It was a busy summer for @BlockchainComns, but I think its work at @ietf on international specifications that support data interoperability while supporting privacy might have been the most important. [1/8] https://twitter.com/BlockchainComns/status/1709649755796840629
As the quarterly report discusses, meetings at IETF 117 led to some great cleanups of both the Gordian Envelope and dCBOR specifications, as well as the granting of CBOR tag #200 for Gordian Envelope. [2/8]
Gordian Envelope also introduced new methodologies for encoding keys and seeds, and, perhaps most importantly, vendor-specified attachments, allowing for interoperability and longevity for vendor content [3/8]. https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2023-006-envelope-attachment.md
For more explanations and details, take a look at the new @BlockchainComns developer website which contains extensive information on all the Blockchain Commons specifications (and architectural concepts) to date. [6/8] https://developer.blockchaincommons.com/
To argue the reasoning behind our specs, @BlockchainComns has been publishing my Musings of a Trust Architect. The most important from Q3 may be a look at the Origins of Self-Sovereign Identity, which highlights its fundamental goals and intents [5/8]. https://www.blockchaincommons.com/musings/origins-SSI/
To support the implementation of these (and other) specifications, @BlockchainComns also releases reference libraries and reference apps. One of the big expansions reported this quarter was the conversion of our libraries to Rust! [4/8] https://github.com/BlockchainCommons?q=rust
Support interoperability, resilience, privacy, and independence for digital assets by becoming a @BlockchainComns patron. [8/8] https://github.com/sponsors/BlockchainCommons
Read the Q3 quarterly report from @BlockchainComns for the details on all of this and more. [7/8]
https://www.blockchaincommons.com/quarterlies/Q3-2023/
Replying to @dstadulis
Shorter video of on this topic at https://youtu.be/isanNSDoSnE?si=LH371fcPePDIoK-i
I’m also posted more info and also some historical data about what happened in France at: https://github.com/WebOfTrustInfo/rwot12-cologne/blob/main/advance-readings/ssi-echoes-from-history.md
Hopefully a new video soon on whole topic.
RT @torproject: Tor Browser 13.0 is here, and it’s packed with some fantastic updates. [🧵 1/5]
#TorBrowser #PrivacyMatters #NewRelease
http…
Replying to @Shahla_Atapoor and @Karim_Baghery
Any reference code?
RT @Shahla_Atapoor: Happy to announce that our paper on
-PQ Secure Verifiable Secret Sharing
-Distributed Key Generation,
-Threshold Signat…
RT @howardnoakley: Sonoma’s changes to iCloud may stop Time Machine backups completing https://eclecticlight.co/2023/10/16/sonomas-changes-to-icloud-may-stop-time-machine-backups-completing/ via @howardnoakley
I’ve experienced this bug after Sonoma upgrade. If you use both iCloud & Time Machine, check to see if you last backup worked. https://twitter.com/howardnoakley/status/1713806429839331611
RT @ZcashFoundation: In Summer 2023, the @ZcashFoundation engaged @NCCGroupInfosec to conduct a security assessment of the Foundation’s FRO…
This is a BIG deal—the first code review for FROST under secp256k1 & ristretto. I believe the future of cryptographic security will be profoundly impacted by the opportunities offered by Schnorr signatures, FROST quorum signing, Musig2 signing, VSS and related cryptography. https://twitter.com/ZcashFoundation/status/1716849796315512935
The exciting news, if you missed it, is that the @ZcashFoundation has had its implementation of FROST using Schnorr, a threshold signature system, reviewed by security professionals. Why is this so important? 🧵… [1/9] RT: https://twitter.com/ZcashFoundation/status/171684979631551293 https://twitter.com/ZcashFoundation/status/1716849796315512935
And besides being beautifully elegant, Schnorr has a lot of advantages. One of the biggest is signature aggregation. Multiple people can sign, and the signature stays the same size, creating privacy for signers–did only one person sign it, or many? [4/9]
So how does Schnorr work? Why is it great? I’ve put together an overview with a layperson’s explanation of this important digital signature technology. [3/9] https://www.blockchaincommons.com/musings/Schnorr-Intro/
This is a major milestone in cryptographic privacy because it means that now we are one step further in deploying multisignature Schnorr in production software using open source software. [2/9]
There’s lots more. Besides signature aggregation and threshold signatures, Schnorr can also support blind signatures and adapter signatures. My intro article overviews them all. [7/9] https://www.blockchaincommons.com/musings/Schnorr-Intro/
With Schnorr threshold signatures, you can verify, for example, that 3 out of 5 people signed something, but not which 3 they were. So you can see the privacy advantages. [6/9]
Schnorr is difficult to implement safely in multisig protocols. Two major approaches are being explored: MuSig2 & FROST. MuSig2 also offers signature aggegation, but FROST goes further and supports threshold sigs as well. It is FROST code that @ZcashFoundation had reviewed. [5/9]
You can support Blockchain Commons’ work with Schnorr, initially the incorporation of FROST-compatible VSS into our wallet libraries, by becoming a member of Blockchain Commons! [9/9] https://github.com/sponsors/BlockchainCommons
I’m looking forward to the near-future of multisig technology, as we see FROST, Schnorr, and other related technologies such as VSS (Verifiable Secret Sharing) and DKG (Distributed Key Generation) deployed for production. [8/9]
I’ve written a “A Layperson’s Intro to Schnorr” in my “Musings of a Trust Architect” blog. It also talks about the importance of FROST. https://twitter.com/ChristopherA/status/1717010802979561647
Replying to @DEFICHAINFACTOR
Yes, DKG is an important part of FROST, but what I like about FROST is the power of quorums. With threshold signatures, there are many opportunities not only for increased privacy but also for reliability. I also predict interesting future collaboration protocols will use FROST.
Replying to @cronokirby
I never liked ECDSA, even though I was briefly CTO of Certicom which held many EC patents. I preferred Schnorr. However, the patent holder was totally unwilling to reasonably license it. Thus, the dominance of the hack that is ECDSA today. See also: https://www.blockchaincommons.com/musings/Schnorr-Intro/
RT @rusty_twit: I now think OP_CAT is something I can get behind.
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-October/022082.html
I wrote about a number of other issues back in May, and unfortuantely they haven’t been addressed. They include use of homogeneous authorization, use of “legal citizen identities” for authentication, and lack of choice for users. [2/7] https://developer.blockchaincommons.com/csr/faq/
A great tweet from @sethforprivacy on the dangers of Ledger Recover. In short: he has realistic worries that a corrupt government could steal all your funds [1/7] https://twitter.com/sethforprivacy/status/1716861148094443958
It builds on our Gordian Principles: Independence, Privacy, Resilience, and Openness. [4/7] https://developer.blockchaincommons.com/principles/
The Collaborative Seed Recovery (CSR) system from @BlockchainComns helps wallet devs to support user choice as their core proposition. Users assess their own risk profiles and store shares in ways that make sense for them, not the vendor. [3/7] https://developer.blockchaincommons.com/csr/
Support our ideals of Independence, Privacy, Resilience, and Openness, and our work toward wallet interoperability by also becoming a monthly Gordian patron. [7/7] https://github.com/sponsors/BlockchainCommons
Join us in developing resilient storage of digital assets in a way that’s not dependent on a single company, platform, or worse, a government. Sign up for our Gordian Developer mailing list or Signal. Our next meeting is November 1st! [6/7] https://www.blockchaincommons.com/subscribe/
We hope to expand CSR in the next year to include VSS, building on the recent security assessment for the @ZcashFoundation implementation of FROST. This will allow for some additional capabilities such as collaborative signing [5/7]
https://twitter.com/ZcashFoundation/status/1716849796315512935
This is what my articles on Open Silicon & Self-Sovereign Computing are all about. Without it, you own nothing that has chips in it, you only rent it.
https://www.blockchaincommons.com/articles/self-sovereign-computing/
https://www.blockchaincommons.com/musings/musings-open-silicon/ https://twitter.com/doctorow/status/1717635093668483414
Replying to @grittygrease and @grittygrease
You might interested that this week the actual code from Ken Thompson’s “Reflections on Trusting Trust” was shared at https://research.swtch.com/nih by @_rsc (no long on X). I also wrote a little about “Reflections…” in my Open Silicon post https://www.blockchaincommons.com/musings/musings-open-silicon/
I wrote a little about “Reflections…” in a recent post in my “Musings of a Trust Architect: Open Silicon”: https://www.blockchaincommons.com/musings/musings-open-silicon/
In October ‘83, 40 years ago this week, Ken Thompson wrote “Reflections on Trusting Trust” essential reading on security. Yesterday @_rsc shared at https://research.swtch.com/nih some of the actual code! “After watching the video…I emailed Ken and asked him for code…(he) mailed back”!
A related post is the concept of “Self-Sovereign Computing”. Without it, you really can’t own anything that requires a chip – you are merely renting it. https://www.blockchaincommons.com/articles/self-sovereign-computing/
RT @balajis: This is true.
But you should also get to a jurisdiction that doesn’t have a sovereign debt crisis. And where property rights…
An important story about the the need for ‘freedom to transact’, the ways that you can loose it, and the threats when it is lost. https://twitter.com/intrepid_p/status/1718021366329565586