One last update to eprint.iacr.org/2021/1023 "SIDH Proof of Knowledge" 😢
(with , , Lukas Zobernig)
But proofs of isogeny knowledge are not dead yet 💪. See you at #Asiacrypt!
read image description
ALT
4
5
34
Follow
Click to Follow meshcollider
Samuel Dobson
@meshcollider
Mathematician & computer scientist - PhD (mathematics) from
Aotearoa | New ZealandJoined September 2014
Samuel Dobson’s Tweets
Starting next week: VaNTAGe seminar series on isogeny-based cryptosystems
12
12
24
Show this thread
You could have broken SIDH. yx7.cc/blah/2022-08-2
13
36
97
Next version of Bouncy Castle will also include CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and other algorithms! It is available as beta right now at downloads.bouncycastle.org/betas/ 🎉. A great way to experiment (with care!) with the schemes being standardized by NIST.
Quote Tweet
BC Java 1.71 is now available for download. Addition of PQC Classic McEliece, FrodoKEM, and SABER. All in PQC provider with SPHINCS+. Additions to OpenPGP and ETSI ITS as well. Improvements and bug fixes. See bouncycastle.org/latest_release
1
12
25
In this preprint, in order to counter the Castryck-Decru attack (and derivatives), we suggest to use a fixed degree, but then mask only the torsion point information. How do we do that and why is this worth exploring? A thread! 1/n
Quote Tweet
#ePrint SIDH with masked torsion point images: TB Fouotsa ia.cr/2022/1054
1
12
36
Show this thread
Not bad
Quote Tweet
#ePrint SIDH with masked torsion point images: TB Fouotsa ia.cr/2022/1054
1
1
4
In which a blogger finds the private key used to sign Hyundai car software updates … by googling it. They used a key pair from a popular tutorial. 😂😂😂
217
4,852
22.9K
Show this thread
I just posted an updated and clarified version of my previous paper (which was too hastily written...) on breaking SIDH: eprint.iacr.org/2022/1038.pdf
1
22
52
Show this thread
9
64
184
Show this thread
#ePrint An efficient key recovery attack on SIDH (preliminary version): W Castryck, T Decru ia.cr/2022/975
19
263
440
Congratulations to , who successfully defended his PhD thesis "Key Exchange and Zero-Knowledge Proofs from Isogenies and Hyperelliptic Curves" this morning.
6
8
105
On Thursday I am giving an online seminar on isogeny proofs of knowledge
3
15
56
This paper got less attention than I thought it would. Among its claims is that BIP32 (used extensively by Bitcoin but also many other blockchains) offers 91 bits of security. I always assumed some low n?<128, but not so low. Given BIP32 is a decade old it was overdue for review.
Quote Tweet
#ePrint The Exact Security of BIP32 Wallets: P Das, A Erwig, S Faust, J Loss, S Riahi ia.cr/2021/1287
4
13
39
Show this thread
An alpha version of my coinswap project is released!
lists.linuxfoundation.org/pipermail/bitc
Doesnt have all the features yet, but works on regtest, signet and mainnet
Imagine a new privacy tech for bitcoin, like coinjoin, but cant be blocked b/c the txes look exactly the same as regular txes
30
157
389
PhD Thesis submitted✅🎉
Has been a great journey, thank you for your excellent supervision!
Now the wait for the examiners' reports begins 😎
Quote Tweet
Two of my students submitted their theses in the last few days. MSc student Pabasara Athukorala wrote on groups of unknown order and Sutherland's algorithm. PhD student Samuel Dobson @meshcollider on isogenies and groups of unknown order.
22
11
198
Why are you idiots using TOOLS? JUST👏BE👏BETTER👏CODERS👏
Quote Tweet
I do wonder why anyone thinks that it’s a good idea to not just fix a bug the moment you become aware of it. Bug-tracking systems have always struck me as weird. Don’t track them; fix them.
Show this thread
23
30
331
Show this thread
2
75
145
I really enjoy Russell O'Connor's refreshingly cogent thinking. Worth reading:
lists.linuxfoundation.org/pipermail/bitc
"Given the overlap... between CTV and ANYPREVOUT, ... makes sense to decompose their operations into their constituent pieces and reassemble their behavior programmatically."
8
23
57
BIU's 12th annual winter school on cryptography is taking place right now. All lectures are uploaded to our Youtube channel every night youtube.com/channel/UCQlhk, and the slides are on the school website cyber.biu.ac.il/event/the-12th
4
43
121
Show this thread
Support for Apple M1 (arm64) has been added to our release (Guix) build system, so we should be able to provide M1 binaries for the 23.0 release of Bitcoin Core
7
45
I often find Bitcoin Stack Exchange the best resource to get a quick overview about almost any Bitcoin related question. Thank you Murch for all that fantastic work!
Quote Tweet
I just realized that I've written answers for one in every twenty-one questions on Bitcoin Stack Exchange. I've written 1,356 answers and we have 28,106 questions. 
Show this thread
1
5
36
Major update to our paper "SIDH Proof of Knowledge" with . Previous version had an error, pointed out by Javad Doliskani. New version has an improved proof strategy.
eprint.iacr.org/2021/1023
5
19
We're looking for a crypto engineer that works with Research on {,rust-}secp256k1{,-zkp} and new crypto for Bitcoin and L2s. Really excited to welcome a new team member!
If you have Qs don't hesitate to reach out to me directly (DMs open).
8
38
107
Incorrectly constructed Taproot outputs have burned funds on the bitcoin blockchain, here is our blog post pointing out those UTXOs.
If you are a bitcoin developer, make sure you are following the BIP340 public key spec before using Taproot outputs!
7
34
106
Some code to test this out can be found here:
github.com/meshcollider/m
Please don't use it for real #Bitcoin though, it is definitely not ready for production usage!
But it's still fun to test it out 😁
2
5
29
Show this thread
Normal bitcoin multisignatures (OP_CHECKMULTISIG) require all n keys and n signatures to be given. That's long (high fees) and not very private.
With taproot's inclusion of Schnorr signatures, Musig2 can be used to hide all those details inside a single public key and signature.
2
5
30
Show this thread
Successful twitter musig2 signing 🎉🚀
Musig2 is a cool protocol published (CRYPTO'21) by , , and Yannick Seurin.
It lets multiple parties combine their keys and sign messages/transactions with a single signature - indistinguishable from a single signer!
Quote Tweet
Replying to @meshcollider and @arbedout
Pubkey:
dd0c4e2b5de6b52ffddcc81d9e33962c87333d9b31f5629b2de2d53c4e9b234a
Nonces:
4bdbe655caf256effefdfe69f1865d1e4ea9ad3af8a830a300959de6c153cbf0
9391d524b99b426cfdeb72263034481ca6c1eed1cb72746ecfeb8c2acba0b366
9
23
93
Show this thread
Great interview with Mike on the history and future of Bitcoin at Block. He’s the biggest reason we (and I) have had any positive impact on Bitcoin!
Quote Tweet
Rip 292 of @TFTC21 is live! @ODELL and I sat down w/ @brockm to discuss:
- Natural Law theory
- Mike’s journey at @blocks
- Why @TBD54566975?
- Onboarding to Bitcoin
- Decentralization and trustlessness
- much more
Peep. Share. Subscribe. Engage.
anchor.fm/tales-from-the
Show this thread
311
442
3,962
This is also why BIP-173 says that even when it comes to Bech32 (segwit/bc1) addresses with error-correction capabilities,
"Implementations SHOULD NOT implement correction."
If you're not sure, error, and let the user fix it. Software shouldn't make guesses with 💰 at stake.
Quote Tweet
Websites/software should NEVER convert a bitcoin address provided by the user to a different form of address automatically. You're just asking for fund loss.
Absolutely the websites fault, not the user's.
bitcoin.stackexchange.com/q/111440/51948
@cz_binance
2
13
Websites/software should NEVER convert a bitcoin address provided by the user to a different form of address automatically. You're just asking for fund loss.
Absolutely the websites fault, not the user's.
bitcoin.stackexchange.com/q/111440/51948
18
75
285
Bitcoin Optech newsletter #180: 2021 Year-in-Review is here:
- notes developments in Bitcoin during each month of 2021
- featured summary: taproot
- featured summary: major releases of popular infrastructure projects
- featured summary: Bitcoin Optech
10
64
166
Show this thread
🎉MuSig2 merged into secp256k1-zkp🎉
Well reviewed (400+ comments), tested (branch coverage, constant-timeness, static vectors), "API as good as it can be in C", designed to be hard to misuse. Not 100% stable though. Spec next.
Example:
14
68
239
Show this thread
Congratulations and condolences on the new position Andrew! Can't wait to see where the wallet goes under your maintainership in the years ahead! 🎉🚀
Quote Tweet
Merged PR from Andrew Chow: contrib add achow101 to trusted keys github.com/bitcoin/bitcoi
1
11
65
This year also with libsecp256k1 project ideas. Looking forward to summer.
Quote Tweet
Are you a university student and want to build a career in bitcoin?
Spend your next summer contributing to bitcoin and get placed in the most cutting-edge bitcoin companies around the world.
Apply for Summer of Bitcoin 2022!
summerofbitcoin.org
1
4
21
Quote Tweet
I'm stepping away from working on Bitcoin development for some time. I've stepped down as director of @bitcoinbrink and handed the reins over at @bitcoinoptech and @BitcoinCorePRs.
Show this thread
574
171
317
The old Bitcoin Core wallet was in a rough shape until took over & did a total makeover.
The unsung heroes of BTC. Thank you for your contributions. Your work will have more lasting impact than the billions VCs threw after shitcoins.
My utmost respect.
Quote Tweet
I am officially stepping down as a maintainer of Bitcoin Core.
Serving as the wallet maintainer for the past three years has been an absolute privilege, and I want to thank my incredibly generous sponsor John Pfeffer (@jlppfeffer) for his support throughout. /1
Show this thread
7
20
193
Show this thread
Start here: bitcoindevlist.com
And thanks for your work all these years! Will be really interesting to see how your research area evolves and in what way it'll affect Bitcoin.
Quote Tweet
While here, I will make another appeal to any person or company that benefits from Bitcoin development somehow - please consider supporting a developer financially! Open source projects are difficult to survive off, and it is an amazing way to help out even if you can't code. /5
Show this thread
1
2
27
I have learnt so much these last few years, and hope this will not be the end of my Bitcoin dev journey. There is an unbelievable amount of talent being put into developing Bitcoin and Lightning, and I look forward to seeing where it goes 🚀 /fin
16
7
363
Show this thread