"The Future of Learning" with
- Emotional and psychological blockers to learning
- Supporting children in following their curiosity
- Verification vs. trust
- Lying with the truth
- "Knowledge Bootstrapping"
and many more topics!
Follow
Click to Follow robot__dreams
Elliott
@robot__dreams
Elliott’s Tweets
ROAST is an async. protocol that makes t-of-n FROST signing robust: t honest signers can produce a Schnorr signature even if other signers disrupt.
Joint work with my awesome co-authors Viktoria Ronge
Non-technical explanation in Section 3
Quote Tweet
#ePrint ROAST: Robust Asynchronous Schnorr Threshold Signatures: T Ruffing, V Ronge, E Jin, J Schneider-Bensch, D Schröder ia.cr/2022/550
29
42
131
Very excited to welcome to the research team. He already has significant crypto engineering contributions under his belt and is spending his first day co-authoring a M***g specification (soon to be published). 🚀
19
16
104
I had a great time solving these cryptographic challenges. Highly recommend it for folks trying to get a deeper understanding of BIP-340.
Damn those x-only keys for complicating the rogue key attack.
Quote Tweet
Here's a Bitcoin-flavored cryptography challenge in the spirit of Cryptopals. First one, so it's a warm up 
Lots of people warn against nonce reuse in Schnorr signatures, but can you *actually* carry out the attack and extract the signer's private key?
gist.github.com/robot-dreams/6
Lots of people warn against nonce reuse in Schnorr signatures, but can you *actually* carry out the attack and extract the signer's private key?
gist.github.com/robot-dreams/6Show this thread
1
1
3
Show this thread
8
22
55
I have a "no questions asked" policy for course cancellation/rescheduling. As such, I sometimes get some open spots available at the last moment.
If you want to write a compiler next week, I can offer a discount. Send me a DM.
dabeaz.com/compiler.html
11
25
Recently made some cool crypto/bitcoin challenges on the signing protocol that bitcoin upgraded to and I got to learn a lot while solving them.
I made a writeup detailing my approach in solving the challenges.
1
5
Whaaaat there's going to be a libsecp PR review club?
And we have not 1 but 2 weekends to study for it???
GIF
read image description
ALT
Quote Tweet
Heads up: on February 2nd, we will have our first review club on a libsecp256k1 PR. The PR is #748: "Add usage examples", authored by @Elichai2 and hosted by @n1ckler. In case you want extra time to study your crypto, the notes are already on the website: bitcoincore.reviews/748
1
10
37
I solved first Bitcoin-flavored cryptography challenge (gist.github.com/robot-dreams/6) with the help of 's Schnorr Basics explainer (popeller.io/schnorr-basics).
Here's a write-up (and spoiler).
49
6
33
Show this thread
Challenge #4
This one's about Shamir's Secret Sharing, and is a bit of an "interlude". It's doable with just Python, but is probably easier if you use Sage or sympy.
gist.github.com/robot-dreams/0
2
1
Show this thread
If you want to learn about cryptographic protocols (many very relevant to Bitcoin) these are the best lecture notes: win.tue.nl/~berry/Cryptog
10
10
39
Challenge #3, this one's interactive!
The signer, sick of getting funds stolen, wants to try Schnorr multisig. Too bad they fell for one of the classic blunders.
Can you exploit their insecure scheme? This is a good challenge for rogue cryptographers 😎
1
3
Show this thread
OK, here's challenge #2! This one's a bit harder 🤖
What if the BIP-340 signer fixed their nonce reuse, but is now generating nonces using an insecure random number generator? Can you still extract their private key?
2
10
Show this thread
Here's a Bitcoin-flavored cryptography challenge in the spirit of Cryptopals. First one, so it's a warm up 👹
Lots of people warn against nonce reuse in Schnorr signatures, but can you *actually* carry out the attack and extract the signer's private key?
5
28
75
Show this thread
I can't think of any obvious problem (especially since the security proof using ROM + Forking Lemma still seems to work—solve for r then solve for x), but I might've made a mistake in the proof or missed some subtle problem.
1
Show this thread
Cryptography experts, could anything go wrong if you swap the private key and private nonce in Schnorr signatures?
s = x + H(X, R, m)*r
instead of
s = r + H(X, R, M)*x
(I'm just curious, not actually planning to do this!)
9
2
18
Show this thread
Fortunately, in Shamir's Secret Sharing we care about polynomials as functions (rather than as expressions).
So we can still recover the unique value of the secret p(0) after handing out shares p(1), ..., p(n), even if there's multiple ways to write p as an expression.
Quote Tweet
This came up recently, while I was teaching Lagrange interpolation. Over R or C, the interpolation problem has a unique solution, but over finite fields we lose uniqueness; we can always add a "zero" polynomial to our answer, and still get the interpolation right.
Show this thread
2
Probability puzzle (related to "Forking Lemma" from MuSig security proof):
Let X be a random variable that outputs 1, 2, ..., q
How do you set all P(X = i) to minimize probability of collision (2 independent draws of X are equal)?
What's the collision probability in that case?
1
Serious kudos to whoever made the libraries so hard to misuse that a developer *actively trying* to force nonce reuse wasn't able to do it after 12 hours!
Quote Tweet
@bertcmiller built a bot trap to prove that ECDSA nonce reuse would lead to loss of funds youtu.be/Uw_HhWp3NkY
watch this space, i hear more details are forthcoming ...
Show this thread
1
3
Hey probability experts, does this proof seem reasonable?
(I'm rusty on probability so I want to make sure I didn't sneak in some weird error)
2
1
4
- Verify specific test cases against an independent implementation (possibly even in a different language)
- "Annotate" the PR by adding a lot of your own comments and test cases
(3/3)
2
Show this thread
- Modify the code in subtle ways to see what breaks (or not!)
- (If there's an API) Try writing short example programs that use the API
- (If there's an executable) Add lots of print statements before running, or step through with a debugger
(2/3)
1
3
Show this thread
Ways to do code review that are much more interesting (and effective) than just "stare at the code":
- Re-implement parts of the PR yourself to (i) get a better understanding of what the author did, (ii) consider if there are alternative approaches
(1/3)
Quote Tweet
Replying to @jairunet @jfnewbery and @bitcoinbrink
Review PRs, PR review club, review PRs
Always more review needed
3
6
8
Show this thread
Fantastic 😃
Quote Tweet
1
5
Two general policies I have:
- Don't get the annual subscription
- Don't buy stuff during Black Friday sale
I think I come out net ahead from (1) not getting 11 unused months of subscriptions, (2) not buying shit I don't need
7
These days it feels like I see "sorry, this content is not available in your country" everywhere
So much for the vision of a global, borderless internet
Quote Tweet
Replying to @balajis
The conclusions in The Sovereign Individual assume a global, borderless internet.
"Let's shut down international tech platforms" sounds like "let's attempt to extend national borders into cyberspace".
Are encrypted protocols (TLS, VPNs, Tor) enough to resist such attempts?
5
What are your preferred alternatives to YouTube?
Quote Tweet
To reduce targeted dislike attacks & their impact on creators (esp on smaller creators), you’ll no longer see a public dislike *count* on YouTube starting today (the dislike button is staying).
This comes after lots of research, testing & consideration → youtube.com/watch?v=kxOuG8
1
5
What are your preferred alternatives to Chrome? twitter.com/jwz/status/145
This Tweet is unavailable.
1
1
Well, even in university I always felt like I was supposed to "have a life" instead of studying. Whenever I hit the books I felt guilty for "being uncool".
I think the answer is to just do whatever you personally find fun, whether that's dressing up, working out, studying, etc.
Quote Tweet
It’s crazy how much guilt I carried as a student. Always feeling like I should be studying, not realizing that play is an integral part of it all. In truth, there’s always something to study for, but gotta make time for the fun things, too.
Show this thread
4
Holy shit, this is one of the best, most mind-expanding math videos I've ever seen
Quote Tweet
I’ve literally been waiting my whole adult life for this: youtu.be/_NGPncypY68
7
Oops, I used to think SHA256(key || message) was a reasonable way to get message authentication.
It's such an "obvious" construction, and it looks good; too bad it's completely broken under chosen message attack.
3
Ah, "don't roll your own crypto" doesn't mean "you're not skilled enough".
It means "NOBODY is skilled enough (on their own)". You need lots of experienced collaborators, careful review, stress testing, etc.
2
6
12
My entire 20s I thought "you'd be looked down on if you express a desire to work on hard, interesting problems cause there's too many people like that and not enough interesting work to go around"
Glad I was wrong, wish I figured it out sooner 😅
5
Show this thread
For me, the most mind-expanding part of the discussion was when you helped us realize THERE'S ACTUALLY HIGH DEMAND for people who want to (and have the skills to) work on hard, interesting problems 🤯
Quote Tweet
People were surprised to hear that not everyone wants to do hard systems programming for a living!!
Not everyone wants to bang their head digging through assembly code every day. In the beginning, systems programming might be about aptitude but at some point it's about grit. 5/
Show this thread
1
1
11
Show this thread
Thanks so much for stopping by, Jean! That was a really fun discussion.
Quote Tweet
Yesterday, @robot__dreams invited me to talk with a group of @BradfieldCS students, mostly from nontraditional/non-CS backgrounds, about how to get into "interesting" systems programming work.
Here are some of my answers, in case it's helpful for others. And pls chime in! 1/
Show this thread
1
4
Show this thread
Fun with CircuitVerse: generating (insecure) "random" bits with hardware, using a "linear feedback shift register (LFSR)"
2
In the past year, I’ve talked to many bright, curious, ambitious people who believed they couldn’t do research. That was me, not long ago.
Here I share my improved understanding in hopes of offering a more empowering model of what research entails:
54
172
804
Show this thread
After implementing it, in some ways it feels less like a black box, but in other ways it feels a LOT more mysterious.
Like, how the hell did the inventors come up with these definitions and convince themselves they're secure?
2
Show this thread