jaonoctus

P2P or NGMI

🔥 https://fountain.fm/show/lMPJwZjJkDlElgdx8sxY View quoted note →

Cashu is simple. Don't trust, verify: MATH TIME LFG Alice generate random values x, and r. She then calculate public keys from this secrets Y=h'(x) R=rG Now she do a aggregate public key, by adding the previous two public keys together. x is the secret and r is called private blinding factor. T = Y + R Then she sends T to Bob, the mint. He cannot tell how T was generated because he doesn't know the other values and multiplication in a elliptic curve is what we call "a random walk". This mathematical puzzle is known as Discrete Logarithm Problem (DLP). Bob has a special keyring, holding private and public key pairs, one for each amount power of 2. Let's say Alice is minting 1 sat so than Bob pick the 1-sat-key-pair. B=bG Now he mix his private key with the public key he just received. Q = bT And then he sends back to Alice this new point on the curve. But look! She knows T already, right? She can do a process that we call unbliding, by subtracting the mix of the little r and Bob's public key. Z = Q - rB Let's replace the variables here to know what the result of this means: Z = bT - rB Z = bT - rbG Z = b(Y + R) - rbG Z = bY + bR - rbG Z = bY + brG - rbG So, we actually have the same number here, brG equals rbG, cancelling each other. So then Z = bY Now Alice holds a value that means Y multiplied by Bob's private key. Alice have no idea what little b is and Bob have never seen Y!!! B.D.H.K.E. is really cool, huh? How Alice knows for sure that Y is mixed with bob's private key tho, because she can't see little b, remember, DLP? Bob will also send a fiat-shammir commitment for Alice, that is a schnorr signature. --- Pause to talk about schnorr signatures. signature = private nonce + commitment * private key. P = dG Where little d is the private key, P is the public key J = jG Where little j is the private nonce, J is the public nonce So we have s = j + ed Where little e is the hash of the stuff we want to "prove" against our private key e = h(J|P|m) Where m would be any message. How do we verify that is is a valid signature? We know that the public key is the little private key d times the generator point G. P = dG So, what if the verifier do the same math but with the public key instead? Let's multiply everything by G then. sG = jG + edG sG = J + eP If the left side of the equation is equal to the right side, everything is good. You just did the same math that the signer did, but with public information! --- Back to Bob now! He wants to prove to Alice that he actually did Q = bT, without showing to her his private key, little b. What if he do a signature? s = j + eb mmmmm 🤔 this proves shit, nothing. BUT WAIT. do you see that little b is in the formula? And we want bT. Right? What if we multiply everything by T then? sT = jT + ebT sT = jT - eQ Cool. Let's call J1 = jG and J2 = jT Could Alice recompute both values with public information? Yes! if J1 is j multiplied by G, then s = j + eb - j = -s + eb j = s - eb jG = sG - ebG J1 = sG - eB What about J2? Same as above, but multiplying everything for T. j = s - eb jT = sT - ebT J2 = sT - eQ Now, if sG = J1 + e(J1|J2|B|Q)Q Then she knows that Bob indeed used his private key little b. This is a zero knowledge proof, DLEQ (BIP374), because Bob was able to show to Alice he used the private key b without showing it to her. Now the final piece. If she wants to spend the token or sended to someone.. The person needs to show to Bob (x, Z) Bob will verify the following, does this value, used in the hash_to_curve function, combined with my private key, equals the proof Z? h'(x) * b = Z Yb = Z If so, I've mixed this value I've never seen with my private key?? Yes. Wuuut. So Bob will accept this as a valid token, marking it as spend (or, now seen). He has no idea that the T has any relation with this (x, Z) e-Cash solves privacy, not custody/trust. Math is beautiful and privacy is not a crime.

Reworked

Bitcoin Snapshots

into a torrent-based site. No direct downloads — just clean, decentralized distribution. Ideal if you're spinning up nodes fast, hacking on bitcoin core, or just sick of syncing from block 0. Seed if you can 🙏 #bitcoin #assumeutxo

GM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Date: May 12, 2025 Chaintip: 000000000000000000020f4edda4f3360a96d80c49e2c8590dadd02f8808a432 For a number of reasons, I have recently set up a new OpenPGP key, and will be transitioning away from my old one. The old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. The old key was: pub rsa4096/0x782C165A293D6E18 2022-04-05 Key fingerprint = 6B45 7D06 0ACE 363C 9D67 D8E6 782C 165A 293D 6E18 And the new key is: pub ed25519/0xD8F31505B581D617 2025-05-06 Key fingerprint = 7B69 6A61 6F73 1337 520B 8A19 D8F3 1505 B581 D617 To fetch the full keys, you can simply do: curl -fsSL https://github.com/jaonoctus.gpg | gpg --import If you already know my old key, you can verify that the new key is signed by the old one: gpg --check-sigs 0xD8F31505B581D617 If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 0xD8F31505B581D617 If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key: gpg --sign-key 0xD8F31505B581D617 Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures: (if you have a functional MTA on your system): gpg --armor --export 0xD8F31505B581D617 | mail -s 'OpenPGP Signatures' jaonoctus@protonmail.com Or you can just upload the signatures to a public keyserver directly: gpg --keyserver keyserver.ubuntu.com --send-key 0xD8F31505B581D617 Please let me know if there is any trouble, and sorry for the inconvenience. Best, jaonoctus -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEa0V9BgrONjydZ9jmeCwWWik9bhgFAmgiSbAACgkQeCwWWik9 bhiJzg/9G65gEpwKung9DYzY/dkTyHl6dplnDxx7PNvr1EkoElC/QdXZO/Kx6mMv rGHZYhEDzSL9vM1zkaBjDCBuSp9ameCHBorfCwabjsz4CHmxr/ubdC02B4idpli2 7ONSGUuzbEHsDbpY20I7mH9WsUsbmO+wyjUUqUuKmWZsjndpZ2ZrqwLbCYnjOoxK qM+w8x+ShuiZ+awoNTDCXVJ4vD2JlOGrDRiFuDkysOxQ7SBMJDdXbCNOtDM6rMzF Y8JZYR+VawkGh0ra/hzeaoKUECUWVmDS4wiFBxOEdU/CApMfsdcdqlBAs2vQ0Uim HA90cFFNNWTqqJgOgo5+5rK19N1drnrNYkdiilsfJIkg/kiEp6AWzFCjP0td4URK jAb57TxdU6iQ9tMMTP4Y2WVfMx5TgKn8asIi4sQ+PG9IBtLqnlp48l0y/V+kCUbs L3+lZD3dA5MU3lclM1J6273co2oCedCTQH2JS6bnkRvVUf6JuKXCHYe1Gi/2uigg Pd9hhuxv73eKEBl9+k2upyR7ICzwrWKsRnDlG6TJ1922PyX7hzv4iGnNAAxP758V ynICmaBIlrC6ADpgfvTxkHUDpRMoIJOm+dWBi469LC6xac+15S0+PH5ue6BpjA1I QMf3foM3sc92QoE8asdlp1+9Zgyx3jY0s7Tu6pJ/+Kst+iEeZv2IdQQBFgoAHRYh BHtpamFvcxM3UguKGdjzFQW1gdYXBQJoIkm1AAoJENjzFQW1gdYX46wA/2Mul4NG /bvzXx6IC5PNX/tlBwBxGR6JvDn2bESKpgr4AQDH/LQx2RXec9To8kY/Hd/qfvig mTnXlsx2pv6LNwQ1Aw== =U4KC -----END PGP SIGNATURE-----