RT @SinaKian1: One of the most underrated civil liberties of our time is financial privacy, and I don’t think people understand how big thi…
Replying to @SinaKian1
I would argue that other US Bill of Rights & UN Universal Declaration of Human Rights require financial privacy to function. Without financial privacy you are vulnerable to coercion—you can’t assemble and join efforts with others, participate in public speech, and more.
RT @ChristopherA: @SinaKian1 I would argue that other US Bill of Rights & UN Universal Declaration of Human Rights require financial privac…
I met with staff in the Buenos Aires Mayor’s office recently—they are serious about #SSI 👍 “(Benefits:) Empower individuals and evolve towards a paradigm where individuals and society are the social guarantors and not a few centralized entities.” https://bit.ly/3tYlFho https://twitter.com/CoinDesk/status/1509623251315707907
Replying to @glennhodl
You are following the wrong accounts, or too many and are unable to filter the noise. Read through my Twitter history and you’ll see high-signal to noise—I don’t waste your time. Others are good as well.
👍 https://twitter.com/paddi_hansen/status/1511389722790166531
I’ve worked with many different internet-savvy generations from elders 20 years older than I who had Arpanet, MCI & Compuserve addresses, to young adults that grew up with Wikipedia at their fingertips & voice-activated search. I do find this list reasonably accurate as to Gen-X. https://twitter.com/girdley/status/1511316526481084422
There is still time left to apply for a Blockchain Commons internship for summer 2022. The deadline is April 22, meetings start May 15th, and the bulk of the project work from 6/20 to 8/25. What type of intern projects are we looking for? … [1/12] https://github.com/BlockchainCommons/Community/discussions/74
If you’re UNIX command-line focused, you might be interested in expanding our Bitcoin Standup Scripts to install a variety of blockchain packages with a command-line (or config) interface. [4/12] https://github.com/BlockchainCommons/Community/discussions/76#discussioncomment-2395673
Do you like hardware projects? One idea is to adapt LetheKit to the SeedSigner platform , which will give you experience with Uniform Resources and two seed creation or signing platforms. [3/12] https://github.com/BlockchainCommons/Community/discussions/76#discussioncomment-2382520
We are open to your interests! The best work comes from things that people are enthusiastic about! But, we’ve also written up on Github some ideas for potential projects. See if any strike you or spark ideas of your own. [2/12] https://github.com/BlockchainCommons/Community/discussions/76
If your focus is human rights or UX, we are seeking better defined use cases, engagement models and designs for digital privacy & cryptocurrency [7/12] https://github.com/BlockchainCommons/Community/discussions/76#discussioncomment-2395718
If you have video-oriented or online education skills, you might like to adapt our Learning Bitcoin course into a YouTube learning experience. [6/12] https://github.com/BlockchainCommons/Community/discussions/76#discussioncomment-2395661
If you’re not an engineer, but are focused on pre-law or library sciences, you might like to help us create an inventory of current blockchain and identity laws. [5/12] https://github.com/BlockchainCommons/Community/discussions/76#discussioncomment-2395646
We hope that you’ll be encouraged to apply for our internship program, with one of these projects, or with ideas of your own. For details on how to apply, see: [10/12] https://github.com/BlockchainCommons/Community/discussions/74
We’ve written over a dozen ideas to enthuse or inspire. You are also welcome to add your own ideas! [9/12] https://github.com/BlockchainCommons/Community/discussions/76
If you want to be more on the leading edge of technology, you might like to explore Timelock or other technologies to make it easier to leave digital assets to heirs. [8/12] https://github.com/BlockchainCommons/Community/discussions/76#discussioncomment-2417187
We’ve had great successes in the last few years of internships and also brought some great people into the industry. We’re looking forward to more of each this summer! [12/12]
We are also seeking volunteers who might be excited to mentor interns and sponsors who might want to fund the program to expand it. Contact us at team@blockchaincommons.com if you are interested in helping out with either role! [11/12]
Replying to @ChaincodeLabs
Any chance I can get you to share this opportunity with your community?
I’m looking forward to returning to #RebootingWebOfTrust this September in The Hague— we have a lot to catch up on! Topics range from increased interest by progressive governments in the EU, Buenos Aires, etc., to new privacy threats from authoritarian countries, and much more. https://twitter.com/RWOTEvents/status/1512876315900141569
I’m seeing this kind of table and warning lately, but the 16-18 character recommendation only applies to legacy sites still use long deprecated MD5. If the server is using more recent bcrypt, Scrypt, PBKDF2, or OPAQUE then 12 is likely fine. PROVIDED you use different passwords. https://twitter.com/ezrabowman/status/1513156787809095688
Is anyone using code from Bitcoin Lightning’s BOLT #8 “Encrypted and Authenticated Transport” in other contexts? If it is generalizable it looks like it might be a good solution for other privacy protocols that encrypt and authenticate connection with peer. Especially if Schnorr.
Replying to @SATSCARD, @Coinkite, @BitcoinMagazine and @TAPSIGNER
Our Blockchain Commons reference Gordian Wallet support NFC now. Where can we get details, developer info, and dev sampled to add our support for this?
The most exciting thing is that our community has really gelled. We’ve got two new sustaining sponsors, @CrossbarInc and http://Proxy.com, bringing new silicon chip design and identity hardware expertise to our commons. [2/12]
We had a great last quarter for @BlockchainComns. Today’s quarterly report shares details about our recent accomplishments and offers some of our priorities for the coming year. [1/12] https://twitter.com/BlockchainComns/status/1514560141021966336
We published Gordian Seed Tool 1.4 with support for MicroSDs and NFCs, to make the export of seeds safer and more secure. [5/12] https://apps.apple.com/us/app/gordian-seed-tool/id1545088229
There’s lots more! We’re working on new crypto-msg and crypto-envelope specs and have released test vectors for crypto-request and crypto-response [4/12]. https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/crypto-request-test-vectors.md
We also had a great new independent software contribution to the commons courtesy of Jonas Wagner, @sjlver who produced https://seedtool.info, a WebAssembly web-page version of our seedtool-cli that improves the accessibility of these critical seed functions and SSKR. [3/12]
Looking forward, we’re thrilled that Rebooting the Web of Trust @RWOTEvents is asking us to save the date for September 26-30, for a new design workshop in The Hague (originally planned pre-covid as our fall 2020 venue!). [8/12] https://www.weboftrust.info/
SmartCustody saw big expansions. We’ve a raw draft of a new scenario for Bitcoin multisig, which we’re finalizing, and we’ve already published case studies of three hardware and software packages, discussing how well they support Gordian Principles. [7/12] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Case-Studies-Overview.md
We also are now running our own Esplora service both on the public web and via Tor to add another source of truth to Bitcoin blockchain infrastructure. [6/12] http://esplora.blockchaincommons.com/
You can support our continued work to create an open & interoperable, secure & compassionate digital infrastructure, and advocate for human dignity and enable people to control their own digital destiny — become a patron of Blockchain Commons! [12/12] https://github.com/sponsors/BlockchainCommons
We’re looking forward to a lot more in 2022. Please take a look at our priorities for the coming year in our full report. See something missing that you’d like us to work on? Sponsor us! [11/12] https://www.blockchaincommons.com/quarterlies/Q1-2022/
And mid-May, we’re planning a Silicon Salon, to talk about the next generation of secure enclaves in hardware, with sponsorship from our new community member @CrossbarInc. If you are interested in participating in or sponsoring this virtual event, let us know. [10/12]
We’ve also got our own internship program coming up this summer. Applications are being accepted through April 22nd! [9/12] https://github.com/BlockchainCommons/Community/discussions/74
RT @hdevalence: ok this is a sick stunt hacking demo https://www.usenix.org/system/files/sec22summer_genkin.pdf https://t.co/l3gCrB3BfY
RT @colmmacc: @durumcrustulum Evergreen reminder that AES has been broken with demonstrated key-recovery attacks from side-channels in prac…
Map of laws for compelled decryption and lawful intercept. Too much red & yellow, and I gave some doubts about some of the green in reality. 🕵🏻♂️ https://twitter.com/durumcrustulum/status/1514206448137478149
We’ve (@BlockchainComns) have had interns & contributors from Ethiopia. Already on our roadmap this summer is more support & documents on pseudonymous development best practices (some done in last year’s internship program and available now). https://twitter.com/durumcrustulum/status/1514208918167248896
This our current guide, lead by @namcios https://github.com/BlockchainCommons/Pseudonymity-Guide
😂 https://twitter.com/durumcrustulum/status/1514250869230907396
RT @gtank__: Efficient new CRLs and approximate set representations from ribbon filters. Always within 11% of optimal, available in Rust un…
The current proprietary silicon ARM processors are not good enough. We need development of Secure Enclave’s that are inspectable and have some form of open development. @BlockchainComns is planning a virtual Silicon Salon to explore this topic with experts mid-May. Contact me. https://twitter.com/durumcrustulum/status/1514597821667635203
A new low-entry cost journal for academic cryptographic papers is overdue. The current journals (and practices) are insufficient. I’d also like to see more access by practitioners, not just academics. https://twitter.com/durumcrustulum/status/1514615411324559362
Related from @gtank__ https://twitter.com/gtank__/status/1204221342343684096?s=21&t=EA2qSR11gzRK6DxYKKLx_A
I fought to allow for TLS to be used for more than http & used my authority as co-editor of IETF TLS 1.0 to register these used with IANA. It isn’t the fault of TLS, but that there are no incentives or financial support for legacy. And everything becomes legacy someday. https://twitter.com/gtank__/status/1514507625844469764
This why I founded #RebootingwebOfTrust @RWOTEvents 6 years ago. We are making progress, but the legacy can’t be iterated or even refactored. We must go back to first principles. Join us in The Hague September 26th-30th! #RealWorldCrypto https://twitter.com/e7p/status/1514601152339275777
Replying to @e7p and @RealWorldCrypto
I think it is worse than that. I’ll bet 90%+ of that 10% only use PGP for verification of downloaded code & maybe some will signing of code & commits. They are not using PGP for email, with the slight exception of Protonmail to Protonmail which almost does not count.
RT @ChristopherA: @e7p @RealWorldCrypto I think it is worse than that. I’ll bet 90%+ of that 10% only use PGP for verification of downloa…
There are a variety of techniques to avoid nonce problems in cryptographic protocols, ranging from deterministic nonces, VRFs (Verifiable Random Functional), and various zk- & non-zk tricks for provable inclusion of randomness. For instance… https://twitter.com/cronokirby/status/1514605363282161665
…here are some approaches between the transaction coordinator & hardware wallet to prevent the signer from exfilitrating secrets in signature nonces. I hope to add this to @BlockchainComns standards this year: https://medium.com/blockstream/anti-exfil-stopping-key-exfiltration-589f02facc2e
Replying to @e7p and @RealWorldCrypto
I’d rather move to ssh signing of code & commits than continuing to use PGP. We can do better (a goal of #RebootingWebOfTrust) but until then: https://twitter.com/ChristopherA/status/1459578822588731394
Replying to @arcbtc and @killamikemilla
We also a specific set we use called ByteWords to encode binary data (such as cryptographic seeds) as easy-to-recognize, hard-to-confuse words. Bytewords are also well-integrated with QRs and Wallets interoperability UR standards. https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-012-bytewords.md
Replying to @arcbtc and @killamikemilla
There was a really nice demo at #RWOT where you played a game-like 3D scenario in exactly the same way, and it would generate seed words. Easy to memorize.
Replying to @arcbtc and @killamikemilla
Here it is. https://twitter.com/ChristopherA/status/1047643223236083713
Replying to @arcbtc and @killamikemilla
Lots of other ideas in this #RebootingWebOfTrust collaborative paper. We will be meeting again in The Hague in September (see @RWOTEvents): https://github.com/WebOfTrustInfo/rwot6-santabarbara/blob/master/final-documents/DecentralizedAutonomicData.md
I can’t seem to find any presentation, paper link or video to #RealWorldCrypto “Threshold Cryptography as a Service” (Rabin, et al) at the program page or via search. I am very interested in this topic as we are implementing. Does anyone have any link or @ contact info? Thanks!
Replying to @attractfunding
No, it was presented last week at #RealWorldCrypto — @durumcrustulum live blogged about starting at : https://twitter.com/durumcrustulum/status/1514896813018562560
I have found some older work, but I’m seeking the details behind the live blog slides shared by @durumcrustulum last week starting at: https://twitter.com/durumcrustulum/status/1514896813018562560
I particularly am interested as FROST is on @BlockchainComns implementation roadmap for ‘22. FROST uses VSS & there are slides that imply some interesting social key recovery possibilities & other ideas. Don’t know if their tech is compatible with FROST’s VSS or secp256k1.
Replying to @JWWeatherman_
There is also an experimental cli app
mori-clihttps://github.com/BlockchainCommons/mori-cli by former @BlockchainComns intern @negrunch which we used for some testing of these timelock concepts. We will be exploring more this year in hope to add to #SmartCustody scenarios when mature. Support us!
@Caralie_C There are a few days left before our application deadline for our @BlockchainComns internship program. If you know of some good applicants can you pass this on? https://bitcoinmagazine.com/business/blockchain-commons-announces-bitcoin-internship-program
Replying to @claudiorlandi and @satrajit_
I actually did look at this video (slipped parts) but you didn’t bring up FROST. What do you think of it?
I still have not been able to find slides, paper or video for this talk at #RealWorldCrypto - anyone have contact info for Rabin? @KazueSako @josephbonneau PM me if you do. Thanks! https://twitter.com/ChristopherA/status/1516109432387616768
Replying to @claudiorlandi and @satrajit_
I’d still be interested in your approach. Does your threshold ECDSA also do a Peterson VSS? We’d like to puzzle out how to do this safely with support from cloud services. Do you have slides or a paper?
RT @claudiorlandi: @ChristopherA @satrajit_ Slides of the talk: https://cse.iitkgp.ac.in/ncsam/slides/talk-3-claudio-orlandi.pdf
Main papers described: https://eprint.iacr.org/2019/889 http…
RT @TBD54566975: The Break Down: What are DIDs?
Tomorrow is the last day for applications to our Blockchain Commons internship program starting next month. We have applicants from all over the world, and not only engineers but students with other skills to bring to our community. Share if know someone who should be involved! https://twitter.com/ChristopherA/status/1511765254744682499
I’m pleased to hear that PETS (Privacy Enhancing Technologies Symposium) will be moving out of the academic publishing straightjacket to open access. As a non-academic who has dabbled in academia, having so much quality work behind paywalls hurts our work towards a better future. https://twitter.com/PET_Symposium/status/1517919439274102785
I’ve mixed feelings about MetaMask moving to closed source. Yes, we need funding models for infrastructure, but Consensys has already made a fortune of off tokens. I also really don’t like their risky privacy & security architecture. We need a better solution to both problems! https://twitter.com/MetaMask/status/1296586344299294720
I’ve also long been concerned about the centralized nature of Metamask, Infura & Consensys. There also really is no transparency. If anything we need funding models that also support open development (just open source isn’t good enough), not moving to closed decisions.
…will be hard. Metamask and almost all derivatives suffer from hot keys, key reuse, confused deputy problems, and more. Can be solved (it is not inherently an ETH blockchain problem but a wallet design problem) but expensive.
Blockchain Commons has been investigating with the support of our Sustaining Patrons if we could offer a superior architecture for ETH (and related account based chains). We certainly can (and will) offer #SmartCustody advice as best practices, but to replace architecture…
Replying to @edmundedgar, @LefterisJP and @rotkiapp
Replying to @AnastasiaU and @GetBlockWallet
Don’t forget @BlockchainComns — we create open & interoperable, secure & compassionate, digital infrastructure and advocate for human dignity online by enabling people to control their own digital destiny.
It has gotten to the point where I believe sales of tokens promised to hardware vendors & exchanges make more cash than any profits from the product. Great for getting a funding for a wallet company going, but what about long term? The incentives are biased against the consumer.
Though I don’t see any particularly exciting features in the technology behind @CeloOrg $CELO token, I can see a niche appeal of a token for local economies, ecology, web3, etc. But how do we evaluate that? Approval by @Ledger is helpful signal, but was that blessing paid for?
I appreciate the hard work Ledger & other hardware wallet vendors do to support cryptocurrency ecosystems. However, the practice of being paid to add a token or currency results in incentives that are harmful for long-term support of wallet infrastructure. Needs transparency! … https://twitter.com/Ledger/status/1518922851096711169
So what #transparency standards should we ask of our wallet vendors? Compensation, supply chain, chips, open source used, design principles? @BlockchainComns has started some case studies on different wallets—what other information do we need to add? https://github.com/BlockchainCommons/SmartCustody/blob/355b64c721aebc720c0dd586d0f57d82cda923b5/Docs/Case-Studies-Overview.md
This is also related to my concerns about other parts of the cryptocurrency ecosystem, such as the recent change by Consensys to take the dominant ETH Metamask wallet to closed source. #Transparency is missing! https://twitter.com/ChristopherA/status/1518719716407136256
I don’t know how to solve this problem, but #transparency would help. I’d be much more likely to purchase (and recommend) wallet hardware where I can possibly understand the economic biases and make decisions accordingly.
And as always, your ongoing support is needed to continue our work. Become a monthly patron of @BlockchainComns at https://GitHub.com/sponsors/BlockchainCommons!
Let us know what else you want to see in these case studies, and get your wallet vendors to support us to be able to offer more of them, and keep them up to date. https://twitter.com/ChristopherA/status/1491828888984379406
Replying to @kanzure
In theory, you could have a large number of heterogeneous computers at many locations participate in a DKG (distributed key generation, like what is created in the first steps of FROST multisig) to always sign for you. That is the concept behind white-city https://github.com/ZenGo-X/white-city/blob/master/White-City-Report/whitecity_new.pdf
Replying to @kanzure
In practice, I think it is too easy to deny with large k of m thresholds due with DDOS, network partition attacks, latency etc. So having some additional hardware trust for smaller quorums and faster latency is useful.
Replying to @kanzure
/cc @zmanian
Replying to @cronokirby
Replying to @cronokirby
Replying to @cronokirby
Replying to @cronokirby and @espadrine
Implementions in multiple languages https://github.com/BlockchainCommons/LifeHash
Replying to @btcitadad
Support @BlockchainComns — we create open & interoperable, secure & compassionate digital infrastructure and advocate for human dignity online by enabling people to control their own digital destiny. https://www.blockchaincommons.com
RT @Hacxyk: 11/n
DeFi hacks are reckless. Even after being examined by best-of-the-best researchers in the space, there’s still loopholes t…