022, 09:51

Kalle Rosenbaum boosted

**0xB10C** @[email protected] · Jan 17, 2022, 09:51

Jan 17, 2022, 09:51

0xB10C @[email protected]

I solved @robot__dreams first Bitcoin-flavored cryptography challenge (https://gist.github.com/robot-dreams/669c13bc724fdeb9af8460c9b64d5665) with the help of @kalle Schnorr Basics explainer (https://popeller.io/schnorr-basics).

Here's a write-up (and spoiler).

https://b10c.me/blog/009-schnorr-nonce-reuse-challenge/

**Kalle Rosenbaum** @[email protected] · Jan 14, 2022, 13:49

**Kalle Rosenbaum** @[email protected] · Jan 14, 2022, 13:49

Jan 14, 2022, 13:49

Kalle Rosenbaum @[email protected]

As a follow-up on my Schnorr Basics post, I just published a walk-through of the MuSig2 protocol for Schnorr multi-signatures.

With illustrations to make it look less intimidating!

https://popeller.io/schnorr-musig2

**Kalle Rosenbaum** · Dec 26, 2021, 23:57

Kalle Rosenbaum boosted

**Sir Scott** @[email protected] · Dec 26, 2021, 23:57

Dec 26, 2021, 23:57

Sir Scott @[email protected]

Today, James Webb telescope switched on camera to acquire 1st image from deep space.

2cba4ee4e047d46c.jpeg

**Kalle Rosenbaum** · Dec 26, 2021, 09:31

Kalle Rosenbaum boosted

**waxwing** @[email protected] · Dec 26, 2021, 09:31

Dec 26, 2021, 09:31

waxwing @[email protected]

More moronic behaviour from the Binance casino:

https://bitcoin.stackexchange.com/a/111441

Give them a taproot withdrawal address, they *literally change the address*, just changing the segwit version from 1 to 0, (valid because P2WSH length) because ... lol?

People sometimes say 'why do you care if the exchange does shitcoins?'. This is why. They just burned ~7.5K of this guy's money. He'll probably get it back because they're so rich they don't care, but he'll have to argue with them first.

#bitcoin

**Kalle Rosenbaum** · Dec 26, 2021, 09:55

Kalle Rosenbaum boosted

**waxwing** @[email protected] · Dec 26, 2021, 09:55

Dec 26, 2021, 09:55

waxwing @[email protected]

Customer "support": https://ibb.co/tZq4txt

Address where the permanently destroyed money went:

https://mempool.space/address/bc1qfdjlc5p92pxzvacgc5nhn3vgtt54e98472ymxgtejaa0ttdx8lkqgy3xdq

In 2017/2018 I got very militant about calling Coinbase traitors and incompetent and scumbags and so on; they all out attacked Bitcoin.
This kind of behaviour is a bit different: it only indicates they care so little that one dumbass decision from one noob backend engineer ('oh, if I replace p with q, it works!!') is the level of attention they pay to Bitcoin.

Show thread

**Kalle Rosenbaum** @[email protected] · Dec 22, 2021, 13:25

**Kalle Rosenbaum** @[email protected] · Dec 22, 2021, 13:25

Dec 22, 2021, 13:25

Kalle Rosenbaum @[email protected]

What's the purpose of having the nonce commitment, R, in the challenge of of a Schnorr signature?

The only reason I can come up with is malleability. if R isn't part of the challenge and (R,s) is valid for a message m and key P, then (R+xG,s+x) is also valid for m and P.

Are there other issues than this?

ping @waxwing https://x0f.org/@waxwing/107486175670399976

**Kalle Rosenbaum** @[email protected] · Dec 21, 2021, 16:14

**Kalle Rosenbaum** @[email protected] · Dec 21, 2021, 16:14

Dec 21, 2021, 16:14

Kalle Rosenbaum @[email protected]

Just published: Schnorr Basics.

* How Schnorr signatures work
* Why use a nonce?
* Why is the nonce private?
* Why is nonce reuse bad?

Thoroughly unreviewed by experts, please comment with corrections.

https://popeller.io/schnorr-basics

**Kalle Rosenbaum** @[email protected] · Dec 15, 2021, 14:41

**Kalle Rosenbaum** @[email protected] · Dec 15, 2021, 14:41

Dec 15, 2021, 14:41

Kalle Rosenbaum @[email protected]

Found this FROST project by Jesse Posner that aims to implement threshold sigs for Bitcoin: https://github.com/jesseposner/FROST-BIP340/blob/main/frost.py

Show thread

**Kalle Rosenbaum** @[email protected] · Dec 15, 2021, 10:41

**Kalle Rosenbaum** @[email protected] · Dec 15, 2021, 10:41

Dec 15, 2021, 10:41

Kalle Rosenbaum @[email protected]

What's the current status of threshold (t-of-n) signatures in Bitcoin? Most material I've found is about musig2 for multisignatures (n-on-n).

Is actual threshold sigs possible, and with what limitations?

I know you can "cheat" by using key-path multisignature for the most common set of t signers, and separate multisignature script paths for each of the other sets.