RT @sprucesystems: Announcing ShibeID: Announcing a new DID-Method for $DOGE - enabling decentralized identity on #dogecoin https://t.co/ea…
RT @sprucesystems: Our specification draws heavily from the work of @ChristopherA and @kimdhamilton within the W3C CCG on did:btcr due to…
This is an important new technology for Bitcoin security, which I hope proves out, scales up, and becomes fully implemented in bitcoin-core. Basically it addresses the problem of having to prove the entire blockchain even if you decide only to keep a pruned portion of it. https://twitter.com/tdryja/status/1356414548992020482
Instead, uutreexo creates a dynamic hash accumulator from the blockchain data, which among other things the payer can include with a payment to prove that they have control of the funds. This allows for blockchains to become much smaller in size.
RT @BitMEXResearch: Progress Towards Utreexo Goals
100x Group grantee @kcalvinalvinn explores several claims about the benefits of Utreexo…
RT @kallewoof: First joinmarket coinjoin on signet! https://x0f.org/@waxwing/105656018148146093
Replying to @MichelleSidun and @SenLummis
Maybe if you see a jackalope in Wyoming on Feb 1 then spring will be early.
Though a multisig of 10K of a 10M isn’t very useful in and of itself (0.1%) it shows it is possible to allow the 20K holder of shares in a DAO (say using the new #Wyoming DAO/LAO bill) to provably vote 10K+1 a stockholder resolution to change the bylaws or spend to dissolve corp. https://twitter.com/n1ckler/status/1356640993232236544
RT @lloydalter: .@peterwalker99 ’s new book “The Miracle Pill” https://www.simonandschuster.ca/books/The-Miracle-Pill/Peter-Walker/9781471192548 has so much in it that I have to discuss it in piece…
RT @SarahJamieLewis: I’d be willing to bet that more deliberate vulnerabilities have been introduced into critical systems by known actors…
RT @awrigh01: Proud of the work @CardozoLaw students put in to (hopefully) make DAOs legally recognized in Wyoming.
We held the primary pe…
I also enjoyed this “I Fail Pretty” video 😂 https://youtu.be/29vsUt7yqsw
I also like the idea behind the “Distinguished Failure Award”. At the iOSDevCamp hackathons I offered one of the top prizes to the “Best Sacrifice to the Demo Gods” to encourage the valiant freedom to fail.
“A failure to break a cryptographic system is a positive result for its security, and a failure to secure a cryptographic system can be a positive result for cryptanalysis, or at least yield new insights relevant to testing or threat-modeling” 👍
I’m a big believer in freedom to fail, & good honest post-mortem analysis, so I am quite pleased to see this conference happening, chaired by @TheAlliBishop “We believe that failure plays a crucial role in the progress of scientific research.” #cfail https://www.cfail.org/
RT @opencryptoorg: COPA stands for an open financial system and was formed to remove barriers that stifle innovation. We are hosting the Bi…
Replying to @cycryptr, @dr_orlovsky and @kimdhamilton
There a few minor implementations of BTCR 0.1 out there, but none in serious use. I’ve been holding off a bit to nail down some underlying problems: pre-keys before registration for KERI-like P2P, single-use seals, Lightning support, multisig (+fixing the non-BIP 48 xpub reuse).
We need an interoperable standard for not reusing the same xpub in bitcoin multisig descriptors. Some discussions on bitcoin-dev list and in the Airgapped Wallet Community. @hugohanoi @FullyNoded @StepanSnigirev @FOUNDATIONdvcs @SparrowWallet @bluewalletio @COLDCARDwallet https://twitter.com/hugomofn/status/1359146676490022919
RT @KimZetter: Beverly Hills police officer starts playing music on mobile phone when he realizes activist is live-streaming their encounte…
Slides are at https://docs.google.com/presentation/d/1XnV9Hm0UU4IyDC0URAMYJJIfBLW7ErDd-BsktJMZYbQ/edit
I also had an advanced follow up on the bleeding edges of SSI: https://docs.google.com/presentation/d/1BbkBX-tUgifiS_VKcqCZYRTQAGF5pK-JEYQwmHYbMcI/edit
Video for that is at: https://youtu.be/WlDSMRb_X-s
Replying to @drummondreed and @posth
Can you post a backup of the paper on GitHub somewhere?
BTW, my favorite new graphic about DIDs. A bit technical but less so than others I’ve seen which are more intimidating. By @shigeya_suzuki
For reference, more complex one that I think is great but I’ll not use in an presentation, also by @shigeya_suzuki is this one:
Just saw today a great paper by Alexandra Giannoupolou @alex_giann of University of Amsterdam adding the term Self-Sovereign Identity to the Glossary of Distributed Technologies at @PolicyR: 👍 https://policyreview.info/open-abstracts/self-sovereign-identity
Replying to @posth, @alex_giann and @PolicyR
Both @moskovich with @BitmarkInc and I worked on some creative work rights management approaches over the years, and I’d say some it inspired my early work in designing today’s DID architecture. Bitmark also deployed some solutions using their non-token based blockchain.
Right now “verifiable data registry” is a category of services, not a spec. DIF & Microsoft have one, IPFS has one, Ethereum has one, and there is also Solid from @timberners_lee. I’m working on an torgapped approach using P2P encrypted objects over onion, but roadmap is slow.
Replying to @posth, @alex_giann, @PolicyR, @moskovich and @BitmarkInc
…This is part of the reason you should not “roll your own crypto”. I don’t trust even anything I write at the cryptographic level, nor should you, without sufficient review by others. Within a few years we also need more of these formal proofs as well.
These kind of formal proofs for cryptographic implementations, speed optimizations, etc. are becoming a more important part of the process of fully reviewing code to securing blockchain & decentralized identity technologies. They are difficult but important! https://twitter.com/pwuille/status/1360347812588707840
Replying to @OR13b, @darrello and @memberpass
More details on onion-based infrastructure at https://github.com/BlockchainCommons/torgap
Replying to @OR13b, @darrello and @memberpass
Live demo of did:onion document and a signed vc available, but we have a lot more tooling yet to do. http://fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid.onion
RT @EFF: After over a year of advocacy by EFF and dozens of other organizations, Ring will finally offer end-to-end encryption. We hope thi…
Replying to @dustyweb
Have you looked at our did:onion demo yet? http://fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid.onion/
I agree that we need to stop the current bad practice of reusing the same xpub in multiple bitcoin multisig descriptors. But I’m not confident this is the quite the right approach. Needs maybe a real commitment scheme? But perfection is the enemy of the good, so Concept ACK. https://twitter.com/FullyNoded/status/1361300150543556615
Replying to @dustyweb
We have a linode script for did:onion microservice. Should be easy to do for Docker, AWS etc. However, note that you can’t use Tor generated key elsewhere if you want to also use it for signing. Instead you need to generate key independently and convert it to a Tor key.
Replying to @dustyweb and @spritelyproject
We too have been looking at launching our own Tor service directly inside our apps, including cli apps, rather than using the daemon proxy.
Gordian Cosigner from @BlockchainComns is now available as an early beta release for iOS (and soon macOS). It allows you to easily add your signature to participate in Bitcoin multisig transactions. [1/11] https://github.com/BlockchainCommons/GordianCosigner-Catalyst
In modern Bitcoin architectures, multisig wallets leveraging descriptors & PSBTs will be the norm. Gordian Cosigner is unique in that it isn’t the initiator or the first signer of a transaction. It is a middle signer. Other wallets serve as the transaction coordinator. [2/11]
This puts Gordian Cosigner in a unique place for understanding issues of Bitcoin wallet interoperability. How to share multisig public key Account Maps, how to use animated QRs for large PSBTs, issues of responsible key management, etc. are all parts of the big picture. [3/11]
Gordian Cosigner is our reference application for interoperability. At Blockchain Commons we believe in creating a stronger Bitcoin ecosystem by supporting COOPETITION: with modular design, we can work together to create a better whole. Gordian Cosigner is part of that. [4/11]
Of course this all requires specifications for interoperability, which is what we’ve been discussing in the Blockchain Commons Airgapped Wallet community. [5/11] https://github.com/BlockchainCommons/Airgapped-Wallet-Community
We’ve also started to work on documents for interoperating with our own Gordian Wallet, and we’re planning for interoperability guidelines for Spectre, @FullyNoded , @COLDCARDwallet and for our own LetheKit. More integration to come! [7/11] https://github.com/BlockchainCommons/GordianCosigner-Catalyst/blob/master/Docs/Integrating.md
So how does Gordian Cosigner work with other applications? We’ve recently written an interoperability guide for Bitcoin Core. You create a PSBT with bitcoin-cli, you sign it with Gordian Cosigner(s), and then your finalize and send from the command line. [6/11]
If you’d like to talk about the future of interoperability for multisigs and for other cryptocurrency wallets, please join our Airgapped Wallet Community. [9/11] https://github.com/BlockchainCommons/Airgapped-Wallet-Community
Figuring out interoperability for multisigs and other Bitcoin operations is still very cutting edge, and so we’re expecting sharp corners. There will be gotchas. We want to figure them out now, rather than after more multisig wallets have been deployed. [8/11]
Support our work in creating infrastructure for the next-generation of Bitcoin & cryptocurrency wallets! Become a GitHub sponsor of Blockchain Commons. [12/12] https://github.com/sponsors/BlockchainCommons
We also are interested in talking with various digital asset support organizations, investment advisors, custodians, etc. who might want to white label, fork, or otherwise adapt Gordian Cosigner for use in their collaborative custody scenarios. [11/12] https://testflight.apple.com/join/sJTaoUsM
I’ve written extensively about the #DunbarNumber and other individual cognitive & social limits to group size. New paper out that uses phone records of 6m people pre-smartphone with evidence for some of the “personal circles” that I spoke of back in 2008: http://www.lifewithalacrity.com/2008/11/personal-circle.html https://twitter.com/emollick/status/1363203069144690688
We offer a number of libraries related to Bitcoin & the crypto-commons. We typically write first in C or C++, then create support for them in Swift for iOS, or rewrite them in native Swift. Next we do Java for Android and Rust for the greatest security. https://github.com/BlockchainCommons/crypto-commons https://twitter.com/BitcoinIsSaving/status/1362757118172954626
Replying to @phil_geiger, @nvk, @MrHodl, @LarryBitcoin, @provoost and @unchainedcap
With interoperability specs between wallet apps like @BlockchainComns is working on, collaborative custody will get easier. I’ve already seen some very interesting UX mock-ups & prototypes leveraging the Gordian architecture that demonstrate that we are moving in right direction.
Replying to @MrHodl, @phil_geiger, @nvk, @LarryBitcoin, @provoost and @unchainedcap
Though I do feel that a single seed on titanium and following our #SmartCustody best practices is the best today, it still is a single point of failure given institutional & government theft adversaries. But soon collaborative custody wallets will be better solution. https://twitter.com/ChristopherA/status/1271172827320705024
Replying to @phil_geiger, @LarryBitcoin, @nvk, @Hanakookie1, @MrHodl, @provoost and @unchainedcap
I love what Green Address proved was possible, but you are vendor locked into their security architecture. What I’m trying to to with #AirGap, #TorGap & collaborative custody interoperability specs is help ecosystem by allowing you to choose. I want the freedom to…
Replying to @phil_geiger, @LarryBitcoin, @nvk, @Hanakookie1, @MrHodl, @provoost and @unchainedcap
…be able to choose a complex policy where one key is locked by Unchained & another by Casa and another by Green Address. Each has slightly different approaches and I’d to be able choose.
Replying to @phil_geiger, @Mandrik, @MrHodl, @LowBtc, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL
In our next #SmartCustody book we are adding a number multisig scenarios. For inheritance account I like 1yr timelocked to a titanium key held by an executor, with semi-annual checks of possession and sweeps. I want wallet apps to be able to make this easy. https://twitter.com/ChristopherA/status/1295151222085652481
Replying to @MrHodl, @Mandrik, @LowBtc, @phil_geiger, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL
Problem with backup seeds is though it increases resilience, it also increases your attack surface - all the backups need to be protected strongly. Without backups you can invest strongly in securing the one backup you have (say Swiss bank vault) at cost to resilience. Multisig…
Replying to @MrHodl, @Mandrik, @LowBtc, @phil_geiger, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL
Multisig can be leveraged such that you can make more choices of costs to protect attack surface vs resilience. It does come with complexity which is its own adversary. This one we can compensate for with better apps, interoperability, and industry best practices. https://twitter.com/ChristopherA/status/1280954188063596544
Replying to @MrHodl, @Mandrik, @LowBtc, @phil_geiger, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL
We’ve an early draft of a research paper on multisig, including terminology, risk modeling, collaborative custody, and a number of interesting policy scenarios. If you are willing to give it a solid read and comment, DM me.
RT @ChristopherA: @MrHodl @Mandrik @LowBtc @phil_geiger @nvk @LarryBitcoin @provoost @unchainedcap @CasaHODL We’ve an early draft of a rese…
Apparently encoded into the design of the Mars Perseverance Rover was a secret #EasterEgg that when decrypted asks us to “dare mighty things”, the @NASAJPL slogan. Congratulations @NASAPersevere!
/ht @ElonkaDunin https://twitter.com/adithya_balaji/status/1364020082599460872
👍”This may be surprising to some: ProRAW is not a proprietary or closed format. Credit where it is due: Apple deserves kudos for bringing their improvements to the DNG standard. When you shoot with ProRAW, there’s absolutely nothing locking your photos into the Apple ecosystem.” https://twitter.com/halidecamera/status/1338907382110248960
RT @theBumbleSec: Just when you thought JSON was the one thing you could trust. My latest research on JSON interoperability vulnerabilities…
RT @sedyst: This announcement shows that European leaders do not understand what it takes and what the consequences are in putting a global…
RT @vshymanskyy: αcτµαlly pδrταblε εxεcµταblε
Awesome project by @JustineTunney :
“… reconfigured the stock compiler on Linux so it outpu…
Privacy for international travelers is getting worse: “We know of no previous instance in which the U.N. has mandated the creation of a new surveillance agency and the deployment of a new surveillance capability by all U.N. members.” https://papersplease.org/wp/2021/02/25/precog-in-a-box/
RT @schneierblog: The Problem with Treating Data as a Commodity https://www.schneier.com/blog/archives/2021/02/the-problem-with-treating-data-as-a-commodity.html
Here are the 12 criteria for #Covid19 #ImmunityCredentials #VaccinePassports suggested by @melindacmills & the @RoyalSociety. I agree, but but only as start — to deploy this safely & securely is quite difficult. https://royalsociety.org/-/media/policy/projects/set-c/set-c-vaccine-passports.pdf https://twitter.com/melindacmills/status/1365357148687982593
Replying to @harryhalpin, @melindacmills and @royalsociety
I do worry about naive and poor implementations of VCs/DIDs, which is why we held a decentralized privacy salon last week. And not all DIDs use blockchain. However, the architecture that separates identifiers from identification, credentials & claims is essential.
Advice on #VaccineCertificates in @w3c_ccg by @aniltj of DHS “1 Expect and anticipate breakage, but don’t let the perfect be the enemy of the good 2 Everyone is not going to get everything they want right now 3 Real interoperability REQUIRES constraints!” https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0128.html
I agree with many of @harryhalpin’s arguments in “A Critique of Immunity Passports & W3C Decentralized Identifiers”—we need “more stringent guidelines for security & privacy review”. But bringing in anti-blockchain & #SSI in these arguments is unnecessary. https://arxiv.org/abs/2012.00136
Replying to @harryhalpin, @melindacmills and @royalsociety
DIDs/VCs don’t require blockchain, and many implementations don’t use them. I also agree we need “more stringent guidelines for security & privacy review” of standards and implementations. Let’s focus on that — your other critiques are getting in the way of your advocacy.
Replying to @harryhalpin, @melindacmills and @royalsociety
Help us fix what needs fixing. I am not a fan of how JSON-LD has evolved, but IETF’s JOSE stack sucks too. Let solve this problem and the others you point out. Unfortunately, the topic cryptographic protocol experts have not joined in this community. We need their input.
Replying to @harryhalpin, @melindacmills and @royalsociety
In my case, I’m working on the did:onion method, which leverages the keys and anti-correlation choices used by the Tor protocol. It doesn’t use a blockchain, we likely will be using CBOR rather than JSON-LD. But did:onion is not designed for scalability.
Replying to @harryhalpin
It’s not needed. I personally in my implementations either not using them, or using blockchain minimally for things like time stamps. I agree that there is some “decentralization theatre” going on — but by myself it has been hard to stop that when $M of gov grants are involved.
Replying to @harryhalpin
So let’s focus on why the #W3C has not been able to attract the wider privacy/security community participation, and why #IETF, #LinuxFoundation, etc. are failing to evolve them as well. These are systemic problems due to lack of support of incentives for good infrastructure.
Replying to @harryhalpin
I welcome you to bring up your critique of “decentralization theatre”, but I hope you don’t focus on that at first. The real problem is lack of real support for critical review of critical security infrastructure. We can do better.
Replying to @harryhalpin
You are correct that #W3C sold out, but in many ways so did #IETF & other orgs. JOSE stack has been seriously flawed for over a decade: we can’t even get modern crypto in it, support multisig, or other kinds of proofs. The inertia is huge, largely due to corporate dominance.
Replying to @harryhalpin
I still support #SSI, but agree that there are many that don’t understand it sufficiently. In particular, in my version of #SSI there is no one GUID, there are myriad. This is one reason why we (#RWOT) hosted our Decentralized Privacy Salon last week — we are quite concerned.